Privacy Impact Assessments
A privacy impact assessment (PIA) is a series of questions or a checklist designed to help a board of education (board) assess its compliance with the privacy requirements of LAFOIP (view the PIA checklist and worksheet).
The use of a PIA is not required by legislation, but is recognized as an effective way for an organization to determine whether or not it is complying with legislative requirements. It can be a learning tool for those involved in a project who might not otherwise consider the privacy implications of what they are doing.
Conducting a PIA is also a good opportunity for a board to show that it is taking reasonable efforts to meet its legislative responsibilities.
The PIA can be used:
- when developing a new program;
- when revising an ongoing program; or
- as a review of existing practices and procedures.
In many cases the Office of the Saskatchewan Information and Privacy Commissioner will also use a PIA when it conducts an investigation as a result of a complaint made against a local authority.
“The completion of an effective and meaningful PIA requires a dialogue between the author of the PIA and those with a vested interest or involvement with the proposed or existing information systems, technology, policy/procedure, or program being evaluated.”
– Office of the Saskatchewan Information and Privacy Commissioner