The Privacy Professional

Privacy impact assessments (PIAs) are a tool that can be used to identify and reduce privacy risks. A PIAs can reduce the risks of harm to individuals by preventing the misuse of their personal information. PIAs are an integral part of taking a privacy by design ( PbD ) approach. They are used to design more efficient and effective processes for handling personal data. The use of PIAs is not something new, in fact the process has been used by a number of companies, entities and governments for over forty years now.  The PIA was created by the United States Office of Technology Assessment. The U.S. office of Management and Budget (OMB) publishes guidance on the implementation the privacy provisions by Federal Agencies under E-Government Act of 2002, including when to conduct a PIA. Under GDPR,  PIAs have become a centerpiece and necessary in certain situations. A PIA must be completed if a company is doing one of the following: Data controller or the data processor o

Risk Assessment Stages  First, we must determine if there is a need for the risk assessment to be performed. Then, we will need to describe the flow of information (data life cycle) such as collection, processing, storage, usage and deletion. Next, we will identify privacy and related risks –including threats and vulnerabilities. Moreover, recording and summarizing risk assessment findings in a digestible, concise and readable format for the end user is necessary step. Finally, implementing the assessment findings and solutions into the project plan is the last step.