130 likes | 133 Views
The Value in Conducting a Privacy Impact Assessment. Rachael Gallagher Senior Policy Officer 2 December 2014. Introduction. What is a PIA? What is Privacy? What are the benefits? What types of projects? Who should be responsible?. Code of Practice. Privacy by design
E N D
The Value in Conducting a Privacy Impact Assessment Rachael Gallagher Senior Policy Officer 2 December 2014
Introduction • What is a PIA? • What is Privacy? • What are the benefits? • What types of projects? • Who should be responsible?
Code of Practice • Privacy by design • From Handbook to Code of Practice
The PIA process Consultation
Consultation Internal stakeholders External stakeholders End users Data subjects Representative groups Interest groups General public Regulators • Project board • Engineers, developers • IT • Procurement • Suppliers / data processors • Comms team • Frontline staff • Corporate Governance • Senior management
Identify need for a PIA 1 The PIA process • Establish objectives, outcomes and outputs early • Screening questions • Management support
Describe information flows 2 The PIA process • Types of personal data • Use of those data • Information asset register • Data controller?
Identify privacy risks 3 The PIA process • Risk management tools/methodology • ICO guidance • Other standards and guidance • Types of risk • Individuals • Compliance • Corporate
Identify privacy solutions 4 The PIA process • Accept • Reduce • Eliminate
Record PIA outcomes, and sign-off 5 The PIA process • Document status of each risk • Determine solutions • Record reasons • Sign-off • Publication
Integrate PIA outcomes into project plan 6 The PIA process • Recommendations integrated into project plan • Review PIA at key stages • Final evaluations
Conclusions • Way of complying with data protection obligations • Method of Good Practice • Can reduce costs • Publish where appropriate • Promotes trust
Keep in touch Information Commissioner’s Office 3rd Floor,14 Cromac Place, Gasworks, Belfast BT7 2JB. Tel: 028 90278757 / 0303 123 1114 Email: ni@ico.org.uk Subscribe to our e-newsletter atwww.ico.org.uk or find us on… • www.twitter.com/iconews