Privacy Impact Assessment

 PRIVACY IMPACT ASSESSMENT

A Privacy Impact Assessment (PIA) based on PIPEDA is a risk management process that helps institutions ensure organizations meet legislative requirements pertaining to the protection of Personally Identifiable Information. Conducting a PIA is a means of helping to ensure compliance with and adhering to these requirements that will reduce your risk of improper or unauthorized collection, use, disclosure, retention or disposal of personal information.

A PIA will help reduce the risk that an individual may suffer harm, such as identity theft, reputational damage, physical harm or distress, due to your program’s handling of their personal information. A PIA may not eliminate such risks altogether but should help to identify and manage them.

 Get Started on Your Privacy Impact Assessment

APPROACH TO PRIVACY IMPACT ASSESSMENT

The Privacy Impact Assessment will establish the gaps between what is currently in place and what the privacy legislation has established. The missing controls will need to be implemented, and the priority of completing this will vary depending on budget, resource availability.

The assessment will cover these 9 categories through interviews with appropriately assigned individuals who would represent the organization's custodians of this data.

  1. Accountability

  2. Identified Purposes

  3. Consent

  4. Limiting Collection

  5. Limiting Use, Disclosure and Retention

  6. Accuracy

  7. Safeguards

  8. Openness

  9. Individual Access

PRIVACY IMPACT ASSESSMENT DELIVERABLES

PIA Final Report – A report is developed and delivered to the customer approximately two weeks after the engagement. The report includes:

  • Executive Summary

  • Detailed findings from interviews

  • Recommendations

PRIVACY IMPACT ASSESSMENTDELIVERY TEAM

  • Lead Assessor: A seasoned Information Security expert with over 10 years of professional experience in the industry, possessing various certifications and a degree in information security. The assessor has conducted numerous PIAs for customers of various sizes across North America.

  • Virtual CISO: An Information Technology leader with over 20 years of experience in Cyber Security consulting and Managed Security Services, with CISA and CRISC certifications.

  • Report Writers: Will develop final reports based on the findings of the assessment.

Connect with Our Experts to Start Your Privacy Impact Assessment