Privacy Impact Assessments, or PIAs, are the ideal tool for assessing new initiatives, whether technical, policy or legislative.
When it comes to PIAs, we can literally say: “we wrote the book”. In 2009 we were commissioned by Privacy Victoria to revise and update their PIA Guide and develop additional practical material. Our revised PIA Guide and two accompanying practical tools – a template PIA Report and a comprehensive list of common privacy risks and mitigation strategies – were launched by the Privacy Commissioner in May 2009 to mark Privacy Awareness Week.
In 2010 an international evaluation rated our PIA Guide amongst the best in the world, and said to “stand out as best practice”. A 2011 report for the European Commission also reviewed our PIA Guide and accompanying tools and noted their breadth of scope and application.
We believe a PIA should do more than just assess a proposed project’s likely compliance with statutory privacy principles. It should also assess the privacy control environment – the policies, procedures and structures which affect accountability for privacy compliance – and wider community concerns and perceptions about the initiative.
The PIA process describes and de-mystifies the initiative, identifies and analyses the privacy implications, and leads to recommendations for minimising privacy intrusion, and maximising privacy protection – while ensuring the initiative’s objectives are met.
In April 2009 Salinger Privacy was prequalified by AGIMO for streamlined Australian Government procurement in relation to Project Governance, and Business Case Analysis and Development. PIAs may fit into either of these categories.
Significant PIAs we have completed for the Australian Government include:
- Department of Families, Housing, Community Services and Indigenous Affairs – on the $1 billion launch of the historic National Disability Insurance Scheme, in conjunction with Minter Ellison Lawyers
- Department of Health – on the $466M personally controlled electronic health record (PCEHR) system in 2011, and on the proposal to shift to an opt-out model in 2015, in conjunction with Minter Ellison Lawyers
- The National E-Health Transition Authority – on the public key infrastructure being developed as part of the National Authentication Service for Health, in conjunction with Minter Ellison Lawyers
- Treasury – on a three-year, $32M project with IBM to develop Standard Business Reporting
- Innovation – on the development of a national Unique Student Identifier for the vocational education and training sector, in conjunction with Minter Ellison Lawyers
- AusCheck – the development of a generic national security background check
- Attorney General’s Department – the Anti-Money Laundering and Counter-Terrorism Financing Bill and Rules
- AusCheck – background checking for security and identity cards in the Aviation and Maritime industries, and
- Australian Communications & Media Authority – the ENUM (Electronic Telephone Numbering) Trial.
PIAs we have completed for the Victorian Government include:
- the Victorian Government Department of Primary Industries – on the rollout of smart electricity metering in Victoria, in conjunction with Lockstep Consulting
- the Victorian Department of Education and Early Childhood Development, on the $60M Ultranet project
- the Victorian Department of Health (HealthSMART program), on the implementation of its integrated Patient and Client Management System, in conjunction with Lockstep Consulting, and
- VicRoads, on the RandL project, which will provide a common application platform for registration and licensing processes in three agencies. RandL is a large-scale project with a scheduled completion date of late 2012.
PIAs we have completed for the NSW Government include:
- the Ministry for Health – on new models for data linkage for the Centre for Health Record Linkage
- Service NSW – on the Digital Licensing Program
- the Department of Education – on aspects of the design and implementation of a Business Intelligence system for the Centre for Education Statistics and Research
- the Ministry for Police & Emergency Services – on a pilot program
- the University of Technology, Sydney – on a datamart and business intelligence program, and
- the Cancer Institute NSW – on aspects of the design and implementation of their BreastScreen Information System in 2013, and on design and implementation of an Institute Data Warehouse in 2015.