1

The Privacy Impact Assessment Guidelines

Guy HerrigesManager, Information and Privacy Office of the Corporate Chief Strategist, MBSNovember 2000

2

Why do a PIA?• New technologies are transforming

how we do business• Promise of greater efficiency, integration,

effectiveness, and responsiveness

• But they are also raising new concerns about privacy

• We need to address these concerns to ensure success– PIA provides a methodology for identifying and

addressing privacy issues at every stage in a project

3

Managing Privacy Risk• Privacy Impact Assessment (PIA) is

the best tool at our disposal• Evidence-based decision-making instrument

that considers both technical compliance with privacy requirements and public expectations– generates/communicates confidence that privacy

objectives have been met, – takes variety of perspectives into account,– promotes fully informed policy decision-making and

system design choices,– helps ministries to adequately anticipate public

reaction to the privacy implications of a given proposal by considering all perspectives

4

Possible Indicators of the Need to do a PIA

• Creation/modification of databases containing personal information;

• Proposals involving identification or authentication schemes;

• Program/service channel redesign or merger - single window;

• The use of smart cards;• New delivery structures or partnerships,

including devolution;• Technology changes;• Common infrastructure projects

5

MBS Requirements

• A PIA is required where proposals may affect client privacy

• Privacy is affected by any substantive change to the collection, use, or disclosure of personal information

• Ministries/Cluster CIO determines whether a PIA is required

6

Perspectives on Privacy• A variety of perspectives inform

debates around privacy• Legal perspective - compliance with privacy

rules• Consumer perspective - privacy as a

consumer protection issue and fairness in the marketplace, especially in e-commerce

• Rights-based perspective - privacy as a right in itself and in relation to other rights (e.g. free association, autonomy)

• Public policy issue - management of privacy risk, public expectations, and building public confidence and trust

7

Components of the PIA1. Proposal analysis 2. Data flow analysis

• Outline how and when information is collected, used, and disclosed

3. Compliance Analysis• Verify technical compliance with statutory

requirements and broader conformity with general privacy principles

4. Risk Management Strategy• Identify privacy risks and propose solutions

8

Proposal Analysis

• Under development• Description of Essential Aspects of a

Proposal • Environmental/Issues Scan• Identification of Significant Privacy

Issues

9

Data Flow Analysis• Business Process Diagrams

identifying major components of a business process

• Documented data flow • Identification of specific personal data

elements or clusters of data and their collection, use and disclosure

10

Person/orginfo

Directory

WIN

certs Info MailedHome

InteractiveVoice Response

Person

authorizationcodes

PKI Bulk Enable

authorizationcodes

CredentialArchive

Credential,authorization

code

Samples from Projects

11

A .2 In fo r m a t io n C o l le c t io n I f N o t D ir e c t ly C o l le c te d Is th e P e r s o n a l In fo r m a t io n ( P I ) In d ir e c t ly C o lle c t f r o m :

C o lle c t io n is p e r f o r m e d b y W h a t is th es t a tu t o r ya u th o r i t y f o r th ed ire c t c o l le c t io na n d /o r in d ir e c tc o l le c t io n ?

Is t h e P I D ir e c t lyC o lle c te d f r o mc u s t o m e r

[Y e s /N o ]

P u b l ic lyA c c e s s ib leG o v e r n m e n ta lD a t a b a s e sn a m e ( s )

In t r a / In t e rG o v e r n m e n ta lIn fo r m a t io ns h a r in ga g r e e m e n ts -n a m e ( s )

P r iv a te S e c t o rin fo r m a t io ns h a r in ga g r e e m e n tsn a m e ( s )

M u lt i P r o g r a mD a ta M a r ts /W a r e h o u s e s

S u b s c r ip t io nto p r iv a te s e c t o rd a ta s e r v ic e s -n a m e

O t h e r n a m eIte m iz e C u s to m e rP I d is c lo s e d ino rd e r to a c c e s s3 r d p a r t yc u s t o m e r d a tar e c o r d s

D e d ic a te d P ro g r a m S ta f f

Y e s N o

O th e r O P S S ta f f e .g . s ta f f o fa n o th e r p ro g ra m o r m in is t r y .

Y e s N o D e d ic a te d C o n t r a c to r e .g . ac o n t ra c to r w h o w o rk s s o le l yfo r th e p r o g r a m .

Y e s N o G e n e r ic S e r v ic e P r o v id e re .g . a c o n t ra c to r w h o w o rk sfo r m u lt ip le m in is t r ie s o rp ro g r a m s s im u lta n e o u s ly .

Y e s N o C lie n t A g e n t e .g . s o lic ito r ,t r u s te e , p h y s ic ia n , o r o th e rs e rv ic e p r o v id e r .

Y e s N o O th e r

Y e s N o

Page 30 PIA Guide

12

Compliance Analysis • Key questions that interrogate a

proposal’s compliance with privacy legislation and program statutes.

• Identification of broader privacy issues that may raise public concerns.

• Questions organized under privacy principles of CSA Model Privacy Code and Freedom of Information and Protection of Privacy Act

13

Risk Analysis • Summary of conclusions from the

privacy analysis• Legal compliance issues based on

analysis of data flow • Identification of residual risk • Broader privacy risks/stakeholder

reaction• Communications strategy

14

Resource and Skill Requirements• Depends on scope and stage of

project • Range of skills that may be useful on

PIA team include:• Policy Development• Operational Program and Business Design• Technology and Systems• Risk and Compliance Analysis• Procedural and Legal• Access to Information and Privacy

15

Conclusion

• PIA is available from Information and Privacy Office, MBS

• http://www.gov.on.ca./MBS/english/fip/