Foreword
Introduction
- Part I – How to Determine whether an Assessment is Needed
- Privacy and PIA Background information
Preparing for the PIA Screening process
The PIA screening process

Part II – Full-Scale Privacy Impact Assessment

Part III – Small-Scale Privacy Impact Assessment

Part IV– Privacy Law Compliance Checking

Privacy law compliance check
- Detailed Template: Privacy and Electronic Communications Regulations (Marketing)

Part V– Data Protection Act Compliance Checking

Data Protection Act compliance check
- Detailed Template: Data Protection Act

Part VI – Additional Information

Full-Scale PIA – Conducting the process

It is sensible to apply conventional project management techniques to the process of assessing privacy impact. This includes the definition of phases, tasks within phases, and deliverables.

This segment provides an outline description of a suggested set of phases, together with links to more detailed guidelines concerning the tasks and deliverables that may be appropriate.

The terms used here (such as 'preliminary phase') are intended to be descriptive and are not in themselves of any great significance. Organisations that apply these guidelines are encouraged use terms that are consistent with their own internal standards, policies and practices.

The following phases are suggested:

1. Preliminary phase

The purpose of this phase is to ensure that a firm basis is established for the PIA to be conducted effectively and efficiently. The suggested deliverables are a Project Plan and a Project Background Paper.

Guidance is available to assist in specifying the tasks and deliverables involved in this phase.

2. Preparatory phase

The purpose of this phase is to make the arrangements needed to enable the critical Phase 3 to run smoothly. The suggested deliverables are a Stakeholder Analysis, a Consultation Strategy and Plan, and establishment of a PIA Consultative Group (PCG).

Guidance is available to assist in specifying the tasks and deliverables involved in this phase.

3. Consultation and analysis phase(s)

With the framework in place, this phase focuses on consultations with stakeholders, risk analysis, the recognition of problems, and the search for solutions.
It is likely that some activities will need to be performed more than once (e.g. by calling more than one meeting of the PCG).

The greatest value to the organisation arises where the PIA is commenced at an early stage in the overall project life-cycle. In that case, it may be advisable to define multiple consultation and analysis phases, to run in parallel with the conception, analysis, design, construction and implementation phases of the overall project.

The suggested deliverables are changes to the relevant project documents, an Issues Register, and a Privacy Design Features Paper.

Guidance is available to assist in specifying the tasks and deliverables involved in this phase.

4. Documentation phase

The purpose of this phase is to document the process and the results. The suggested deliverable is a PIA Report.

Guidance is available to assist in specifying the tasks and deliverables involved in this phase.

5. Review and Audit Phase

The purpose of this Phase is to ensure that the design features arising from the PIA are implemented, and are effective. The suggested deliverable is a Review Report.

Guidance is available to assist in specifying the tasks and deliverables involved in this phase.

[ W3C WCAG AAA COMPLIANT ] [ VALID XHTML 1.0 ] [ VALID CSS ]