Privacy Impact Assessments

Privacy Impact Assessments, or PIAs, are the ideal tool for assessing new initiatives, whether technical, policy or legislative.

When it comes to PIAs, we can literally say: "we wrote the book".  In 2009 we were commissioned by Privacy Victoria to revise and update their PIA Guide and develop additional practical material.  Our revised PIA Guide and two accompanying practical tools - a template PIA Report and a comprehensive list of common privacy risks and mitigation strategies - were launched by the Privacy Commissioner in May to mark Privacy Awareness Week.  In 2010 an international evaluation rated our PIA Guide amongst the best in the world, and said to "stand out as best practice".

We believe a PIA should do more than just assess a proposed project’s likely compliance with statutory privacy principles. It should also assess the privacy control environment – the policies, procedures and structures which affect accountability for privacy compliance – and wider community concerns and perceptions about the initiative.

The PIA process describes and de-mystifies the initiative, identifies and analyses the privacy implications, and leads to recommendations for minimising privacy intrusion, and maximising privacy protection – while ensuring the initiative’s objectives are met.

In April 2009 Salinger Privacy was prequalified by AGIMO for streamlined Australian Government procurement in relation to Project Governance, and Business Case Analysis and Development.  PIAs may fit into either of these categories.

Significant PIAs we have completed for the Australian Government include:
  • Department of Health and Ageing - on the $466M personally controlled electronic health record (PCEHR) system, in conjunction with Minter Ellison Lawyers; the PIA is published here and the Government's response is here
  • Treasury - on a three-year, $32M project with IBM to develop Standard Business Reporting
  • AusCheck - the development of a generic national security background check
  • Attorney General's Department - the Anti-Money Laundering and Counter-Terrorism Financing Bill and Rules
  • AusCheck - background checking for security and identity cards in the Aviation and Maritime industries, and
  • Australian Communications & Media Authority - the ENUM (Electronic Telephone Numbering) Trial.

PIAs we have completed for the Victorian Government include:

  • the Victorian Government Department of Primary Industries - on the rollout of smart electricity metering in Victoria, in conjunction with Lockstep Consulting; PIA published here
  • the Victorian Department of Education and Early Childhood Development, on the $77M Ultranet project
  • the Victorian Department of Health (HealthSMART program), on the implementation of its integrated Patient and Client Management System, in conjunction with Lockstep Consulting, and
  • VicRoads, on the RandL project, which will provide a common application platform for registration and licensing processes in three agencies. RandL is a large-scale project with a scheduled completion date of late 2012.

 Here's what our client said about the benefits of our first PIA for AusCheck:

"The PIA findings and recommendations are a valuable resource to AusCheck and have assisted in the refining and enhancing of AusCheck’s business processes. Documentation of the PIA investigation, analysis, assessment and findings has formed a useful review and decision-making tool for AusCheck."

AusCheck accepted 63 of our 65 recommendations, and were subsequently recognised in the Australian Privacy Commissioner's 2008 Privacy Awards for their commitment to good privacy practice. 

To see our second PIA for AusCheck, on the development of a generic national security background check, go to the Attorney General's Department website and look for AusCheck under "All topics A-Z".
 
© Salinger Consulting Pty Ltd - ABN 84 110 386 537
  Site Map