The principle of information security safeguards is a key information principle contained in every privacy legislation measure, framework, and guideline. This principle requires data controllers to use an adequate level of safeguards before processing personal information. However, privacy literature neither explains what this adequate level is nor how to achieve it. Hence, a knowledge gap has been created between privacy advocates and data controllers. This paper takes a step to bridge the aforementioned knowledge gap by presenting an analysis of how data protection and privacy commissioners have evaluated the level of adequacy of security protection given to personal information in selected privacy invasive cases. This study addresses security measures used to protect personal information against accidental incidents. This analysis also lays a foundation for building a set of guidelines for data controllers on designing, implementing, and operating both technological and organizatio...