Privacy Impact Assessment

Privacy Impact Assessment

Business Issue
Confidentiality issues are paramount for a number of organizations that receive, store, and manage information about public individuals and organizations. Ensuring that appropriate controls, procedures and policies are in place is part of a Privacy Impact Assessment analysis that can be done to protect and contain this information.

Solution
We assist organizations with ensuring that appropriate activity is performed in order to ensure that Privacy controls are in place. Specifically, to meet basic business requirements of information privacy protection, an organization must:

1) Demonstrate accountability regarding protection of personal information, and personal health information. This is accomplished by:

  • Designating one or more individuals to spearhead and maintain privacy compliance throughout an organization
  • Creating policies and procedures to give affect to industry-accepted privacy best practices
  • Training employees and partners on the organization’s policies and procedures
  • Contractually obligating partners (including contractors and consultants) to protect the privacy of personal information, or personal health information
  • Ensuring that individuals can have access to their personal information or personal health information records, and that they have a way to correct erroneous information about them
  • Ensuring that individuals know about an organization’s privacy practices, and that they have a way to challenge compliance with those practices

2) Demonstrate compliance with privacy laws and industry-accepted privacy best practices. This is accomplished by

  • Having methods in place to limit collection, use, disclosure and retention of personal information, and personal health information
  • Obtaining and honouring consent to collect, use, disclosure or retain personal information or personal health information
  • Safeguarding personal information and personal health information through use of PETS (e.g. authentication, authorization, access controls, encryption, data classification, trust, etc.)


In order to meet these requirements, organizations need to have a strong understanding of:

  • Privacy laws which apply to them
  • Industry best practices related to privacy
  • Sensitivity levels associated with the information assets that support their organizational objectives
  • Existing privacy controls
  • Privacy gaps

Combining the knowledge of asset criticality, vulnerability and existing controls inherently drives out risk; and once identified, any further controls and mechanisms can be identified to help lessen or even mitigate that risk.


Contact us!
If you would like to know more about how we are assisting clients with Privacy Impact Assessments, then contact us at 1-877-824-4412 or via email to: This e-mail address is being protected from spambots. You need JavaScript enabled to view it .