Why do a PIA?

Organisations take considerable care to manage a variety of risks, including competitive manoeuvres by other corporations, natural disasters, environmental contamination, cyber-attacks, and the risk of embarrassment to executives and Ministers. ‘Issues management’ has emerged as a common activity based on contingency planning.

Government and corporate reputations can be fragile and easily undermined. In order to maintain and enhance their reputations these organisations need to act responsibly in relation to key issues like privacy, and to be seen to be acting responsibly. Experience shows that once an organisation’s reputation is damaged and trust is lost it is then very hard to regain that trust.

For many organisations, privacy now poses risks which need to be professionally managed in a similar way to other categories of risk. Organisations that handle personal data need to monitor their ongoing operations, whether they are dealing with clients, employees, or the public in general.

In summary, the reasons an organisation undertakes a PIA are as follows.

Identifying and managing risks.
Avoiding unnecessary costs.
Inadequate solutions
Avoiding loss of trust and reputation.
Informing the organisation’s communications strategy.
Meeting and exceeding legal requirements.

Identifying and managing risks

At senior levels of organisations, a PIA is part of good governance and good business practice. A PIA is a means of addressing project risk as part of overall project management. Risk management has considerably broader scope than privacy alone, so organisations may find it appropriate to plan a PIA within the context of risk management.

Avoiding unnecessary costs

By performing a PIA early in a project, an organisation avoids problems being discovered at a later stage, when the costs of making significant changes will be much greater. Making clear a project’s objectives, the organisation’s requirements and the justifications for particular design features all have important benefits for project management generally, rather than just as part of a privacy impact assessment.

A further benefit of building privacy-sensitivity into the design from the outset is that it could provide a foundation for a flexible and adaptable system, reducing the cost of future changes and ensuring a longer life for the application.

Inadequate solutions

Another problem which arises with privacy risks being discovered at a later stage is that the solutions that are devised at this stage are often not as effective at addressing and managing the privacy risks as solutions that are designed into the project from the start.

Designing in privacy solutions can make a project more resistant to a failure around individual privacy and better able to recover if a failure does occur. Bolt-on solutions devised only after a project is up and running can often be a sticking plaster on an open wound, providing neither the same level of protection for the individual nor the confidence for the organisation that privacy risks have been identified and adequately addressed.

Avoiding loss of trust and reputation

Customers value privacy. A PIA is a means of ensuring that systems are not deployed with privacy flaws which will attract the attention of the media, competitors, public interest advocacy groups or regulators, or give rise to concerns among customers. In this context a PIA will help to maintain or enhance an organisation’s reputation.

Addressing privacy issues raised in a PIA can mitigate the risks of low adoption rates (or poor participation in the implemented scheme) due to a poor perception of the scheme as a whole, or particular features of its design or a loss of public credibility as a result of perceived harm to privacy or a failure to meet expectations with regard to the protection of personal information. It also helps mitigate the risk of retrospective imposition of regulatory conditions as a response to public concerns about the project, with inevitable additional and unbudgeted costs or even the entire project being put at risk of being in non-compliance with the new laws.

A PIA provides an organisation with an opportunity to obtain a commitment from stakeholder representatives and advocates to support the project from an early stage, in order to avoid the emergence of opposition at a late and expensive stage in the design process.

Informing the organisation’s communications strategy

Linked to the importance of a loss of trust and reputation is the importance of a PIA to an organisation’s media and communications strategy. As stated above there is a risk of the collapse of a project as a result of adverse publicity and/ or withdrawal of support by the organisation or one or more key stakeholders.

Carrying out a PIA should enable the organisation to ensure that the representative and advocacy organisations achieve an understanding of the project and assess it from their own perspectives. It enables an organisation to understand the perspectives of other stakeholders and make the aims of the project better understood. It also provides stakeholders the opportunity to have their perspectives reflected in the project design.

By actively seeking out and engaging the concerns of stakeholders, even those who are expected to oppose a particular project, you can discover the reasoning behind their position and identify where further information needs to be provided and pre-empt any possible misinformation campaigns by opponents of the project.

Meeting and exceeding legal requirements

The Data Protection Act already stipulates eight data protection principles, but these only address certain aspects of privacy. There are a range of other pieces of legislation which have an impact on privacy and either empower or prohibit certain acts which may intrude upon the privacy of the individual. These are explored in more depth in the privacy law compliance check in Chapter VI.

The Government has accepted their value and they will be used in all Departments. Future Gateway reviews of ICT projects will check that they have been carried out as an integral part of the risk management assessment.

« Previous | Top of page | Next »

Contents

Using this handbook

Part 1 – Background information

Chapter I – Overview

Chapter II – Privacy, risks and solutions

Part 2 – The PIA process

Process Maps

Chapter III – Initial assessment

Chapter IV – Full-scale privacy impact assessment

Chapter V – Small-scale privacy impact assessment

Chapter VI – Privacy law and other legal compliance checking

Chapter VII – Data Protection Act compliance check (including PECR)

Chapter VIII – Other ICO guidance

Appendix 1 – The PIA screening questions

Appendix 2 – Data protection compliance checklist template

Appendix 3 – PECR compliance checklist template

Appendix 4 – Privacy strategies

Part I Background information