Ken Macdonald Assistant Commissioner Scotland amp Northern Ireland UK Information Commissioners Office 14 March 2014 What is privacy Privacy is about the integrity of the individual Privacy of personal information ID: 548819
Download Presentation The PPT/PDF document "Privacy Impact Assessments (PIAs)" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Privacy Impact Assessments (PIAs)
Ken Macdonald
Assistant Commissioner (Scotland & Northern Ireland)
UK Information Commissioner’s Office
14 March 2014Slide2
What is privacy?
Privacy is about the integrity of the individual
Privacy of personal information
Privacy of the person
Privacy of personal behaviour
Privacy of personal communicationsSlide3
Why undertake a PIA?
Identify and manage risk to individuals’ privacy
Avoid unnecessary costs
Avoid inadequate solutions
Avoid loss of trust and reputation
Support communications strategy
Meet legal requirementsSlide4
Code of Practice
New Code of Practice launched February 2014
Process Overview
Screening Questions / TemplatesSlide5
The PIA process
ConsultationSlide6
Consultation
Internal stakeholders
Project Team
Data Protection Officer
Engineers, developers
IT
Procurement
Suppliers / data processors
Comms
team
Frontline staff
Corporate Governance
Researchers
Senior management
External stakeholders
End users
Data subjects
Representative groups
Interest groups
General public
RegulatorsSlide7
Fit with the Data Protection Principles
Personal
data shall be
processed
fairly and lawfully
obtained
only for one or more specified and lawful purposes
adequate
, relevant and not excessive
accurate
and, where necessary, kept up to date
kept
for longer than is
necessary
processed
in accordance with the rights of data subjects
protected against
unauthorised or unlawful processing and against accidental loss, destruction or damage
transferred
to a country or territory outside the European Economic Area
only where
is an adequate level of protection Slide8
The PIA process
Establish objectives, outcomes and outputs early
Screening questions
Management support
1
Identify need for a PIASlide9
The PIA process
Types of personal data
Use of those data
Information asset register
Data controller?
2
Describe information flowsSlide10
The PIA process
Risk management tools/methodology
ICO guidance on particular risk areas
Other standards and guidance
Types of risk
Individuals
Compliance
Corporate
3
Identify privacy risksSlide11
The PIA process
Accept
Reduce
Eliminate
Cost:Benefit
Analysis / Proportionality
Data Sharing Code of Practice
Anonymisation
Code of Practice
4
Identify privacy solutionsSlide12
The PIA process
Document status of each risk
Determine solutions
Record reasons
Sign-off
Publication
5
Record PIA outcomes, and sign-offSlide13
The PIA process
Recommendations integrated into project plan
Review PIA at key stages
Final evaluations
6
Integrate PIA outcomes into project planSlide14
www.twitter.com/iconews
Keep in touch
Head Office: 0303 123 1113 / casework@ico.org.uk
Northern Ireland 0289 027 8757 / ni@ico.org.uk
Scotland 0131 244 9001 / scotland@ico.org.uk
Wales
0292 067
8400
/ wales@ico.org.uk