Privacy Impact Assessment

Definition

A privacy impact assessment must be completed for any new or changes to applications.  The assessment ensures compliance with the Freedom of Information and Protection of Privacy Act when collecting, using or disclosing personal information.  The initial assessment must be completed for all initiatives to determine whether personal information is involved.

A draft Privacy Impact Assessment (PIA) is required during the Planning Phase to identify potential risks and impacts of collecting, using, and disclosing personal information.  It is also a requirement to move to the Test environment through the Change Management process.  A final PIA is required in the Analysis phase and is a requirement to move to the Production environment through the Change Management process.

Roles and Responsibilities

• SDLC Roles and Responsibilities

Standards

If the initiative or resulting application has personal information, please use the long form, called PIA Template.

If the initiative or resulting application has no personal information, please use the short form, called PIA No Personal Information.

Templates

• PIA Template (MFR only - info)
• PIA No Personal Information (MFR only - info)

Samples

• Sample - PIA (BC Gov only - info)
• Sample – PIA No Personal Information (MFR only - info)

Contact Information

Your contact for general advice and support for information sharing and privacy issues, including PIAs as they are being completed, will be Joanne Gardiner or Lina Bennett.

Once the PIA is finalised please send to Lara Berglund who will forward it to one of the privacy staff for review.  Once all concerns with the PIA are resolved Sharon Plater will sign on the DMIP (Director/Manager of Information and Privacy) line.

The last signature required is Guy Gondor – CIO Information Management Branch before any migrations to PROD can take place.