'The Science' of Privacy Impact Assessment (PIA) - Part 2
What is PRIVACY IMPACT ASSESSMENT?
Privacy impact assessment (PIA) is an assessment of privacy related risks. To carryout PIA, four distinct assessments should be completed, comprising:
1. Assessment of the project’s characteristics or features such as technologies or mechanisms deployed or intended of use in the project. This assessment is to check if the technologies or mechanisms to be deployed in the project would be privacy invasive.
2. Assessment of a project’s compliance with privacy regulations, state, federal, national, bilateral or multilateral privacy legislations. This relates to compliance with privacy regulations and legislations, especially those that operate where the project is located or situated. For example, the Data Protection Act 1998 in the UK or the ‘the Privacy Act’ in the US, or other privacy related pieces of legislations in other parts of the world, such as Canada, Australia and Germany.
3. Assessment of personal information data being processed, or to be processed by the project. For example, is personal information data collected identifiable or not; are they sensitive personal data; are they ‘obsolete’ but identifiable personal data etc.
4. Finally, it is an assessment of the collection, sharing, distribution, storage, transportation and destruction of personal information data, and whether the processing of personal information is in line with privacy legislations.
It is important to mention that PIA assessment can be carried out for a project, programme, task, policy, platform or ICT System.
Privacy impact assessment (PIA) is an assessment of privacy related risks. To carryout PIA, four distinct assessments should be completed, comprising:
1. Assessment of the project’s characteristics or features such as technologies or mechanisms deployed or intended of use in the project. This assessment is to check if the technologies or mechanisms to be deployed in the project would be privacy invasive.
2. Assessment of a project’s compliance with privacy regulations, state, federal, national, bilateral or multilateral privacy legislations. This relates to compliance with privacy regulations and legislations, especially those that operate where the project is located or situated. For example, the Data Protection Act 1998 in the UK or the ‘the Privacy Act’ in the US, or other privacy related pieces of legislations in other parts of the world, such as Canada, Australia and Germany.
3. Assessment of personal information data being processed, or to be processed by the project. For example, is personal information data collected identifiable or not; are they sensitive personal data; are they ‘obsolete’ but identifiable personal data etc.
4. Finally, it is an assessment of the collection, sharing, distribution, storage, transportation and destruction of personal information data, and whether the processing of personal information is in line with privacy legislations.
It is important to mention that PIA assessment can be carried out for a project, programme, task, policy, platform or ICT System.
posted by Cyril at 1:13 PM
0 Comments:
Post a Comment
<< Home