Privacy Impact Assessments

A privacy impact assessment (PIA) is a series of questions or a checklist designed to help a board of education (board) assess its compliance with the privacy requirements of LAFOIP (view the PIA checklist and worksheet).

The use of a PIA is not required by legislation, but is recognized as an effective way for an organization to determine whether or not it is complying with legislative requirements. It can be a learning tool for those involved in a project who might not otherwise consider the privacy implications of what they are doing.

Conducting a PIA is also a good opportunity for a board to show that it is taking reasonable efforts to meet its legislative responsibilities.

The PIA can be used:

  • when developing a new program;
  • when revising an ongoing program; or
  • as a review of existing practices and procedures.

In many cases the Office of the Saskatchewan Information and Privacy Commissioner will also use a PIA when it conducts an investigation as a result of a complaint made against a local authority.

“The completion of an effective and meaningful PIA requires a dialogue between the author of the PIA and those with a vested interest or involvement with the proposed or existing information systems, technology, policy/procedure, or program being evaluated.”

– Office of the Saskatchewan Information and Privacy Commissioner