Forgot your password?
New user?
Document Actions
Privacy Impact Assessments
Although the precise definition may vary from jurisdiction to jurisdiction, a privacy impact assessment (“PIA”) can be defined as “an assessment of any actual or potential effects that an activity or proposal may have on individual privacy and the ways in which any adverse effects may be mitigated.” Blair Stewart, Privacy impact assessments, Privacy Law and Policy Reporter (1996).
PIAs are used to evaluate the privacy impact of computerization or data collection projects proposed by government entities, in the same way that environmental impact assessments are used to identify and evaluate the environmental impact of projects like dams or highways. PIAs may be appropriate, for example, when planning a new public health database, when adding new biometric features to a national ID card, or when establishing an online job application program or an e-Payment system. PIAs are being used in Hong Kong, Canada, New Zealand, Australia, and the United States.
Specifically, the PIA is an evaluation that is conducted to assess how the adoption of new information policies, the procurement of new computer systems, or the initiation of new data collection programs will affect individual privacy. It starts with a description of the proposed project, the types of personal data that will be collected or used, and how they will be disseminated or retained. To the extent that the proposed action or program is found to pose a risk to privacy, the PIA reviews the technical, procedural or other safeguards that can be adopted to protect privacy and recommends how to implement the system in a manner consistent with fair information practices.
Privacy Impact Assessments – Resources:
Back to Beginning of Chapter
PIAs are used to evaluate the privacy impact of computerization or data collection projects proposed by government entities, in the same way that environmental impact assessments are used to identify and evaluate the environmental impact of projects like dams or highways. PIAs may be appropriate, for example, when planning a new public health database, when adding new biometric features to a national ID card, or when establishing an online job application program or an e-Payment system. PIAs are being used in Hong Kong, Canada, New Zealand, Australia, and the United States.
Specifically, the PIA is an evaluation that is conducted to assess how the adoption of new information policies, the procurement of new computer systems, or the initiation of new data collection programs will affect individual privacy. It starts with a description of the proposed project, the types of personal data that will be collected or used, and how they will be disseminated or retained. To the extent that the proposed action or program is found to pose a risk to privacy, the PIA reviews the technical, procedural or other safeguards that can be adopted to protect privacy and recommends how to implement the system in a manner consistent with fair information practices.
Privacy Impact Assessments – Resources:
Treasury Board of Canada Secretariat, “PIA Audit Guide.”
Treasury Board of Canada Secretariat, “PIA e-Learning tool.”
Access & Privacy Office for Ontario (Canada), “PIA guidelines and a toolkit.”
Treasury Board of Canada Secretariat, “PIA e-Learning tool.”
Access & Privacy Office for Ontario (Canada), “PIA guidelines and a toolkit.”
Back to Beginning of Chapter