A privacy impact assessment (PIA) is a process of analysis that helps to identify and address potential privacy risks that may occur in the operation of a new or redesigned project. A PIA is meant for proposed legislative schemes, administrative practices and/or information systems that relate to the collection, use or disclosure of individually identifying personal or health information.
Section 64 of the Health Information Act (HIA) requires submission of a PIA for review by the OIPC.
Under the Freedom of Information and Protection of Privacy Act and Personal Information Protection Act, the OIPC encourages public bodies and organizations to submit PIAs for projects that involve the collection, use and disclosure of personal information, particularly with respect to information sharing initiatives involving multiple parties.
The Privacy Impact Assessment Requirements guide was developed to assist in the process of completing a PIA.
Important to note, the OIPC does not "approve" a PIA submitted to the office. Once satisfied that the public body, custodian or organization has addressed the relevant privacy considerations the OIPC will "accept" the PIA which acknowledges that reasonable efforts to protect privacy have been made. A PIA cannot be used to obtain a waiver of or relaxation from any requirement of the relevant legislation.
If you have detailed questions about submitting a PIA please contact the office.
The following documents list all accepted PIAs since January 1, 2017:
To view archived lists, please click here.
The following lists include the accepted PIAs during the annual reporting period (April 1 to March 31):
Copyright 2019 OIPC. All rights reserved.