A Privacy Impact Assessment (PIA) is used to assess how new and existing initiatives that handle personally identifiable information (PII) might affect privacy. By working together with all stakeholders, we identify potential privacy risks and recommend you ways to address them in a prioritized manner.

Many laws and regulatory requirements mandate that organizations should conduct a Privacy Impact Assessment (PIA) before acquiring, developing, or redesigning any information system or service delivery project that involves the collection, use, disclosure, retention, or destruction of personal information.

We conduct PIA proportionate to the sensitivity of the personal information involved, the intended purpose of its use, and the volume, distribution, and format of the information being handled. All identified and implemented privacy controls are documented as part of the organization’s privacy risk assessment process. This helps your organization integrating that privacy considerations into the overall risk management strategy.

We document the results of a privacy impact assessment, as specified in ISO/IEC 29134, to help your organization guide and determine the appropriate treatment action and priorities for managing privacy risks.

Our privacy management certified resources will guide your organization with a tailored approach to PIA that addresses the specific needs and concerns. Our approach to conduct the PIA leverages ISO/IEC 27701, ISO/IEC 29134, NIST Privacy Framework, The Office of the Privacy Commissioner of Canada (OPC) PIA Guidelines, Health Insurance Portability and Accountability Act (HIPAA), California Consumer Privacy Act (CCPA), OECD Privacy Guidelines, European Union General Data Protection Regulation (GDPR), and ICO PIA Framework.

 

Contact us to discuss privacy compliance assessment requirements for your organization