Griffin Legal endorses the ‘privacy by design’ approach, whereby agencies proactively embed good privacy practices into the design of new technology, practices and infrastructure.
It remains important that evolving and adapting agencies keep privacy at the forefront of their minds. A privacy impact assessment (PIA) is a good way to build up privacy.
What is a PIA?
A PIA is a systematic assessment of a project that helps identify and assess a project’s privacy risks early, and sets out recommendations for managing, minimising or eliminating those risks.
The benefits of undertaking a PIA early in a project include compliance with privacy laws, transparency, reducing future resource costs and minimising the risk of negative publicity, increasing internal privacy awareness and good risk management processes.
When to undertake a PIA
Under the Australian Government Agencies Privacy Code, an agency must conduct a PIA for all high privacy risk projects. A project may be a high privacy risk if it involves a new or changed way of handling personal information that is likely to have a significant impact on the privacy of individuals.
For example, a PIA may be required when:
- introducing a new ICT system or transitioning to a new provider
- changing methods for service delivery
- considering a new or amended system for data storage.
PIAs are not always necessary and can be short or complex, depending on the amount of personal information affected and the level of risk. PIAs can be revisited and updated to account for changes to information handling.
Reach out to Griffin Legal if you would like to discuss a PIA or other ways to build in ‘privacy by design’.