What is a Privacy Impact Assessment?
A Privacy Impact Assessment (PIA) is a process that helps an organization to determine whether new technologies, information systems, initiatives and program changes are compliant with privacy legislation and meet basic privacy requirements.
The goal of a PIA is to effectively identify and mitigate privacy risks. A PIA is intended to contribute to senior management’s ability to make fully informed policy, system design and procurement decisions.
Conducting a PIA will benefit when:
1. Designing a new program or service that involves the collection, use and disclosure of personal information or personal health information;
2. Making significant changes to a program or service such as converting from a conventional service delivery mode to electronic service delivery mode that involves the collection, use and disclosure of personal information or personal health information;
3. Changing the way you collect, use or disclosure personal information or personal health information;
4. Anticipating that the public may have privacy concerns regarding a new or modified program or service;
5. Introducing changes to the business systems or infrastructure architecture that affect the physical or logical separation of personal information or personal health information, or the security mechanisms used to manage and to control access to personal information or personal health information.
A PIA helps to:
1. Ensure that privacy is built in at the outset of any new program or service;
2. Assure the public that their privacy is safeguarded;
3. Reduce the risk of non-compliance;
4. Avoid costly redesigns of programs and services;
5. Assist senior management in making fully informed decisions;
6. Promote an awareness and understanding of privacy issues.
Fill in the Privacy Impact Assessment Checklist and submit it to the Access and Privacy Office. Someone from the Access and Privacy Office will be in touch with you to guide you through the PIA process.
Last Updated: March 16, 2015