Privacy Impact Assessments

 

What is a Privacy Impact Assessment?

Under section 69 of the Freedom of Information and Protection of Privacy Act, public bodies (including UNBC) must complete a Privacy Impact Assessment for new and changing activities, initiatives, programs, projects, and systems.  Privacy Impact Assessments support UNBC by ensuring personal information under the custody and control of UNBC is adequately protected, handled transparently, handled with accountability, and disposed of when no longer required.

If Privacy Impact Assessments are completed early in the project timeline, they can provide current and future cost savings by identifying privacy risks early to prevent investment in information management practices, products, and services that do not meet FIPPA requirements. The PIA can make the difference between privacy invasive and privacy enhancing initiatives.

The PIA process is also designed as an education and accountability tool.  The drafter or project manager needs to know all of the details regarding how information is managed on internal systems, in software, and by service providers.  The drafter or project manager must be able to communicate information management practices concisely and transparently before the PIA can be completed. UNBC, and the individual departments within UNBC, are responsible for managing personal information in our custody and control, even if the personal information is in the custody of external service providers or contractors.

Are you planning to implement a new activity, initiative, program, project or system? Complete your PIA today!

Please provide at least two weeks in your project timeline before any implementation to allow adequate review and feedback.  This additional time allows the university the time to address questions and clarify any concerns before the project deadline.  The Information Governance Officer will schedule a meeting with you to go through the questions to ensure all required information is captured. If you have any questions about completing PIAs at UNBC or about privacy protection practices required at UNBC under the Act, please contact privacy@unbc.ca for support or visit https://www.unbc.ca/foippa for more details.

For more information on Privacy Impact Assessments in British Columbia, please visit: http://www2.gov.bc.ca/gov/content/governments/services-for-government/information-management-technology/privacy/privacy-impact-assessments