Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Impact Assessments Dean Machin, Practice Manager, Trilateral UK Learning Analytics Network, Bradford 19 Oct 2015 1.

Published byImogen Lane Modified over 8 years ago

Similar presentations

Presentation on theme: "Privacy Impact Assessments Dean Machin, Practice Manager, Trilateral UK Learning Analytics Network, Bradford 19 Oct 2015 1."— Presentation transcript:

1 Privacy Impact Assessments Dean Machin, Practice Manager, Trilateral UK Learning Analytics Network, Bradford 19 Oct 2015 1

2 What is PIA? A PIA is a systematic attempt to understand the privacy risks of a project, policy, programme, product or service More formally … A process for assessing the impacts on privacy Culminating in a written report with recommendations Process involves Interviewing stakeholders Understanding product/service etc. Understanding policies and procedures Legal compliance check

3 Why do a PIA? Identify material risks, e.g., unthought-of risks 1.Recommend remedial actions 2.Or just make an organization aware of risks Legal requirement Recommendation (JISC Code of Practice) ICO Code of Practice – where there is some privacy impacting technology Public assurance 3

4 United Nations High Commissioner for Refugees (UNHCR) Cash Intervention Program Cash is given to refugees; Refugees are vulnerable – and cannot really opt out; Some assistance has conditions attached; Key questions for a PIA Who gets the refugees’ personal data? How do they store it? What do they do with it? Do they share it with others? What policies and procedures are in place to ensure they handle personal data properly? 4

5 Informational privacy risks (Conducting privacy impact assessments: code of practice [ICO, 2014], pp.5-8) Risks occur where Data collected is excessive or irrelevant; Data is used in ways that are unacceptable to or unexpected by the data subject; Data is disclosed to those the data subject would not want to have it; Harm can be material but it can also occur where there is a ‘loss of personal autonomy or dignity or exacerbate fears of excessive surveillance.’(ibid., p.7) 5

6 Learning analytics – key PIA questions Purpose: what is the data collected for? Improve retention and grades; Is the data collected required for the purpose? Caring responsibilities, use of cashless payment cards, levels of university social engagement; Will it be used for other purposes? References, staff assessment; Are the relevant stakeholders aware of these other purposes? 6

7 Learning analytics – key PIA questions Who will have access to the data? Heads of Departments for staff assessment? Do students know/accept how the data will be used? Demographic data; To whom will the data be disclosed? Potential employers; 7

8 Why should universities do their own PIAs? Universities will use learning analytics in different ways Something will go wrong and it will make the news – PIAs are one way to reduce the chances of it being your institution As sophisticated data controllers, universities may feel they understand all the relevant issues – a PIA can test this 8

9 Trilateral Partners: David Wright – david.wright@trilateralresearch.comdavid.wright@trilateralresearch.com Kush Wadhwa – kush.wadhwa@trilateralresearch.comkush.wadhwa@trilateralresearch.com Practice Manager: Dean Machin – dean.machin@trilateralresearch.com dean.machin@trilateralresearch.com Our publications: http://trilateralresearch.com/publications/http://trilateralresearch.com/publications/ Our work: http://trilateralresearch.com/our-projects/http://trilateralresearch.com/our-projects/ www.trilateralresearch.com Twitter: @Trilateral_UK +44 207 559 3550

Download ppt "Privacy Impact Assessments Dean Machin, Practice Manager, Trilateral UK Learning Analytics Network, Bradford 19 Oct 2015 1."

Similar presentations

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Child Safeguarding Standards

Child Safeguarding Standards
University Research Ethics Committee Workshop on procedure and data protection issues 30th May 2008.

University Research Ethics Committee Workshop on procedure and data protection issues 30th May 2008.
Policy on preventing discrimination based on Mental health disabilities and addictions Ontario Human Rights Commission.

Policy on preventing discrimination based on Mental health disabilities and addictions Ontario Human Rights Commission.
Philip M. J. Graham Head of Information Communications Technology (ICT) 13 th July 2010.

Philip M. J. Graham Head of Information Communications Technology (ICT) 13 th July 2010.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Hong Kong Privacy Code on Human Resource Management

Hong Kong Privacy Code on Human Resource Management
 Board of Trustees has asked for more focus on financial controls  CES Audit Committee has requested more departmental audits  Likely that one or.

 Board of Trustees has asked for more focus on financial controls  CES Audit Committee has requested more departmental audits  Likely that one or.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
CUMC IRB Investigator Meeting Human Subjects Research Non-Compliance September 15, 2005.

CUMC IRB Investigator Meeting Human Subjects Research Non-Compliance September 15, 2005.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
The Value in Conducting a Privacy Impact Assessment

The Value in Conducting a Privacy Impact Assessment
Purpose of the Standards

Purpose of the Standards
Data Protection Recruitment Process

Data Protection Recruitment Process
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)

Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
The Nuffield Council on Bioethics Report : The collection, linking and use of data in biomedical research and health care: ethical issues. Martin Richards.

The Nuffield Council on Bioethics Report : The collection, linking and use of data in biomedical research and health care: ethical issues. Martin Richards.
Learning Analytics and Assessment Analytics and Feed Forward.

Learning Analytics and Assessment Analytics and Feed Forward.
Workshop on Health Examination Surveys (HES) Legal and ethical issues Susanna Conti, M. Kanieff, G. Rago Istituto Superiore di Sanità (ISS) (National Public.

Workshop on Health Examination Surveys (HES) Legal and ethical issues Susanna Conti, M. Kanieff, G. Rago Istituto Superiore di Sanità (ISS) (National Public.
Privacy and Security Audits/PIAS/TRAS Information Privacy and Data Protection Lexpert Seminar Bruce McWilliamDecember 9, 2013.

Privacy and Security Audits/PIAS/TRAS Information Privacy and Data Protection Lexpert Seminar Bruce McWilliamDecember 9, 2013.

Similar presentations

Ads by Google