Privacy Impact Assessment (PIA)

What is a Privacy Impact Assessment (PIA)?

A Privacy Impact Assessment (PIA) is a process used to evaluate and manage privacy impacts, and to ensure compliance with privacy protection rules and responsibilities.

A PIA should be completed when any of the following activities occur:

  1. Developing, or procuring any new technologies or systems that handle or collect personal information.
  2. A PIA is required for all submissions. The PIA should show that privacy was considered from the beginning stage of system development.  If a program is beginning with a pilot, a PIA is required prior to the commencement of the pilot test.  
  3. Developing system revisions. If an existing system is modified, a PIA may be required.
  4. Initiating a new electronic collection of information in identifiable form.
  5. Issuing a new or updated rule-making that affects personal information.

Privacy Impact Assessment Template (non-ministry public bodies)

Privacy Impact Assessment (PIA) Process

  1. Prior to completing a PIA, please consult with your Dean/Chair or direct supervisor first. Selkirk College may already have an existing solution in place to meet your needs.
  2. Complete the attached PIA (Business Owner). We recommend contacting the vendor to complete any technical / internal process portions of the PIA.
  3. Submit to privacy@selkirk.ca for review.

Note: A completed and approved PIA is only the start of the process of adopting new processes and technologies. Further discussions around resourcing, timelines and scope of work should be initiated with stakeholders including IT Services separately to the PIA.

IT Services is not responsible for integration work on completion of PIAs.

Related Articles