1 / 11

Privacy Impact Assessment Workshop

Privacy Impact Assessment Workshop. Maureen H Falconer Sr Guidance & Promotions Manager Scotstat Public Sector Analysts Network 30 September 2010. Recognising Privacy Risk. Complete privacy, DP & other compliance checks. Complete full scale PIA & privacy, DP & other compliance checks.

eagan
Download Presentation

Privacy Impact Assessment Workshop

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Impact Assessment Workshop Maureen H Falconer Sr Guidance & Promotions Manager Scotstat Public Sector Analysts Network 30 September 2010

  2. Recognising Privacy Risk

  3. Complete privacy, DP & other compliance checks Complete full scale PIA & privacy, DP & other compliance checks YES Full scale PIA? Small scale PIA? YES Complete small scale PIA & privacy, DP & other compliance checks Privacy compliance check? Initial Assessment YES DP compliance check? YES Complete DP compliance check No further action PIA Decision Tree NO NO NO NO

  4. Preparation Stakeholder analysis Project outline External information gathering Go through PIA screening questions to highlight privacy issues Decide level of assessment Initial Assessment Map

  5. Disclosure to third parties not subject to comparable data protection? Denying anonymity or making identifiable previously anonymous transactions? Will it involve… Increased volumes of individuals? New or re-using identifiers, intrusive identification/ authentication/ management processes? Increased volumes of data on individuals? Multiple organisational use? New handling processes for sensitive data? New or increased technology with substantial potential for privacy intrusion? Increased public security measures? Processing data exempt from legislation? New or increased data matching? …do a full scale PIA.

  6. If not, will it involve… New/changed data quality assurance processes and standards which may be unclear/unsatisfactory? New/changed data security arrangements which may be unclear/unsatisfactory? Changing medium of disclosure making data more readily accessible than before? New/changed data retention arrangements which may be unclear/extensive? New/changed data access or disclosure arrangements which may be unclear/permissive? …do a small scale PIA.

  7. Preliminary work Preparation External consultation/ information gathering Internal analysis Documentation: conclusions & recommendations Review and audit PIA Process Map

  8. Identifying privacy risk… • Personal Information Issues • Issues around use of Identifiers • Function Creep • Centralisation of Data • Vulnerability of Individuals • Upholding Individuals’ Rights Identifying privacy solutions… • Acceptance • Mitigation • Avoidance

  9. Compliance • Privacy Law: • HRA; PECR; Law of Confidence • Vires • Statutory obligations/restrictions/prohibitions • Data Protection: • Schedule Conditions • DP Principles • Exemptions

  10. Key Points • The PIA is a process to consider privacy risk which provides: • All-round perspective; • Understanding of acceptability; • Understanding of negative privacy impact; • Justification for privacy intrusion • Opportunities to lessen negative impact; • Consideration of less privacy-invasive alternatives; • Evidence based decision-making.

  11. Information Commissioner’s Office 93-95 Hanover Street Edinburgh EH2 1DJ 0131 301 5071 Scotland@ico.gsi.gov.uk www.ico.gov.uk

More Related