The principle of information security safeguards is a key information privacy principle
contained in every privacy legislation measure, framework, and guideline. This principle
requires data controllers to use an adequate level of safeguards before processing personal
information. However, privacy literature neither explains what this adequate level is nor
how to achieve it. Hence, a knowledge gap has been created between privacy advocates
and data controllers who are responsible for providing adequate protection