- Introduction
- Framework
- Overview
- Planning the PIA Process
- Conducting the PIA process
Privacy Impact Assessment
Foreword
Increasing amounts of personal information is collected and stored about individuals as they go about their everyday lives. This often happens for benign reasons such as providing better services but as more and more personal information is held, the greater the concern about the affect on individual privacy and the greater the need for those who hold it to inspire the public’s trust and confidence in the way personal information is handled. Whilst the Data Protection Act 1998 provides essential safeguards, the risk to individual privacy and public confidence in the use of their personal details can go much further. Addressing legitimate privacy concerns should not be left to chance and these need to be addressed from the outset of projects which may raise such concerns.
In some other countries undertaking a Privacy Impact Assessment (PIA) is a common way of ensuring that that privacy concerns and safeguards are addressed and built in as a project develops rather than ignored or bolted on later as an expensive afterthought. The Information Commissioner believes that adopting this proactive approach in the UK offers significant benefits by addressing privacy concerns and inspiring the public’s trust and confidence in what happens to their personal information.
The Information Commissioner’s Office (ICO) commissioned a team of a experts lead by the University of Loughborough to undertake a study of the use of PIAs around the world and based on the lessons learned then to develop a PIA framework that can be used in the UK. This handbook is the centre piece of that work.
This is new and ground breaking work. The handbook is intended to be of practical use for those wishing to conduct a PIA and there will be much to learn about how this handbook and the PIA process works in practice. The ICO are keen to learn from the experiences of those who use it and to consider if any subsequent improvements can be made. It is hoped that all those using it will contact the ICO to share their experiences.
The Information Commissioner believes conducting PIAs in the UK will make a significant contribution towards addressing legitimate privacy concerns about the increasing collection and use of personal information and hopes this handbook will be of assistance to all those organisations who wish to embrace the PIA process as a way of demonstrating their commitment to safeguarding personal privacy.