Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Impact Assessments (PIAs)

Published byRoland Walton Modified over 6 years ago

Similar presentations

Presentation on theme: "Privacy Impact Assessments (PIAs)"— Presentation transcript:

1 Privacy Impact Assessments (PIAs)
Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) UK Information Commissioner’s Office 14 March 2014

2 What is privacy? Privacy is about the integrity of the individual
Privacy of personal information Privacy of the person Privacy of personal behaviour Privacy of personal communications

3 Why undertake a PIA? Identify and manage risk to individuals’ privacy
Avoid unnecessary costs Avoid inadequate solutions Avoid loss of trust and reputation Support communications strategy Meet legal requirements

4 Code of Practice New Code of Practice launched February 2014
Process Overview Screening Questions / Templates

5 The PIA process Consultation 1 Identify need for a PIA 2
Describe information flows 3 Identify privacy risks 4 Identify privacy solutions 5 Record PIA outcomes, and sign-off 6 Integrate PIA outcomes into project plan

6 Consultation Internal stakeholders External stakeholders Project Team
Data Protection Officer Engineers, developers IT Procurement Suppliers / data processors Comms team Frontline staff Corporate Governance Researchers Senior management End users Data subjects Representative groups Interest groups General public Regulators

7 Fit with the Data Protection Principles
Personal data shall be processed fairly and lawfully obtained only for one or more specified and lawful purposes adequate, relevant and not excessive accurate and, where necessary, kept up to date kept for longer than is necessary processed in accordance with the rights of data subjects protected against unauthorised or unlawful processing and against accidental loss, destruction or damage transferred to a country or territory outside the European Economic Area only where is an adequate level of protection

8 The PIA process Establish objectives, outcomes and outputs early
1 Identify need for a PIA Establish objectives, outcomes and outputs early Screening questions Management support

9 The PIA process Types of personal data Use of those data
2 Describe information flows Types of personal data Use of those data Information asset register Data controller?

10 The PIA process Risk management tools/methodology
3 Identify privacy risks Risk management tools/methodology ICO guidance on particular risk areas Other standards and guidance Types of risk Individuals Compliance Corporate

11 The PIA process Accept Reduce Eliminate
4 Identify privacy solutions Accept Reduce Eliminate Cost:Benefit Analysis / Proportionality Data Sharing Code of Practice Anonymisation Code of Practice A

12 The PIA process Document status of each risk Determine solutions
5 Record PIA outcomes, and sign-off Document status of each risk Determine solutions Record reasons Sign-off Publication

13 The PIA process Recommendations integrated into project plan
6 Integrate PIA outcomes into project plan Recommendations integrated into project plan Review PIA at key stages Final evaluations

14 Keep in touch Head Office: 0303 123 1113 / casework@ico.org.uk
Northern Ireland / Scotland / Wales /

Download ppt "Privacy Impact Assessments (PIAs)"

Similar presentations

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
TEAM 4 Case Study Mauritius: Mrs Nandini Kissoon-Luckputtya

TEAM 4 Case Study Mauritius: Mrs Nandini Kissoon-Luckputtya
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Getting data sharing right for every child

Getting data sharing right for every child
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.

Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.

University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.
The Value in Conducting a Privacy Impact Assessment

The Value in Conducting a Privacy Impact Assessment
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.

The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
The Information Commissioner’s Office David Evans.

The Information Commissioner’s Office David Evans.
Implementation of Security and Confidentiality in GP Practices.

Implementation of Security and Confidentiality in GP Practices.
Health & Social Care Apprenticeships & Diploma

Health & Social Care Apprenticeships & Diploma
Care.Data an ICO Update EMIS National User Group Conference East Midlands Conference Centre Nottingham 3 rd October 2013 Lynne Shackley Lead Policy Officer.

Care.Data an ICO Update EMIS National User Group Conference East Midlands Conference Centre Nottingham 3 rd October 2013 Lynne Shackley Lead Policy Officer.
Research Paper Presentation Software Engineering in agent systems.

Research Paper Presentation Software Engineering in agent systems.
Computers, the law and ethics  Lesson Objective: Understand some of the legal & ethical issues in developing computer systems  Learning Outcome: Know.

Computers, the law and ethics  Lesson Objective: Understand some of the legal & ethical issues in developing computer systems  Learning Outcome: Know.
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.

Similar presentations

Ads by Google