Privacy Impact Assessment, or PIA, is a comprehensive tool for assessing new initiatives, whether technical, policy or legislative.
(If you are looking for tools to help you conduct your own PIAs, see our Compliance Kits.)
When it comes to PIAs, we can literally say: “we wrote the book”. In 2009 we were commissioned by Privacy Victoria to revise and update their PIA Guide and develop additional practical material. Our revised PIA Guide and two accompanying practical tools – a template PIA Report and a comprehensive list of common privacy risks and mitigation strategies – were launched by the Privacy Commissioner in May 2009 to mark Privacy Awareness Week. In 2010 an international evaluation rated our PIA Guide amongst the best in the world, and said to “stand out as best practice”. A 2011 report for the European Commission also reviewed our PIA Guide and accompanying tools and noted their breadth of scope and application.
We believe a PIA should do more than just assess a proposed project’s likely compliance with statutory privacy principles. It should also assess the privacy control environment – the policies, procedures and structures which affect accountability for privacy compliance – and wider community concerns and perceptions about the initiative.
The PIA process describes and de-mystifies the initiative, identifies and analyses the privacy implications, and leads to recommendations for minimising privacy intrusion, and maximising privacy protection – while ensuring the initiative’s objectives are met.
Depending on the nature of the engagement, our PIAs may incorporate Privacy by Design advice during project ideation or design sprints, algorithmic impact assessment, and/or re-identification risk assessment.
Salinger Privacy is an approved supplier to the Australian, NSW and Victorian governments for services including PIAs; see our list of current tendering panels.
PIAs we have prepared for the Australian Government include:
- Australian Taxation Office – on a secure analytics platform for trusted users to access the longitudinal tax dataset known as ‘ALife’; and on later plans to expand the scope of ALife
- Australian Securities & Investments Commission – on aspects of their Regulatory Transformation Program; and on the implementation of a Data Lake
- Department of Families, Housing, Community Services and Indigenous Affairs – on the $1 billion launch of the historic National Disability Insurance Scheme, in conjunction with Minter Ellison Lawyers
- Department of Health – on the $466M personally controlled electronic health record (PCEHR) system in 2011, and on the proposal to shift to an opt-out model in 2015, in conjunction with Minter Ellison Lawyers
- The National E-Health Transition Authority – on the public key infrastructure being developed as part of the National Authentication Service for Health, in conjunction with Minter Ellison Lawyers
- Fair Work Ombudsman – on development of a new CRM system; and on the implementation of an eDiscovery platform
- Treasury – on a three-year, $32M project with IBM to develop Standard Business Reporting
- Innovation – on the development of a national Unique Student Identifier for the vocational education and training sector, in conjunction with Minter Ellison Lawyers
- Attorney General’s Department – the Anti-Money Laundering and Counter-Terrorism Financing Bill and Rules
- AusCheck – the development of a generic national security background check and background checking for security and identity cards in the Aviation and Maritime industries, and
- Australian Communications & Media Authority – the ENUM (Electronic Telephone Numbering) Trial.
PIAs for the Victorian Government include:
- the Victorian Department of Premier and Cabinet – Privacy by Design advice on the establishment of the Centre for Data Insights
- Service Victoria – on the identity management and customer service standards and account capabilities of its online platform
- the Victorian Department of Health and Human Services – various PIAs since 2016, including on the development of a Family Violence Information Portal, and again on the design of Phase 2 of the Portal, as well as on the proposed operations of the Office of Medicinal Cannabis
- the Transport Accident Commission – a number of PIAs on third party service providers
- the Victorian Department of Primary Industries – on the rollout of smart electricity metering in Victoria, in conjunction with Lockstep Consulting, and
- the Victorian Department of Education and Early Childhood Development – on the $60M Ultranet project.
PIAs for the NSW Government include:
- the NSW Department of Premier and Cabinet – on a multi-jurisdictional project involving data linkage and analytics in the health and disability sector
- the NSW Department of Family and Community Services – on a complex, multi-jurisdictional project to develop a real-time national child protection information-sharing system
- the NSW Department of Education – various PIAs since 2014, including on the establishment of the Centre for Education Statistics & Evaluation; on aspects of the design and implementation of a Business Intelligence system; on NAPLAN Online; on the state-wide student health and wellbeing ‘Tell Them From Me’ survey; and on the design and implementation of the PLAN2 literacy and numeracy support tool
- the NSW Ministry for Health – on the Lumos Program, which links patient data across primary and acute care to create the Lumos Data Asset; on new models for data linkage for the Centre for Health Record Linkage; and on the NSW Health Statewide Biobank
- the NSW Department of Customer Service – on the development of a Strata Hub
- Service NSW – on a proof-of-concept for the Digital Licensing Program; on the Strata Portal; and on the Digital Licence Application Process for Asbestos and Demolition Licences
- the NSW Ministry for Police & Emergency Services – on a pilot program
- the University of Technology, Sydney – on a datamart and business intelligence program, and
- the Cancer Institute NSW – various PIAs since 2013, including on aspects of the design and implementation of the BreastScreen Information System, on the design and implementation of an Institute Data Warehouse, the Optimising Cancer System and Information Program, the Pap Test Register interim service, the management of social media pages, the management of the NSW Cancer Registry, and the design of an iCanQuit chatbot.
PIAs for other organisations include:
- Super Retail Group – on a project affecting customer loyalty programs across four leading retail brands
- Rio Tinto – miscellaneous projects over a 3 month secondment
- Ambiata – on a platform for secure data-sharing and analytics
- Lorica Health Pty Ltd – on the design of a new platform for analysing health claims data
- Ernst & Young – on the design of a website and portal for the NDIS
- Copyright Agency – on the design of an Automated Data Collection System, for capturing details of copyrighted material copied in schools
- Kambala – on the development of the Edumate Education Management System
- Queensland Department of Child Safety, Youth and Women and the Department of Youth Justice – development of an Information Privacy Strategy and Approach for the Unify Program and PIAs on each ‘product’ designed for a coordinated client management system for use by both departments (the Unify System)