Privacy Impact Assessments (PIAs) form a fundamental part of information governance in assuring that individuals’ rights to privacy and confidentiality are appropriately protected. PIAs are used across all sectors but are particularly important in the context of personal health information as this is regarded as being sensitive information and merits higher protection under privacy legislation.The guidance outlines a step-by-step process for undertaking a PIA and the important factors to be considered at each stage of the process.
We have also created a PIA threshold assessment tool, which is a short, initial assessment of a project to determine whether its potential privacy impact requires a PIA. It is a simple tool that should be incorporated into the service provider’s project management processes to ensure that privacy is routinely considered at the beginning of a project. This applies not only to new projects but also to proposals to amend existing information systems, sources or processes.