Privacy Impact Assessments, or PIAs, are the ideal tool for assessing new initiatives, whether technical, policy or legislative.
When it comes to PIAs, we can literally say: “we wrote the book”. In 2009 we were commissioned by Privacy Victoria to revise and update their PIA Guide and develop additional practical material. Our revised PIA Guide and two accompanying practical tools – a template PIA Report and a comprehensive list of common privacy risks and mitigation strategies – were launched by the Privacy Commissioner in May 2009 to mark Privacy Awareness Week.
In 2010 an international evaluation rated our PIA Guide amongst the best in the world, and said to “stand out as best practice”. A 2011 report for the European Commission also reviewed our PIA Guide and accompanying tools and noted their breadth of scope and application.
We believe a PIA should do more than just assess a proposed project’s likely compliance with statutory privacy principles. It should also assess the privacy control environment – the policies, procedures and structures which affect accountability for privacy compliance – and wider community concerns and perceptions about the initiative.
The PIA process describes and de-mystifies the initiative, identifies and analyses the privacy implications, and leads to recommendations for minimising privacy intrusion, and maximising privacy protection – while ensuring the initiative’s objectives are met.
In April 2009 Salinger Privacy was prequalified by AGIMO for streamlined Australian Government procurement in relation to Project Governance, and Business Case Analysis and Development. PIAs may fit into either of these categories.
PIAs we have prepared for the Australian Government include:
- Australian Taxation Office – on a secure analytics platform for trusted users to access tax data
- Department of Families, Housing, Community Services and Indigenous Affairs – on the $1 billion launch of the historic National Disability Insurance Scheme, in conjunction with Minter Ellison Lawyers
- Department of Health – on the $466M personally controlled electronic health record (PCEHR) system in 2011, and on the proposal to shift to an opt-out model in 2015, in conjunction with Minter Ellison Lawyers
- The National E-Health Transition Authority – on the public key infrastructure being developed as part of the National Authentication Service for Health, in conjunction with Minter Ellison Lawyers
- Treasury – on a three-year, $32M project with IBM to develop Standard Business Reporting
- Innovation – on the development of a national Unique Student Identifier for the vocational education and training sector, in conjunction with Minter Ellison Lawyers
- AusCheck – the development of a generic national security background check
- Attorney General’s Department – the Anti-Money Laundering and Counter-Terrorism Financing Bill and Rules
- AusCheck – background checking for security and identity cards in the Aviation and Maritime industries, and
- Australian Communications & Media Authority – the ENUM (Electronic Telephone Numbering) Trial.
PIAs for the Victorian Government include:
- the Victorian Department of Premier and Cabinet – Privacy by Design advice on the establishment of the Centre for Data Insights
- the Victorian Department of Health and Human Services – on the development of a Family Violence Information Portal
- the Victorian Department of Health and Human Services – on the proposed operations of the Office of Medicinal Cannabis
- the Victorian Department of Primary Industries – on the rollout of smart electricity metering in Victoria, in conjunction with Lockstep Consulting
- the Victorian Department of Education and Early Childhood Development, on the $60M Ultranet project
- the Victorian Department of Health (HealthSMART program), on the implementation of its integrated Patient and Client Management System, in conjunction with Lockstep Consulting, and
- VicRoads, on the RandL project, which will provide a common application platform for registration and licensing processes in three agencies. RandL is a large-scale project with a scheduled completion date of late 2012.
PIAs for the NSW Government include:
- the Ministry for Health – on new models for data linkage for the Centre for Health Record Linkage
- Service NSW – on a proof-of-concept for the Digital Licensing Program
- the Department of Education – on aspects of the design and implementation of a Business Intelligence system in 2014, and on the plans for Phase 2 in 2016
- the Department of Education and Board of Studies, Teaching & Educational Standards – on the NSW Government involvement in NAPLAN Online
- the Ministry for Police & Emergency Services – on a pilot program
- the University of Technology, Sydney – on a datamart and business intelligence program, and
- the Cancer Institute NSW – on aspects of the design and implementation of their BreastScreen Information System in 2013, and on design and implementation of an Institute Data Warehouse in 2015.
PIAs for the private sector include:
- Lorica Health Pty Ltd – on the design of a new platform for analysing health claims data