1. 1 The Privacy Impact Assessment Guidelines Guy Herriges Manager, Information and Privacy Office of the Corporate Chief Strategist, MBS November 2000

2. 2 Why do a PIA? New technologies are transforming how we do business Promise of greater efficiency, integration, effectiveness, and responsiveness But they are also raising new concerns about privacy We need to address these concerns to ensure success –PIA provides a methodology for identifying and addressing privacy issues at every stage in a project

3. 3 Managing Privacy Risk Privacy Impact Assessment (PIA) is the best tool at our disposal Evidence-based decision-making instrument that considers both technical compliance with privacy requirements and public expectations –generates/communicates confidence that privacy objectives have been met, –takes variety of perspectives into account, –promotes fully informed policy decision-making and system design choices, –helps ministries to adequately anticipate public reaction to the privacy implications of a given proposal by considering all perspectives

4. 4 Possible Indicators of the Need to do a PIA Creation/modification of databases containing personal information; Proposals involving identification or authentication schemes; Program/service channel redesign or merger - single window; The use of smart cards; New delivery structures or partnerships, including devolution; Technology changes; Common infrastructure projects

5. 5 MBS Requirements A PIA is required where proposals may affect client privacy Privacy is affected by any substantive change to the collection, use, or disclosure of personal information Ministries/Cluster CIO determines whether a PIA is required

6. 6 Perspectives on Privacy A variety of perspectives inform debates around privacy Legal perspective - compliance with privacy rules Consumer perspective - privacy as a consumer protection issue and fairness in the marketplace, especially in e-commerce Rights-based perspective - privacy as a right in itself and in relation to other rights (e.g. free association, autonomy) Public policy issue - management of privacy risk, public expectations, and building public confidence and trust

7. 7 Components of the PIA 1. Proposal analysis 2. Data flow analysis Outline how and when information is collected, used, and disclosed 3. Compliance Analysis Verify technical compliance with statutory requirements and broader conformity with general privacy principles 4. Risk Management Strategy Identify privacy risks and propose solutions

8. 8 Proposal Analysis Under development Description of Essential Aspects of a Proposal Environmental/Issues Scan Identification of Significant Privacy Issues

9. 9 Data Flow Analysis Business Process Diagrams identifying major components of a business process Documented data flow Identification of specific personal data elements or clusters of data and their collection, use and disclosure

10. 10 Samples from Projects

11. 11 Page 30 PIA Guide

12. 12 Compliance Analysis Key questions that interrogate a proposal’s compliance with privacy legislation and program statutes. Identification of broader privacy issues that may raise public concerns. Questions organized under privacy principles of CSA Model Privacy Code and Freedom of Information and Protection of Privacy Act

13. 13 Risk Analysis Summary of conclusions from the privacy analysis Legal compliance issues based on analysis of data flow Identification of residual risk Broader privacy risks/stakeholder reaction Communications strategy

14. 14 Resource and Skill Requirements Depends on scope and stage of project Range of skills that may be useful on PIA team include: Policy Development Operational Program and Business Design Technology and Systems Risk and Compliance Analysis Procedural and Legal Access to Information and Privacy

15. 15 Conclusion PIA is available from Information and Privacy Office, MBS http://www.gov.on.ca./MBS/english/fip/