Privacy Impact Assessments (PIAs)

What is a Privacy Impact Assessment (PIA)?

A Privacy Impact Assessment (PIA) is a tool that helps determine if new programs or services or changes to existing programs or services meet basic privacy requirements. In essence, it is a framework to manage privacy risks. A PIA is different from other tools (e.g. privacy policy) in that it is project-based and can help evaluate a project, system or initiative in order to identify issues with respect to the impact (actual or potential) on individual privacy.

In addition, a PIA can be used to review how well current services or programs comply with current rules, laws and policies relating to the protection of personal information and determine where improvements may be needed.


Do I Need a PIA?

It is recommended that units consider completing a PIA in the early stages of the design of new programs or services or when making significant changes to existing programs or services if personal information will be collected, used or disclosed as part of the program or service.

Note that “Personal Information” means recorded information about an identifiable individual. An individual’s personal information includes information regarding race, gender, home address, medical history, education history, identifying numbers (e.g. SIN, employee number, student number, etc.), financial or employment information; personal opinions; completed assignments and exams; and grades, comments and evaluations provided by an instructor. 

For more information, or if you would like to discuss the applicability of a PIA to your project, please contact Western’s Information and Privacy Office.