Privacy Impact Assessment – An Introduction

Privacy

According to The Cambridge Dictionary ‘Privacy’ is defined as “someone’s right to keep their personal matters and relationships secret”. This should be taken to mean that people would like to share information selectively. Informational privacy is the ability of a person to control, edit, manage and delete information about themselves. The person should also be able to  decide how and to what extent such information is communicated to others.

Information Sharing

There are several theories about what constitutes privacy and its application in different cultures. I will not consider these as part of the blog posts. We do not  want to share our personal information with all and sundry. However, in today’s modern world, we share a lot of information with everyone; friends, organisations that we work with, the Government and others. We feel that the information thus shared will remain within the boundaries of the relationship. We share personal information in exchange for services, buying an air ticket, or earnings for tax purposes. We feel dismayed when this doesn’t happen and we should be assured of a decent level of protection when this sharing happens.

Collect just enough information (Short version)

When personal information is to be collected in the course of business working, an organisation must ensure that the collected data is relevant. Organisations should  consider a privacy by design approach. According to the Information Commissioner’s Office (https://ico.org.uk/), Privacy Impact Assessments (PIAs) are a tool, which can help organisations identify the most effective way to comply with their data protection obligations and meet individuals’ expectations of privacy. An effective privacy impact assessment will help an organisation to identify and fix problems at an early stage. This will reduce costs and damage to reputation that may possibly occur.

In future blog posts I intend to cover the PIA process in some detail.