Privacy risk
By utnvrrv, on 16 May 2017
Previously
We looked at what information privacy is and how information sharing affects us all. We also had a brief look at what Privacy Impact Assessment (PIA) is and its contribution to the organisation in terms of safeguarding reputation and reducing costs.
This blog piece covers the basic aspects of a PIA.
Privacy Risk
Privacy risk is the risk of harm arising through an intrusion of privacy. Privacy harm can be caused through the use or misuse of personal information. This harm can be quantifiable or tangible; an individual could lose their job. It could also be less tangible; damage to personal relationships. Going a bit further, what might not be a great harm to an individual a cumulative loss of data could be a huge damage to society.
Some of the ways that this can arise by personal information:
- being inaccurate, insufficient or out of date,
- excessive or irrelevant
- kept for too long
- disclosed to inappropriate individuals;
- used in ways that are unexpected or unacceptable to the person it is about; or
- not kept securely
The outcome of a PIA should be the minimisation of privacy risk. This involves the understanding of what constitutes privacy and privacy risk. There is no one size fits all as one can imagine. Data collection for visa issuance is far different than that for an admission process even though personal information is collected in both situations. Thus privacy risk involves an understanding of the relationship between the organisation and the individual.
Something to think about .
Does your organisation need to be aware of obligations under the Human Rights Act?
If so, use a PIA to ensure that any actions that interfere with the right ot private life are necessary a proportionate.
That’s all for this blog! In the next blog, I intend to cover the benefits of a PIA and whose responsibility it is of conducting a PIA
Further reading:
https://ico.org.uk/media/for-organisations/documents/1595/pia-code-of-practice.pdf