HOME > Publications > Privacy Impact Assessment Guide

Privacy Impact Assessment Guide

August 2006

Table of Contents

• About This Guide
  • 1 How to use
  • 2 Meaning of certain concepts
• Overview of Privacy Impact Assessment
  • 3 What is a PIA?
  • 4 Why do a PIA?
  • 5 Benefits of a PIA
    • Compliance with privacy law
    • Reflecting community values
    • Project risk management
    • Other benefits
  • 6 How does a PIA work?
  • 7 Indicators that a PIA will be important
  • 8 Who does the PIA?
  • 9 Consultation and transparency
• Is a PIA Necessary?
  • 10 Threshold Assessment
• Approaching the PIA
  • 11 Key stages of a PIA
  • 12 Planning the PIA
• Doing the PIA
  • 13 Project description
  • 14 Mapping the information flows
  • 15 Privacy impact analysis
  • 16 Privacy management
  • 17 Recommendations
  • 18 The assessment has been done ... what then?
  • 19 Role of the Office
• Acknowledgements and Resources
  • Acknowledgements
  • PIA Resources
  • PIA Reports (or summaries)
  • Other Privacy Management Resources
• Endnotes

About This Guide

1 How to use

The aim of this Guide is to give Australian Government and ACT Government agencies (agencies) an introduction to Privacy Impact Assessments (PIA). The Guide consists of the following sections and a series of practical modules.

• Overview of Privacy Impact Assessment provides a broad introduction to PIA, including an explanation of what a PIA is, its purpose, when it will be appropriate to conduct a PIA, and its benefits.
• Is a PIA Necessary? discusses making the important threshold assessment as to whether a particular project will require a PIA.
• Approaching the PIA introduces the key stages which will be at the core of most PIAs. The Guide does not impose a particular form of PIA on agencies, but instead recognises the importance of flexibility in any PIA. This section also provides some tips for planning the most appropriate PIA process for a particular project.
• Doing the PIA explains how to do a PIA in more practical detail, including a deeper explanation of the key stages of the process.
• Acknowledgements and Resources provides some useful national and international resources in relation to PIAs.
• Modules A-F are some useful, practical tools which are designed to be used at specific stages of a PIA. The main body of the Guide explains when and how these can be used.

The Guide is designed to be of use to both management and officer level audiences. Generally, the Overview of Privacy Impact Assessment section provides the more general, big picture information about PIAs, and can play the role of an Executive Summary for senior management about PIAs. The other sections, in conjunction with the modules, are designed to extend upon this material, and be of more specific, practical benefit to any staff actually involved in carrying out the PIA.

2 Meaning of certain concepts

Personal information / information privacy - In Australia, federal privacy legislation primarily concerns itself with information privacy, that is, it is designed to regulate the manner in which individuals' personal information is handled. Information privacy is therefore the main regulatory focus of the Office of the Privacy Commissioner (the Office) and this Guide.

The Privacy Act 1988 (Cth) (www.privacy.gov.au/act/privacyact/index.html) defines "personal information" as:

"...information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion."

Personal information does not always need to include an individual's name. It includes information that can be linked to or can identify a specific individual through association or inference.

It is important to note however that, whilst information privacy is the regulatory focus of the Office and this Guide, it is only one aspect of privacy more broadly. For example, there are other types of privacy (such as bodily privacy; territorial privacy; communications privacy).1 Whilst this Guide is primarily designed to address information privacy issues through the PIA process, other types of privacy can also be considered, particularly where such privacy issues may pose risks to the overall success of the project.

Project - The term "project" is used throughout the Guide to describe the activity or function the agency is assessing. A PIA can be applied to any project that handles personal information. The project may be any proposal, review, system, database, program, application, service or agency initiative that includes the handling of personal information.

This symbol simply aims to highlight certain key privacy messages as they appear throughout the Guide, and is designed to act as a pointer to useful summaries of key material.

Overview of Privacy Impact Assessment

3 What is a PIA?

A PIA is an assessment tool that describes the personal information flows in a project, and analyses the possible privacy impacts that those flows, and the project as a whole, may have on the privacy of individuals - it "tells the story" of the project from a privacy perspective.2 The purpose of doing a PIA is to identify and recommend options for managing, minimising or eradicating privacy impacts.

A PIA can help to identify and assess the privacy impacts a project may have, for example, by assisting an agency to identify when the collection of particular personal information is unnecessary to a project, or whether the project lacks appropriate accountability or oversight processes.

A PIA can assist agencies to manage privacy impacts by providing a thorough analysis of the effect of the project on individual privacy and helping to find potential solutions. In many cases, a PIA can help to make a significant difference to the privacy impact of the project whilst still achieving the project's goals. The elements that make up a PIA (including identification, analysis and management of privacy impacts) help agencies to drive good privacy practice and underpin good public policy in their projects.

4 Why do a PIA?

The Privacy Act does not refer to PIAs nor does it require agencies to undertake a PIA. However, the success of an agency's project will depend in part on it complying with legislative privacy requirements and how well it meets broader community expectations about privacy.3 Failure to appropriately address privacy issues can have an impact on the trust of the community and can pose risks to the success of the project.

The risks associated with failing to consider the privacy implications of a project can take many forms, and may include, for example:4

• Failure to comply with either the letter or the spirit of relevant privacy legislation, resulting in a breach of the law and/or negative publicity;
• Stimulating public concern or loss of credibility as a result of a perceived loss of privacy or a failure to meet expectations with regard to the protection of personal information; or
• A need for systems to be redesigned or retrofitted late in the development stage at considerable expense.

A project which underestimates privacy impacts, and as a result makes privacy mistakes or simply gets privacy wrong, can place its overall success at risk by not meeting the test of trust and acceptance by the community, or by breaching privacy legislation. It is therefore in an agency's interests to do a PIA for any projects which involve the handling of personal information.

5 Benefits of a PIA

The over-arching benefit of a PIA is that it allows agencies to identify and analyse privacy impacts during a project's design phase, which in turn assists agencies to determine the appropriate management of any negative privacy impacts and thereby avoid costly or embarrassing privacy mistakes. Dealing with privacy impacts can be challenging for agencies. By conducting a PIA, agencies will be in a much better position to meet those challenges.

Some more specific benefits of conducting a PIA are discussed below.

Compliance with privacy law

A PIA can be a valuable tool to help identify what needs to be done to ensure a project's compliance with privacy legislation and other agency-specific or cross-portfolio legislative requirements.

The Privacy Act, through the Information Privacy Principles (www.privacy.gov.au/act/ipps/index.html) (IPPs),5 provides a minimum level of privacy protection to personal information handled by agencies. Many agencies are also subject to agency-specific legislative requirements that add further privacy protections (such as secrecy provisions), as well as legislative requirements which apply more generally across government.

A PIA helps agencies to identify and make any necessary adjustments during a project's development, so that it will comply with all relevant laws that relate to the handling of personal information. A PIA can include a list of applicable privacy laws and an account of how the data-handling practices of the project, as well as the business rules to carry out those practices, will comply with the specific provisions of these laws.

Further guidance for agencies on compliance with the Privacy Act can be found at www.privacy.gov.au.

Reflecting community values

Compliance with relevant privacy law is fundamental to assessing and managing privacy impacts. Compliance underpins the PIA, but it is not the whole story. Projects can have adverse impacts on the privacy of individuals in many ways, and considerations other than compliance with privacy law may also need to be taken into account when assessing the impact of a project.

As a community and as individuals we value our privacy.6 We try hard to strike a balance between meeting our personal needs and goals, and appreciating what others need or want to know about us. Privacy is valued, not only because it underpins our human dignity, but also because it gives us a measure of control in our everyday interactions as to how our personal information is handled in the wider world.

Conducting a PIA provides agencies with the opportunity to consider the values the community places on privacy - trust, respect, individual autonomy and accountability - and to reflect those values in the project by meeting the community's privacy protection expectations. In determining how to achieve the right balance in a project, agencies should consider the interests of the agency, the broader community and the interests of the individual, and consider taking steps to ensure that the privacy impacts identified do not outweigh the public benefit to be gained in the project.

Project risk management

The information gathered in a PIA can also be used as part of an agency's broader project risk management processes.

The Australian/New Zealand Risk Management Standard (AS/NZS 4360:2004) and the companion handbook Risk Management Guidelines (HB 436:2004) are used in government to assist in the process of assessing and managing project risks.

By feeding PIA information into their risk management processes, agencies will be in a better position to assess the level of risk which privacy impacts represent to the project, and decide on the most appropriate avoidance, mitigation or management strategies.

Other benefits

A PIA has other important benefits including:

• helping to find privacy solutions which also help to progress the project's goals;
• identifying the potential for particular privacy impacts such as:
  • function creep (i.e. additional uses of a system, and/or the personal information it involves, which 'creep' away from the original stated uses and potentially from the original expectations of the individuals involved); or
  • those that may arise from new legislation or technology;
• improving the project's consultation process, including public consultation, so that privacy issues are more comprehensively identified and stakeholders are better informed regarding the project's privacy and information handling aspects;
• demonstrating to others that the handling of personal information in the project has been critically analysed with privacy in mind; and
• playing a broader educational role about privacy, which can benefit not only the project but the agency as a whole.

6 How does a PIA work?

A PIA works most effectively when it forms part of a project's development, so that it helps to shape the evolution of the project. This ensures that privacy is 'built in' rather than 'bolted on'.

By undertaking a PIA as an integral part of the project from the beginning, agencies are able to:

• describe fully and systematically the way personal information "flows" in the project;
• analyse how these information flows will impact on privacy;
• identify early, a project's potential for further privacy erosion, for example, through function creep;
• consider alternative, less privacy-intrusive practices during project development rather than retrospectively; and
• make informed choices and recommendations about how the project will proceed.

Given the importance of a PIA in the evolution of a project involving personal information, the PIA document itself will also usually tend to be an evolving or living document. As the project develops and the issues become clearer, a PIA document can be updated and supplemented, leading to the completion of a more comprehensive and useful PIA. Projects which are more significant in scope may even require more than one PIA throughout their development.

7 Indicators that a PIA will be important

Generally, it is the significance or scope of a project, and the extent to which a project involves the collection, use or disclosure of personal information, which will indicate the importance of doing a PIA, and the level of detail that may be required.

The greater a project's size, complexity or scope (looking, for example, at indicators such as the proportion of the community upon which the project impacts, and the effects the project is likely to have on relevant individuals), the more likely it will be that a comprehensive PIA will assist in determining and managing the privacy impacts the project may pose. A project which, for example, involves significant amounts of personal information, or information that is generally regarded as sensitive, is likely to benefit from a PIA.

Not every project will need a PIA. Agencies will be in the best position to assess whether a PIA is necessary or desirable, and the level of detail that may be required. However, this Guide provides some assistance to agencies in making this assessment.

8 Who does the PIA?

Generally, the agency undertaking the project will be responsible for deciding if a PIA is necessary or desirable and then ensuring it is carried out.

Usually, a PIA would not be undertaken by an individual staff member working in isolation; it may consist of different stages and personnel as the project evolves. Generally, a PIA uses a team approach and makes use of the various 'in-house experts' available in the agency, including the agency's Privacy Contact Officer, as well as calling on outside expertise as necessary. In many cases, a set of 'fresh eyes' looking over a project can identify privacy impacts not previously recognised.

Some projects will have markedly more privacy impact than others. In those instances, a robust and independent PIA conducted by external assessors may be preferable as it may help to develop community trust in the findings of the PIA and the intent of the project.7

9 Consultation and transparency

In assessing privacy impacts, it will often be appropriate to consult widely. Consultation with key stakeholders is intrinsic to the PIA process as it helps to ensure that key issues are noted, addressed and communicated.

As a PIA also involves consideration of community attitudes and expectations in relation to privacy, and because potentially affected individuals are likely to be key stakeholders, public consultation will also often be important, particularly where large quantities of personal information are being handled or where information of particular sensitivity is involved. A PIA which incorporates public consultation can help to engender broad community awareness and confidence in the project.

Whilst the extent and timing of the consultation may vary depending on the project (for example, projects may be at a preliminary, sensitive or confidential stage), consultation will generally add significant value to a PIA and potentially increase stakeholder and community confidence in the initiative.

Similarly, wherever possible, publishing the contents and findings of a PIA can add value to a PIA. Publishing helps to demonstrate to stakeholders and the community that the project has been critically analysed with privacy in mind. Publishing also represents good practice by contributing to the transparency of the project.

Is a PIA Necessary?

10 Threshold Assessment

Not every project will need a PIA. The first critical question in assessing whether a PIA is needed is whether any personal information will be collected, used or disclosed in the project. If personal information is not involved in the project at any stage, the project may have a negligible impact on information privacy, and a PIA may not be necessary.

Making this important threshold assessment provides the opportunity for projects with no or minimal information privacy implications to be identified relatively easily and quickly.

Such a threshold assessment will essentially require an agency to broadly describe the project, including the project's aims, and analyse whether any personal information will be handled. Module A (developed by the Attorney-General's Department) is an example of a tool which may be used within agencies to assist officers in making this threshold assessment.

Approaching the PIA

11 Key stages of a PIA

Once an agency has determined that a PIA is necessary for a particular project, the next question is likely to be what kind of approach to the PIA will be most appropriate in the circumstances.

A number of PIA models have been developed internationally which may be helpful (see Acknowledgements and Resources). While some of these models are focused on compliance with a particular jurisdiction's privacy legislation, they all aim to provide some means of measuring the privacy impacts posed by a project.

Whilst there is no one-size-fits-all PIA model, there are a few broad stages which could be considered key to undertaking such a process.

The material which follows suggests that each of the above stages be addressed to some extent in every PIA, with the level of detail being determined by the nature of the project.

12 Planning the PIA

Planning the most appropriate PIA process for a particular project will be influenced to a significant extent by the nature of the project and the stage of development the project has reached. For example, a particular project might:

• be at the early or conceptual stages of thinking, or at a more advanced or detailed stage of thinking;
• be an alteration to a well-established existing program or system (an "incremental" project), or a significant new program or system;
• be either limited or broader in scope; or
• involve a limited or more significant amount of personal information.

It is also possible for a project to feature more than one of these characteristics. For example, an incremental project might still be broad in its scope and privacy implications.

Agencies will be in the best position to consider these matters and to decide upon the most appropriate PIA process. To assist agencies in this regard, Module B provides some guidance and examples which are designed to help demonstrate how the PIA process can differ for different types of projects or projects at various stages.

Doing the PIA

The following sections provide some more detailed assistance about considerations which may be helpful at each of the key stages of the PIA process.

13 Project description

The aim of this first stage of a PIA is to draft a broad, 'big picture' description of the project, including an explanation of:

• the project's overall aims (including how they fit within the agency's broader objectives);
• the drivers for or reasons behind the project;
• the scope and extent of the project;
• any links with existing programs or projects;
• whether any personal information will be handled; and
• some of the key privacy elements (for example, what sort of information will be collected; for what general purposes will it be used and disclosed; etc.).

This information helps to provide a broad explanation of the nature of the project, and can provide important context for the rest of the PIA. Any description of the project which has been done as part of the Threshold Assessment (see 10. Threshold Assessment above) is likely to be useful at this stage of the PIA.

14 Mapping the information flows

Once a broad description of the nature and scope of the project has been completed, the next stage in a PIA is to describe and map the flows of personal information in the project. This could include:

• what personal information is to be handled in the project;
• how the personal information is to be collected;
• how it will be used;
• internal flows;
• disclosures;
• security measures; and
• any privacy, secrecy and other relevant legislation applying to those flows.

In order to effectively map the information flows, communicating with all relevant sections of the agency will be important. Attempting to complete this stage in isolation runs the risk that valuable information about how the project will work, and how any personal information will be handled, may not be taken into account. This could lead to difficulties as the project develops.

This stage of the PIA should also describe the environment that currently exists, and how the project will affect this environment. For example, where a project involves new uses for personal information already held by an agency, this description could identify the nature of such personal information and the context in which it was initially collected (including the purpose of collection). Illustrating the data flows using diagrams or maps can give a clearer picture.

It may also be possible at this stage for an agency to start making some preliminary assessments, based on the above information, of possible areas where privacy impacts or compliance issues might potentially arise, as well as developing some early thoughts on possible alternatives.

The elements of the project that are likely to be relevant to the information privacy impact include: the collection of personal information; its use and disclosure; the ability individuals have to access information about them, and to correct that information if need be; the applicable security safeguards; the processes for ensuring data quality; and whether an identity management system is involved.

Module C contains a series of questions which address each of these areas. It is designed to assist in producing a clear picture of the project's information flows, and in doing so should also begin to draw out some possible areas where information privacy issues might arise in the project.

15 Privacy impact analysis

Once the description and mapping of the information flows has been completed to the level of detail possible considering the nature and status of the project, the next stage in a PIA is to identify and critically analyse, based on that information, how the project impacts upon privacy (both positively and negatively).

A project has a privacy impact if, for example, it affects an individual's choices about who has access to particular information about them. Identifying and then making an assessment of the privacy impacts of a project means the agency must take a critical look at the degree to which the project might compromise individual autonomy in relation to personal information.

The privacy impact analysis should consider:

• which privacy impacts are serious and which are less so;
• whether the privacy impacts are necessary or avoidable; and
• how the privacy impacts may affect the broad goals of the project.

This analysis will require a thorough and frank assessment of whether the project will provide acceptable privacy outcomes, or whether it will generate unacceptable impacts upon privacy. Some consideration as to the availability of alternatives which may improve privacy outcomes may also be possible at this stage. The results of any stakeholder or public consultation are likely to provide important information to assist this analysis.

A number of factors can influence this analysis, such as the context in which the information is collected or the content of the information. Sometimes, simply handling a name and address might involve a privacy impact in the wrong circumstances, for example when an individual is under threat of harassment or violence, and the intention is to put the information onto a public register. Some types of personal information are generally more sensitive than others, such as genetic and general health information or information about criminal convictions.

Module D is designed to be used as a starting point for agencies conducting such an analysis. It provides a series of questions which should assist in drawing out how the project impacts upon privacy.

An important component of this analysis for Australian and ACT Government agencies will be to assess whether the project is consistent with the Information Privacy Principles (IPPs) in the Privacy Act, with which all such agencies must comply. Module E (developed by the Attorney-General's Department) contains a series of questions which specifically address IPP compliance issues. Reference to the description and mapping of the information flows previously documented should assist agencies in responding to these questions.

16 Privacy management

Using the findings of the privacy impact analysis, the next stage of the PIA will be to identify and consider any possible options which may help to eradicate or mitigate the negative privacy impacts identified.

The process of considering such alternatives does not necessarily need to involve compromising a project's goals. If such consideration is done well, an agency may find that it has options available to it which will make a significant difference to the privacy impact of the project whilst still achieving the project's goals. For example, the use of privacy enhancing technologies (PETs)8 may help to ensure that only the minimum necessary amount of personal information is collected, whilst still enabling the project's functions to be achieved.

Module F should be used as a starting point for this critical stage of the PIA. It lists some matters which agencies should consider when deciding upon appropriate responses or actions in relation to any negative privacy impacts identified. This stage of the PIA can also feed into an agency's broader project risk management processes (see 5. Benefits of a PIA - Project risk management above).

17 Recommendations

The final stage of the PIA will be to finalise the documentation of the above information, including recommendations for the future of the project based on the assessment. The PIA story will most usefully be told in the form of a report. For some examples of PIA reports which may be helpful, see Acknowledgements and Resources.

A PIA, critically focused on the elements of the project, can produce a variety of recommendations; not all of which will match the agency's expectations. For example, a recommendation may suggest further fine-tuning is needed in a particular area of the project, such as collection practices.

The PIA report should identify avoidable impacts or risks and suggest measures to remove them or reduce them to an appropriate level.

The recommendations should indicate the best way forward to manage the privacy impacts identified in the project, which may include:

• changes that need to be made in order to achieve a more appropriate balance between the goals of the project, the interests of the agency and the interests of the individuals affected by the project;
• whether further consultation is required; and
• whether, if the privacy impacts are too significant, the project should proceed.

18 The assessment has been done ... what then?

The PIA report with its findings and recommendations is a valuable resource, assisting the project team, senior management and other stakeholders. The PIA can be used to further inform and educate those involved in, or affected by, the project.

For instance:

• the PIA should feed into further planning about the project's next steps. This may include resource allocation, stakeholder management, advising Ministers and government (including about risks), staffing, designing, trialling, testing, consultation, public education and evaluation;
• generally, PIA findings should be published at the appropriate stage, in particular to ensure that key stakeholders have a copy (for agencies, the OPC is likely to be a key stakeholder); and
• PIA findings may need to be revisited at different phases or for different aspects of the project as it progresses.

Documentation of the PIA investigation, analysis, assessment and findings, forms an ongoing, useful decision-making tool for the agency. Providing a PIA report also enables the success of any PIA recommendations implemented to be reviewed as part of the post-implementation review of the project.

The Privacy Commissioner encourages agencies to include the PIA findings during any subsequent public consultation on the project. The Commissioner also encourages agencies to make the PIA findings available to the public as part of the project's implementation.

19 Role of the Office

There is no formal role for the Office of the Privacy Commissioner in the development, endorsement or approval of PIAs. However, it may be able to assist agencies with advice on privacy issues arising throughout the PIA process.

Acknowledgements and Resources

Acknowledgements

Assessing the privacy impact of a project is still a relatively recent development, particularly in Australia. A number of different models have been developed nationally and internationally for conducting a PIA. In some overseas jurisdictions, a PIA is required by law in certain circumstances and the PIA format is prescribed.

The Office acknowledges the ground-breaking and informative work undertaken by The Office of the Privacy Commissioner of New Zealand (www.privacy.org.nz/home.php), The Office of the Privacy Commissioner of Canada (www.privcom.gc.ca/pia-efvp/index_e.asp) and Professor David Flaherty among others, in the area of privacy impact assessment information and guidance. This Guide builds on that work, particularly the guidance material from the New Zealand Privacy Commissioner.

The Office would also like to thank the New Zealand Privacy Commissioner's Office for providing a number of the PIA references and resources below, which agencies may find helpful.

Privacy Victoria has also produced a guide to PIAs directed at Victorian Government agencies, which was useful during the preparation of this Guide.

PIA Resources

Australian Government Information Management Office (AGIMO)

AGIMO has produced some guidance on how to conduct consultative impact assessments: http://www.agimo.gov.au/....

Canada

The Treasury Board of Canada Secretariat has produced a useful PIA e-learning tool: http://www.tbs-sct.gc.ca/pgol-pged/piatp-pfefvp/index_e.asp.

New Zealand

Office of the Privacy Commissioner (New Zealand), Privacy Impact Assessment Handbook: http://www.privacy.org.nz/....

For a collection of online resources from around the world, collated by the New Zealand Privacy Commissioner's Office, see: http://www.foi.gov.uk/....

United States of America

The Privacy Office of the Department of Homeland Security has released official guidance for use in drafting PIAs: http://www.dhs.gov/....

Victoria (Australia)

Office of the Victorian Privacy Commissioner, Privacy Impact Assessments - a guide: http://www.privacy.vic.gov.au/....

PIA Reports (or summaries)

The following is a small sample of reports or summaries of findings and recommendations published by a number of national and international government agencies and organisations that have undertaken a PIA. The Office does not specifically endorse any of these resources, nor does it encourage any specific format for PIA reports. They are provided to give agencies some idea of the different approaches to PIA reporting that are open to them.

Australia

Australian Bureau of Statistics PIA for a Proposal for Enhancing the Population Census (2005): http://www.abs.gov.au/....

Australian Government Information Management Office (AGIMO) - Privacy Management Strategy for the Identity Management for Australian Government Employees Framework (IMAGE) (2006): http://www.agimo.gov.au/....

Canada

The Treasury Board of Canada Secretariat's PIA e-learning tool (referred to above) includes some useful suggestions for what elements might comprise a PIA Report: http://www.tbs-sct.gc.ca/....

Summary of Foreign Affairs Canada's PIA for the Facial Recognition Project: http://www.ppt.gc.ca/....

Alberta Screening Directive (2003): http://www.pao.gov.ab.ca/....

Canadian Institute of Health Information NHEX (2002): http://secure.cihi.ca/cihiweb/en/downloads/spend_nhex_e_PIANHEX.pdf.

Alberta Information and Privacy Commissioner Registry: http://www.oipc.ab.ca/pia/registry.cfm.

New Zealand

State Service Commission series of PIAs in relation to the All-of-Government Authentication Project:

2003: http://www.e.govt.nz/....

2004: http://www.e.govt.nz/....

2005: http://www.e.govt.nz/....

Statistics New Zealand PIA in relation to the Injury Statistics Pilot Project (2004): http://www.stats.govt.nz/....

NZ Health Information Service PIA for the Mental Health Information Project (1999): http://www.nzhis.govt.nz/....

United States of America

The PIA guidance material of the Privacy Office of the Department of Homeland Security (referred to above) also contains examples of official PIA Reports of significant initiatives within the U.S. Department of Homeland Security: http://www.dhs.gov/....

Other Privacy Management Resources

Office of the Privacy Commissioner (Australia): www.privacy.gov.au

Building privacy into a system is discussed further in "Management and Integrity of Electronic Information in the Commonwealth 2003", the Office Submission to the Joint Committee of Public Accounts and Audit: http://www.privacy.gov.au/publications/jcpaasubs.doc.

Strategies for, and approaches to, good identity management practices are discussed in "Proof of ID Required? Getting Identity Management Right": Speech delivered by the Privacy Commissioner to the Australian IT Security Forum, Sydney, 2004: http://www.privacy.gov.au/news/speeches/sp1_04p.pdf.

There are a growing number of privacy consultancies and law firms that offer PIAs as a service. Whilst the OPC cannot endorse or recommend a particular organisation to conduct a PIA, the OPC website hosts a page of Privacy Service Providers which includes some PIA providers: http://www.privacy.gov.au/links/service/index.html.

Endnotes

1 For a summary of different types of privacy see Banisar D, 2000, Privacy and Human Rights: an international survey of privacy laws and developments, Electronic Privacy Information Centre, Washington: www.privacyinternational.org/survey.

2 Professor David Flaherty, Professor Emeritus, University of Western Ontario.

3 It is acknowledged that the task of making an assessment of the community's broader expectations about privacy can be a difficult one. For further information in relation to the Office's research into privacy attitudes in Australia, see the OPC website at www.privacy.gov.au/business/research.

4 For a further discussion of the risks associated with failing to consider the privacy implications of a project see Privacy Impact Assessment: A User's Guide on the Government of Ontario's Access and Privacy Office website at www.accessandprivacy.gov.on.ca/english/pia/index.html.

5 For the full text of the Information Privacy Principles see the OPC website at www.privacy.gov.au/act/ipps/index.html.

6 OPC Research into Community Attitudes Towards Privacy in Australia 2004 www.privacy.gov.au/business/research/index.html#1a

7 There are a growing number of privacy consultancies and law firms that offer PIAs as a service. Whilst the OPC cannot endorse or recommend a particular organisation to conduct a PIA, the OPC website hosts a page of privacy service providers which includes some PIA providers. Visit http://www.privacy.gov.au/links/service/index.html

8 For an introductory discussion of the concepts of Privacy Enhancing Technologies (PETs) and Privacy Intrusive Technologies (PITs), see the Office's speech Under the Gaze, Privacy Identity & New Technology on the OPC website at www.privacy.gov.au/news/speeches/sp104notes.pdf.

Privacy Policy Copyright Site map Join Email List Glossary Calendar Newsletter Top ↑