Privacy Impact Assessments

1. What is a PIA?

A Privacy Impact Assessment or PIA is a process meant to determine the amount of risk inherent in a particular proposed activity or product. The goal of this is to find the risk before it becomes an issue, taking a proactive role. This type of preemptive measure is best described in frameworks such as Privacy by Design.

2. Privacy Ref’s Hosted PIA

The Hosted PIA Service is both a cost-saving measure and an effective means to quickly implement privacy impact assessments for an organization. There are two components to this service, performing PIAs and the administration of the PIAs.

2.1 Performing PIAs

Once a new project or activity is launched, a PIA should be run. This should find any particular risks that this project poses to the organization or the data subject. Privacy Ref will help to run the PIA by working with the owners of the particular project, either a business group or individual at your organization. Privacy Ref will walk these individuals through the process to make sure questions are answered correctly.
The PIA will generate findings of potential risks as well as additional information required if necessary. Privacy Ref has created feedback forms for record-keeping purposes that can be customized. These act as a way to track PIAs as well as maintain records for regulatory purposes.

2.2 PIA Administration

Prior to performing a PIA, the actual survey will need to be set up. Privacy Ref will take this responsibility and make sure that PIA surveys are ready to go when needed.
Additionally, after a survey is completed, Privacy Ref will be able to analyze surveys or assessments to determine if further work is needed or risks need to be mitigated. Privacy Ref will also monitor the instance for new surveys or assessments that have been completed by individuals at your organization.