Privacy Impact Assessments

A privacy impact assessment (PIA) is a series of questions or a checklist designed to help a board of education assess its compliance with the privacy requirements of LAFOIP (view the PIA checklist and worksheet).

The use of a PIA is not required by legislation, but is recognized as an effective way for an organization to determine whether or not it is complying with legislative requirements. It can be a learning tool for those involved in a project who might not otherwise consider the privacy implications of what they are doing.

Conducting a PIA is also a good opportunity for a board to show that it is taking reasonable efforts to meet its legislative responsibilities.

The PIA can be used:

  • when developing a new program;
  • when revising an ongoing program; or
  • as a review of existing practices and procedures.

Stakeholders involved in a PIA may include:

  • User /Group requesting
    • Requires “primary contact” to coordinate info collection
  • Technology Department
  • Rep/Contact info from vendor offering service/software
    • Many have own privacy policies; dovetail with PIA
    • Others have no contact; can only reference published policies (eg. Google)

In many cases the Office of the Saskatchewan Information and Privacy Commissioner will also refer to a PIA when it conducts an investigation as a result of a complaint made against a local authority.

“The completion of an effective and meaningful PIA requires a dialogue between the author of the PIA and those with a vested interest or involvement with the proposed or existing information systems, technology, policy/procedure, or program being evaluated.”

– Office of the Saskatchewan Information and Privacy Commissioner

Some things to consider when completing a PIA:

  • Depersonalize what you can; only record what you must
  • involve IT early
    • can become ‘techie’ fast; security is often layered
  • Challenge vendors for clarity
  • Keep good records
    • include time-stamped vendor privacy policies, they often change/evolve