Were institutions prepared to cope right away with the potential risks identified in the review?
• For the most part, yes. The review revealed that many strategies and best practices were already in place to meet challenges posed by today’s transborder data flows. • Existing best practices included the segregation of personal information from other records held by contractors; audit trails to closely monitor how information is being handled; approval by the government of any subcontracting; the signing of non-disclosure agreements and the use of encryption technology allowing only government officials to view data. • Some institutions that process particularly sensitive information ensure that the information is never removed from a federal government site.