Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Impact Assessment Workshop Maureen H Falconer Sr Guidance & Promotions Manager Scotstat Public Sector Analysts Network 30 September 2010.

Published byDerrick Booth Modified over 8 years ago

Similar presentations

Presentation on theme: "Privacy Impact Assessment Workshop Maureen H Falconer Sr Guidance & Promotions Manager Scotstat Public Sector Analysts Network 30 September 2010."— Presentation transcript:

1 Privacy Impact Assessment Workshop Maureen H Falconer Sr Guidance & Promotions Manager Scotstat Public Sector Analysts Network 30 September 2010

2 Recognising Privacy Risk

3 PIA Decision Tree Initial Assessment No further action Full scale PIA? Small scale PIA? Privacy compliance check? DP compliance check? NO Complete full scale PIA & privacy, DP & other compliance checks Complete small scale PIA & privacy, DP & other compliance checks Complete privacy, DP & other compliance checks Complete DP compliance check YES

4 Initial Assessment Map PreparationStakeholder analysis Go through PIA screening questions to highlight privacy issues Decide level of assessment External information gathering Project outline

5 Denying anonymity or making identifiable previously anonymous transactions? Multiple organisational use? Increased volumes of data on individuals? Increased volumes of individuals? Processing data exempt from legislation? Disclosure to third parties not subject to comparable data protection? Will it involve… New or increased technology with substantial potential for privacy intrusion? New or re-using identifiers, intrusive identification/ authentication/ management processes? New handling processes for sensitive data? New or increased data matching? Increased public security measures? …do a full scale PIA.

6 If not, will it involve… New/changed data quality assurance processes and standards which may be unclear/unsatisfactory? New/changed data security arrangements which may be unclear/unsatisfactory? New/changed data access or disclosure arrangements which may be unclear/permissive? New/changed data retention arrangements which may be unclear/extensive? Changing medium of disclosure making data more readily accessible than before? …do a small scale PIA.

7 PIA Process Map Preliminary workPreparationDocumentation: conclusions & recommendations Review and audit Internal analysis External consultation/ information gathering

8 Identifying privacy risk… Personal Information Issues Issues around use of Identifiers Function Creep Centralisation of Data Vulnerability of Individuals Upholding Individuals’ Rights Identifying privacy solutions… Acceptance Mitigation Avoidance

9 Compliance Privacy Law: HRA; PECR; Law of Confidence Vires Statutory obligations/restrictions/prohibitions Data Protection: Schedule Conditions DP Principles Exemptions

10 Key Points The PIA is a process to consider privacy risk which provides: All-round perspective; Understanding of acceptability; Understanding of negative privacy impact; Justification for privacy intrusion Opportunities to lessen negative impact; Consideration of less privacy-invasive alternatives; Evidence based decision-making.

11 Information Commissioner’s Office 93-95 Hanover Street Edinburgh EH2 1DJ 0131 301 5071 Scotland@ico.gsi.gov.uk www.ico.gov.uk

Download ppt "Privacy Impact Assessment Workshop Maureen H Falconer Sr Guidance & Promotions Manager Scotstat Public Sector Analysts Network 30 September 2010."

Similar presentations

London Public Health Transition Delivery Board

London Public Health Transition Delivery Board
Introduction to Information Governance (IG)

Introduction to Information Governance (IG)
Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.

Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.
SEMINAR NAIC/ASSAL/SVS REGULATION & SUPERVISION OF MARKET CONDUCT © 2014 National Association of Insurance Commissioners Overview and Purpose of Market.

SEMINAR NAIC/ASSAL/SVS REGULATION & SUPERVISION OF MARKET CONDUCT © 2014 National Association of Insurance Commissioners Overview and Purpose of Market.
<<Date>><<SDLC Phase>>

<<Date>><<SDLC Phase>>
Getting data sharing right for every child

Getting data sharing right for every child
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August.

Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August.
1 CEER 13.02.07 How to balance the public’s concerns and critical infrastructure construction Matti Vainio, Deputy HoU DG ENV – C.5, European Commission.

1 CEER How to balance the public’s concerns and critical infrastructure construction Matti Vainio, Deputy HoU DG ENV – C.5, European Commission.
Data Protection and Records Management

Data Protection and Records Management
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
The Value in Conducting a Privacy Impact Assessment

The Value in Conducting a Privacy Impact Assessment
Vulnerability Assessments

Vulnerability Assessments
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Keeping on top of the Cloud - Compliance from a Regulator’s Perspective Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong.

Keeping on top of the Cloud - Compliance from a Regulator’s Perspective Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong.
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.

The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
Data Sharing and Good Practice Maureen H Falconer Sr Policy Officer Information Commissioner’s Office.

Data Sharing and Good Practice Maureen H Falconer Sr Policy Officer Information Commissioner’s Office.

Similar presentations

Ads by Google