the solution

From the Executive Director

Privacy Impact Assessments are crucial for legal compliance

Agencies should undertake privacy impact assessments whenever they:

  •          change existing processes and procedures
  •          plan for or commence a new project, which usually involves some personal and/or health information
  •          collect or deal with personal information and/or health information.

 

A privacy impact assessment (PIA) helps agencies identify, assess and mitigate the impact that a project may have on the privacy of individuals. It involves agencies considering in detail elements of the project and, in particular, the extent to which a project involves the handling of personal or health information.  Each PIA will vary according to a range of factors, such as the nature and complexity of the project, the size of the agency, its resources, and the extent of personal or health information involved in a project. 

 

PIAs are best conducted as soon as practicable. By doing this at an early stage it will enable early identification of privacy risks before they occur and putting in place mitigation to reduce or eliminate risks. 

 

PIAs might also be required if there are any changes along the way as projects evolve. For instance, after an initial assessment is done, the project might change or expand. Revisiting and updating the PIA should the occur. 

 

There are many benefits to undertaking a PIA. In addition to allowing agencies to identify and mitigate privacy risks, they:

  •          help agencies comply with privacy laws and associated privacy principles
  •          reduce the potential negative publicity which may arise from a privacy breach
  •          reduce potential legal costs which could arise from a subsequent privacy breach
  •          improve information handling practices and build public trust and confidence
  •          allow agencies to fulfil a project’s goals without unnecessarily impacting on privacy
  •          enable agencies to demonstrate their commitment to privacy
  •          promote awareness and understanding of privacy issues within an agency.

 

Although not essential, it is advisable that PIAs are conducted by lawyers to ensure compliance with privacy laws. One added benefit is that communications with your lawyers about PIAs, and the advice provided, would be subject to legal professional privilege. This benefit will not arise if you seek assistance from non-lawyers.

 

If you need any assistance with conducting a PIA, or need any advice on how to mitigate any privacy risks you may have identified independently, feel free to contact us. 

 

Mick Batskos

Executive Director