The Value in Conducting a Privacy Impact Assessment Rachael Gallagher Senior Policy Officer 2 December 2014
Dec 22, 2015
The Value in Conducting a Privacy Impact Assessment Rachael GallagherSenior Policy Officer
2 December 2014
Introduction
• What is a PIA?
• What is Privacy?
• What are the benefits?
• What types of projects?
• Who should be responsible?
Consultation
Internal stakeholders
• Project board• Engineers, developers• IT• Procurement• Suppliers / data processors• Comms team• Frontline staff• Corporate Governance• Senior management
External stakeholders
• End users• Data subjects• Representative groups• Interest groups• General public• Regulators
The PIA process
• Establish objectives, outcomes and outputs early• Screening questions• Management support
1•Identify need for a PIA
The PIA process
• Types of personal data• Use of those data• Information asset register• Data controller?
2•Describe information flows
The PIA process
• Risk management tools/methodology• ICO guidance • Other standards and guidance• Types of risk
– Individuals– Compliance– Corporate
3•Identify privacy risks
The PIA process
• Document status of each risk• Determine solutions• Record reasons• Sign-off• Publication
5•Record PIA outcomes, and sign-off
The PIA process
• Recommendations integrated into project plan• Review PIA at key stages• Final evaluations
6•Integrate PIA outcomes into project plan
Conclusions
• Way of complying with data protection obligations
• Method of Good Practice
• Can reduce costs
• Publish where appropriate
• Promotes trust
www.twitter.com/iconews
Keep in touchInformation Commissioner’s Office
3rd Floor,14 Cromac Place,
Gasworks, Belfast BT7 2JB.
Tel: 028 90278757 / 0303 123 1114 Email: [email protected]
Subscribe to our e-newsletter at www.ico.org.uk
or find us on…