1 / 13

The Value in Conducting a Privacy Impact Assessment

The Value in Conducting a Privacy Impact Assessment. Rachael Gallagher Senior Policy Officer 2 December 2014. Introduction. What is a PIA? What is Privacy? What are the benefits? What types of projects? Who should be responsible?. Code of Practice. Privacy by design

pearsonb
Download Presentation

The Value in Conducting a Privacy Impact Assessment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Value in Conducting a Privacy Impact Assessment Rachael Gallagher Senior Policy Officer 2 December 2014

  2. Introduction • What is a PIA? • What is Privacy? • What are the benefits? • What types of projects? • Who should be responsible?

  3. Code of Practice • Privacy by design • From Handbook to Code of Practice

  4. The PIA process Consultation

  5. Consultation Internal stakeholders External stakeholders End users Data subjects Representative groups Interest groups General public Regulators • Project board • Engineers, developers • IT • Procurement • Suppliers / data processors • Comms team • Frontline staff • Corporate Governance • Senior management

  6. Identify need for a PIA 1 The PIA process • Establish objectives, outcomes and outputs early • Screening questions • Management support

  7. Describe information flows 2 The PIA process • Types of personal data • Use of those data • Information asset register • Data controller?

  8. Identify privacy risks 3 The PIA process • Risk management tools/methodology • ICO guidance • Other standards and guidance • Types of risk • Individuals • Compliance • Corporate

  9. Identify privacy solutions 4 The PIA process • Accept • Reduce • Eliminate

  10. Record PIA outcomes, and sign-off 5 The PIA process • Document status of each risk • Determine solutions • Record reasons • Sign-off • Publication

  11. Integrate PIA outcomes into project plan 6 The PIA process • Recommendations integrated into project plan • Review PIA at key stages • Final evaluations

  12. Conclusions • Way of complying with data protection obligations • Method of Good Practice • Can reduce costs • Publish where appropriate • Promotes trust

  13. Keep in touch Information Commissioner’s Office 3rd Floor,14 Cromac Place, Gasworks, Belfast BT7 2JB. Tel: 028 90278757 / 0303 123 1114 Email: ni@ico.org.uk Subscribe to our e-newsletter atwww.ico.org.uk or find us on… • www.twitter.com/iconews

More Related