Privacy Impact Assessment Methodology



This PIA process is described in detail in this guide

Step 1: Preliminary Analysis

  • Examine the project to determine if it will involve the collection, use, retention, disclosure, security or disposal of personal information.
  • If you determine that the project will involve personal information, proceed with the PIA process. If the project will not involve personal information, you do not need to proceed with the PIA process.

To determine whether conducting a Privacy Impact Assessment is necessary, consult the PIA Threshold Assessment.

Step 2: Project Analysis

  • Collect specific information about the project, the key players and stakeholders and the type of and manner in which personal information will be collected, used, retained, disclosed, secured or disposed of.

Step 3: Privacy Analysis

  • Using information gathered in the previous step, identify FIPPA or MFIPPA requirements and potential risks and impacts to privacy.
  • Consider ways to reduce or eliminate the risks and impacts identified.
  • Assess proposed solutions and their benefits.

Step 4: Conduct PIA Report

  • Obtain approval to proceed with recommended solutions.
  • Document your findings and chosen solutions in a PIA Report.
  • Proceed with the project, ensuring that the recommendations from your PIA are fully incorporated in the project plans and implemented.