A privacy impact assessment (PIA) is a way for organisations to assess and address privacy risks when they’re collecting, using, or sharing personal information. 

Doing a PIA will help your organisation:

• check whether your project complies with privacy laws
• identify and minimise privacy risks (e.g. data breaches)
• give customers or clients certainty that their information is safe
• improve your information management systems.

There are real risks for your organisation if your project involves personal information, or intrudes on people’s privacy, and you don’t do a PIA. We’ve developed tools and documents (listed below) to help you succeed.

• If you’re unsure whether you need to do a full PIA, use this brief privacy analysis template to help you decide.
• How to do a Privacy Impact Assessment: A step-by-step guide to successfully completing a privacy impact assessment.
• Privacy Impact Assessment template:A template document to work through your project’s privacy impacts.
• Examples of Risks and Mitigations: These examples of common privacy risks and mitigations can help you work through the risk and mitigation table.
• Risk and Mitigation Table template: A template risk and mitigation table to help you identify, describe, and manage potential privacy risks involved in your project.