- Introduction
- Framework
- Overview
- Planning the PIA Process
- Conducting the PIA process
Part VI – Additional Information
PIA Handbook - Glossary
This segment of the Handbook contains an alphabetical listing of terms that are used in the document in ways that are or may be seen to be in some way specialised.
Advocate
An organisation, or possibly an individual, that has plausible claims to understand the interests of some relevant group of people, including Participating Organisations and the Affected Public, particularly in newly-emerging and even hypothetical circumstances. Their credibility is based not on their ability to 'represent' any particular population segment, but rather on their capacity to appreciate and consider the complexities and the options, and to present evidence and coherent arguments
Affected public
The people whose personal data is the subject of the project. People are affected in various ways, depending on the system's features, and people's circumstances, and hence it is often important to distinguish, and focus on, relevant customer segments
Compliance checking
An evaluation of a project process and project outcomes (including the design, data collections and business processes), in order to ensure that all aspects are compliant with all relevant provisions of all relevant laws
Data silo
A database or set of files that is used by a particular application and is not integrated with other databases or sets of files
First-order impact
A direct result arising from some measure. Distinguished from an indirect or second-order implication that is affected by a range of other factors
Identity
A representation or role of some underlying entity, in particular of a person
Identity silo
An identity that is used to represent an individual in that person's dealings with a particular application and is not integrated with other identities that the person has
A record of the privacy issues that have been identified, and the approaches adopted to reducing or avoiding them. In large projects it is likely to be formalised, but in other cases it may take the form of an attachment to meeting minutes, or a web-page maintained by project staff
In the case of very large projects in which several major organisations are heavily involved in partnership or joint venture, the organisation that adopts a leadership role
The corporation or government agency that is primarily responsible for the project in relation to which a PIA is to be undertaken
Other organisations involved in the project, including 'partner' organisations, organisations that will provide data, or receive data from the resulting system, and perhaps also organisations that provide services to support the system (e.g. as outsourced service providers) and technology providers
PIA Consultative Group (PCG)
A cluster of representatives and advocates with whom consultation is undertaken, which is not unduly large, but has sufficient diversity to ensure that the objectives are achieved
The interest that individuals have in sustaining a 'personal space', free from interference by other people and organisations
Privacy Enhancing Technology (PET)
A technology that has been specifically developed to assist privacy rather than threaten it.
Privacy Impact Assessment (PIA)
A process whereby a project's potential privacy issues and risks are identified and examined from the perspectives of all stakeholders, and a constructive search is undertaken for ways to avoid, minimise or at least ameliorate privacy concerns
Privacy Intrusive Technology (PIT)
A technology that assists in the surveillance of people and their behaviour
Privacy law
All sources of law that create rights and obligations relevant to privacy. They include constitutional law, EU law, statutes, statutory instruments created and maintained under delegation from Parliament (including Regulations and formal Codes), and the common law. Further documents may be relevant, such as codes of conduct and privacy policy statements, particularly where the organisation has provided some form of undertaking to comply with them. This might arise from some formal act of adoption (such as membership of the association that issues the code), or the terms of a document that the organisation itself has issued. There are also matters of public policy that may not be formally law, but that are generally respected
Privacy strategy
An approach driven by an organisation's senior executives, whereby privacy is recognised as a factor of significance to the achievement of the organisation's objectives. It involves the reflection of privacy concerns within corporate strategy, detailed planning and implementation of measures to address privacy issues, and the embedment of privacy-sensitivity in organisational culture and in computer-based systems
Project
The activity or function is that the organisation is assessing. It may be, for example, a project to develop a 'system', a 'database', a 'programme', an 'application', a 'service' or a 'scheme', or an enhancement to any of the above, or an 'initiative', a 'proposal' or a 'review', or draft legislation
Representative
An organisation, or possibly an individual, that has plausible claims to represent the interests of some relevant constituency, including participating organisations and the affected public. Their credibility arises primarily from their closeness to that constituency, and their ability to sense and explain their constituency's concerns
Second-order implication
An indirect result arising from some measure, which is mediated by a range of other factors. Distinguished from a direct or ‘first-order’ impact
A short, preliminary study to work out whether a PIA is required, and, if so, how substantial it needs to be
Stakeholder
Individuals or groups that perceive themselves to have a significant interest or 'stake' in the project, and that accordingly expect to have involvement in the project process. They include the organisation itself, other participating organisations and the affected public.