Privacy Impact Assessments

Privacy Impact Assessments, or PIAs, are the ideal tool for assessing new initiatives, whether technical, policy or legislative.

When it comes to PIAs, we can literally say: "we wrote the book".  In 2009 we were commissioned by Privacy Victoria to revise and update their PIA Guide and develop additional practical material.  Our revised PIA Guide and two accompanying practical tools - a template PIA Report and a comprehensive list of common privacy risks and mitigation strategies - were launched by the Privacy Commissioner in May 2009 to mark Privacy Awareness Week. 

In 2010 an international evaluation rated our PIA Guide amongst the best in the world, and said to "stand out as best practice".  A 2011 report for the European Commission also reviewed our PIA Guide and accompanying tools and noted their breadth of scope and application.

We believe a PIA should do more than just assess a proposed project’s likely compliance with statutory privacy principles. It should also assess the privacy control environment – the policies, procedures and structures which affect accountability for privacy compliance – and wider community concerns and perceptions about the initiative.

The PIA process describes and de-mystifies the initiative, identifies and analyses the privacy implications, and leads to recommendations for minimising privacy intrusion, and maximising privacy protection – while ensuring the initiative’s objectives are met.

In April 2009 Salinger Privacy was prequalified by AGIMO for streamlined Australian Government procurement in relation to Project Governance, and Business Case Analysis and Development.  PIAs may fit into either of these categories.

Significant PIAs we have completed for the Australian Government include:

PIAs we have completed for the Victorian Government include:

  • the Victorian Government Department of Primary Industries - on the rollout of smart electricity metering in Victoria, in conjunction with Lockstep Consulting; PIA published here
  • the Victorian Department of Education and Early Childhood Development, on the $60M Ultranet project
  • the Victorian Department of Health (HealthSMART program), on the implementation of its integrated Patient and Client Management System, in conjunction with Lockstep Consulting, and
  • VicRoads, on the RandL project, which will provide a common application platform for registration and licensing processes in three agencies. RandL is a large-scale project with a scheduled completion date of late 2012.

PIAs we have completed f
or the NSW Government include:
  • the Department of Education and Communities - on aspects of the design and implementation of a Business Intelligence system
  • the University of Technology, Sydney - on a datamart and business intelligence program, and
  • the Cancer Institute NSW - on aspects of the design and implementation of their BreastScreen Information System.
Here's what our clie
nt said about the benefits of our first PIA for AusCheck:

"The PIA findings and recommendations are a valuable resource to AusCheck and have assisted in the refining and enhancing of AusCheck’s business processes. Documentation of the PIA investigation, analysis, assessment and findings has formed a useful review and decision-making tool for AusCheck."

AusCheck accepted 63 of our 65 recommendations, and were subsequently recognised in the Australian Privacy Commissioner's 2008 Privacy Awards for their commitment to good privacy practice. 

To see our second PIA for AusCheck, on
the development of a generic national security background check, go to the Attorney General's Department website and look for AusCheck under "All topics A-Z".


 
© Salinger Consulting Pty Ltd - ABN 84 110 386 537
  Site Map