Key Questions: What are Privacy Impact Assessments? How do I undertake Privacy Impact Assessments?
The Guide to undertaking privacy impact assessments (PIA Guide) has been prepared by the Office of the Australian Information Commissioner (OAIC) to describe a process for undertaking a privacy impact assessment (PIA). The PIA Guide is intended to provide guidance to all Australian Privacy Principle (APP) entities.
- Introduction to privacy impact assessments
- About this Guide
- What is a privacy impact assessment?
- Why do a PIA?
- Is a PIA necessary?
- When to do a PIA
- Role of the OAIC
- Undertaking a PIA
- 1. Threshold assessment
- 2. Plan the PIA
- 3. Describe the project
- 4. Identify and consult with stakeholders
- 5. Map information flows
- 6. Privacy impact analysis and compliance check
- 7. Privacy management — addressing risks
- 8. Recommendations
- 9. Report
- 10. Respond and review
- Respond to recommendations
- Independent review/audit
- Update the PIA if required
- Appendix A — Acknowledgments and resources