Privacy Impact Assessments (PIAs) are key to managing privacy risk and regulatory compliance, whilst protecting the privacy of your consumers and your organisation’s reputation. They are an essential tool for assessing the privacy impacts of new initiatives, products, solutions and services and identifying ways of mitigating any potential issues.
Privacy impact assessments may be required for projects such as systems implementations, product rollouts or process enhancements which involve changes to the way you process of personal information. Privacy impact assessments may also be required if there is a change to relevant laws, or if you are selling your product into a new international market. Even if not required by legislation, PIAs are a great tool to help identify privacy issues and solutions early in the process and ensure that your products or services are more robust, futureproof and successful in ensuring privacy protections.
Conducting PIAs is an essential part of building a Privacy by Design culture for your organisation.
Privacy 108’s approach to PIAs considers technological issues as well as the relevant legal or compliance concerns. Our experienced team of lawyers and information security experts are well-equipped to identify, analyse, and mitigate against a full range of potential privacy issues.
Our expertise includes:
Our privacy impact assessments are comprehensive and practical, as such, they all include future-focused recommendations and actionable steps.
Our team will make it as simple as possible to complete your PIA. We have a range of templates, resources and tools that we use to ensure we deliver a PIA that meets your needs and ensures that privacy compliance is ‘built-in’ to your products, services and business processes and not just cobbled up as an afterthought.
Our approach to undertaking a PIA includes the following:
We offer our PIA services as either an iterative planning tool that can inform decision making throughout a project, or as a point-in-time analysis.
Our team can also work with you to embed a PIA process into your business. To do that, our team would undertake the following:
For further information on Privacy Impact Assessments see our FAQ’s at the bottom of this page.
The deliverable from a PIA, is a detailed report. Our team works with you to make sure we understand all your requirements, and to ensure our report meets your needs.
Typically, the Privacy 108 PIA report will include:
Our team is happy to work with you on developing PIA remediation plans and implementing recommendations.
We try to make our costs as transparent as possible but as Privacy Impact Assessments can vary greatly in their complexity depending on the underlying project, each engagement needs to be costed individually.
Our rates are competitive and will be supported by a detailed quote that specifies the work we will undertake and the deliverables you will receive.
We are more than happy to discuss your PIA with you and come up with a fully costed proposal at no cost to you.
Collection, storage, use, or disclosure of personal information comes with an element of risk. Managing privacy is crucial for organisations who want to comply with their legal obligations. Yet in many cases, consumers expect organisations to go further than what the regulators require. Building and maintaining consumer trust takes transparency and a strong culture of privacy.
Privacy Impact Assessments promote trust, mitigate risk, and aid organisational decision making. Using the insights gleaned from a PIA, your organisation can implement better processes, better technologies, and a better privacy framework.
Determining whether a privacy impact assessment is necessary is another emerging issue. In some cases, you will be required to perform a Data Protection Impact Assessment, also referred to as a DPIA under the GDPR. In others, you may wish to undertake a PIA to protect your organisation’s reputation or to reduce the risk of a privacy breach.
Many providers propose a two-stage assessment in determining whether a PIA is required: a threshold test that queries whether personal information will be collected, used, stored, or disclosed, followed by a more comprehensive analysis. However, this approach doesn’t take risk appetite into account. Low-risk appetite can lead to every activity going through a Data Privacy Impact Assessment, which can be time-consuming, cumbersome and clumsy. Conversely, a high-risk appetite can lead to legitimate privacy issues being overlooked, which can have expensive consequences.
We work with you to first determine whether you need a privacy impact assessment, giving you the tools to make these determinations for yourself in the future.
A Privacy Impact Assessment is a tool used by organisations looking to understand and evaluate privacy risk. PIAs allow you to continually assess, analyse, and manage privacy risk and privacy challenges in your organisation.
PIAs are not a one-off compliance exercise, though they can be used to provide point-in-time risk assessments. We prefer the view that PIAs should form part of your organisation’s core planning tools. Privacy Impact Assessments can be used to:
Some organisations, particularly those in the public sector, are required to undertake Privacy Impact Assessments. Increasingly, though, private organisations are relying on Privacy Impact Assessments to mitigate risk and aid organisational decision making.
More than this, undertaking a PIA is best practice where personal data is being collected, used, stored, or disclosed. The risks of not performing a PIA include legal compliance issues, privacy breaches, loss of credibility or reputational damage, perceived (or actual) lack of transparency, increased costs of compliance, and band-aid solutions that aren’t suited to long-term privacy priorities. Since PIAs can be relatively straightforward if there aren’t significant privacy concerns, the benefits of undertaking a PIA typically outweigh any drawbacks. This is especially true if you rely on a privacy provider who provides practical, future-focused solutions – like Privacy 108.
Finally, PIAs are an important part of the privacy by design process. They support the early identification and management of privacy protective and enhancing solutions. By performing PIAs early and often, you create a culture of privacy that will provide benefits to your organisation and to your consumers, today and into the future.
For more on how Privacy 108 can help with Privacy by Design.
There are significant benefits of incorporating PIAs into your ‘business as usual’ processes and for undertaking them in advance of your next project. Some of the benefits of a privacy impact assessment include:
There are plenty of Privacy Impact Assessment templates available online. So, why would you choose Privacy108 for your PIA? Because we streamline the process of assessing your risk.
Privacy108 understand both information security and privacy law. We approach your PIA from a legal and IT perspective, assessing risk holistically and developing practical solutions to mitigate privacy risk.
Our approach recognises that PIAs should not be undertaken on a one-size-fits-all basis. Your Privacy108 PIA will contemplate your individual risk profile, timeline, budget, and IT infrastructure. We’re uniquely placed to oversee your privacy compliance from project initiation to end, but we’re equally happy to provide point-in-time assessments and provide an implementable action plan.
Privacy108 is owned and led by one of Australia’s leading security and privacy professionals, Dr Jodie Siganto. The Privacy108 team includes lawyers, consultants and trainers who between them hold many years of experience in delivering privacy and security solutions for Australian organisations.
We have worked as in-house counsel and senior executives, and understand the pressures faced by executives, CISOs, Chief Privacy Officers, procurement teams and in-house lawyers. Our team’s industry experience is complemented by extensive legal knowledge and a desire to assist our clients with high quality practical advice.