What is a Privacy Impact Assessment? A Privacy Impact Assessment (PIA) is a method of assessing a system or process for risks to individual privacy or personal information. It is most often carried out when introducing a new computer system to check that personal information is collected fairly, handled with sufficient security, shared appropriately, transmitted safely, kept accurate, up to date and future-proofed as long as required and deleted when no longer needed.
The Information Commissioner recommends that organisations carry out a PIA where risks may arise due to the nature of the information or the size of the project. A PIA will help you to:
PIAs are mandatory for projects in central government and recommended for other organisations to ensure compliance with the Data Protection Act, the Human Rights Act, the Regulation of Investigatory Powers Act and Electronic Communications Regulations.
A PIA can be scaled down for small projects but to be effective in preventing and minimising risks it should comprise multiple stages:
If your project manages information about people, whether employees, customers, citizens or patients, a PIA is the best way to assure the privacy of their data.
Cimtech can conduct a Privacy Impact Assessment for you. We can deliver a PIA for a single project, we can oversee and validate your own Privacy Impact Assessment or we can help you set up a procedure for an internal PIA process appropriate to your organisation, the nature of the information you manage and the different sizes of project you undertake.
We can include Privacy Impact Assessments in our Project Management and Project Assurance provision (see separate Information Sheet). In addition to helping to keep your project on track and compliant we will provide privacy assessment input at the appropriate stages from start-up to implementation review.