Privacy Impact Assessments (PIAs)

A Privacy Impact Assessment (PIA) is a risk management tool designed to evaluate how a system, program, or activity collects, uses, and discloses personal information. Its purpose is to identify and mitigate potential privacy risks, ensuring compliance with the Freedom of Information and Protection of Privacy Act and alignment with privacy best practices.

When is a PIA required?

Effective July 1, 2025, a Privacy Impact Assessments (PIA) is mandatory for any collection of personal information. This requirement applies to all new systems, program, or activities, as well as material modifications to existing ones, that involve the collection of personal information. A PIA must be completed in advance, and all risk prevention and mitigation measures identified in the assessment must be implemented prior to the collection of personal information – or, if not feasible, within a reasonable timeframe afterward. This requirement covers the collection of any personal information, including but not limited to students, applicants, alumni, donors, campers, etc.  

Please note that an updated PIA is required whenever there is a significant change in the purpose for which personal information is used or disclosed. A PIA is living document that should be regularly reviewed and updated as a project evolves or organizational goals shift, ensuring ongoing alignment with privacy requirements and best practices.

When should the PIA be completed?

We strongly recommend initiating the PIA process early in your project lifecycle, when plans are flexible and can be adjusted based on the findings of the assessment. Taking a proactive approach ensures that privacy is thoughtfully integrated into your project from the outset. This helps identify and address potential risks early, embed privacy and security measures seamlessly, and avoid delays caused by late-stage changes or compliance issues.

Please click here to access the Privacy Impact Assessment Form along with other valuable resources to support your compliance efforts. 

Need support? We're here to help.

For inquiries, clarifications regarding this requirement, or to provide feedback, please contact the Privacy Office at privacy.office@uwo.ca. We are committed to supporting your compliance with privacy obligations.