West Virginia State Privacy Office

Privacy Impact Assessment (PIA)

What is a Privacy Impact Assessment (PIA)?

A PIA is a tool used to assess the privacy impact and risks to the personally identifiable information (PII) stored, used, and exchanged by information systems. A PIA evaluates privacy implications when information systems are created, when existing systems are significantly modified, or new technology is purchased.

Here are just a few benefits of a PIA:

+ It provides a proactive approach to privacy management.
+ It evaluates whether appropriate privacy protections and necessary mitigation or safeguards are present.
+ It applies privacy requirements, complementing organization-wide compliance activities (e.g. HIPAA privacy, etc.)
+ It enhances current data inventories of information collected, used, stored, and exchanged by systems.
+ It provides opportunity for additional education and awareness about privacy.

When should a PIA be conducted?
To be effective, a PIA should be an integral part of the project planning process. It should be conducted to evaluate information privacy and security throughout the lifecycle of a system, product or project, or when sharing or exchanging PII with other organizations or Departments.
A Department should:
+ Start early to ensure that project risks are identified and appreciated before the problems become embedded in the design.
+ Incorporate a PIA into the project initiation phase
+ Start today if the project is already underway, so that any major issues are identified with the minimum possible delay.

The Privacy Impact Assessment is a new program. We welcome your feedback and suggestions for improvement.

Privacy Impact Assessment Guidance

Privacy Impact Assessment Tool
Please contact Lori Tarr for information on completing the PIA. (lori.l.tarr@wv.gov)

Privacy Impact Assessment Training
Power Point Slides: Part 1Part 2
Test your knowledge! Privacy Quiz