What is a Privacy Impact Assessment (PIA)?
A PIA is a tool used to assess the privacy impact and risks to the personally identifiable information (PII) stored, used, and exchanged by information systems. A PIA evaluates privacy implications when information systems are created, when existing systems are significantly modified, or new technology is purchased.
Here are just a few benefits of a PIA:
+ It provides a proactive approach to privacy management.
+ It evaluates whether appropriate privacy protections and necessary mitigation or safeguards are present.
+ It applies privacy requirements, complementing organization-wide compliance activities (e.g. HIPAA privacy, etc.)
+ It enhances current data inventories of information collected, used, stored, and exchanged by systems.
+ It provides opportunity for additional education and awareness about privacy.
When should a PIA be conducted?
To be effective, a PIA should be an integral part of the project planning process. It should be conducted to evaluate information privacy and security throughout the lifecycle of a system, product or project, or when sharing or exchanging PII with other organizations or Departments.
A Department should:
+ Start early to ensure that project risks are identified and appreciated before the problems become embedded in the design.
+ Incorporate a PIA into the project initiation phase
+ Start today if the project is already underway, so that any major issues are identified with the minimum possible delay.
Please click below to download the most recent PIA form.
Privacy Impact Assessment (Download Adobe Fillable Form. Misalignments of the forms fields, visible on webpage, will be corrected in the downloaded document.)
Submission instructions are included in the document.
Please contact Lori Tarr for information on completing the PIA. (firstname.lastname@example.org)