The Information Commissioner’s Office (ICO) has recently published its updated privacy impact assessments code of practice. The updated code includes useful guidance on when a privacy impact assessment (PIA) should be carried out and actions to consider at each stage of the process. It also offers some tips on measures that can be taken to reduce privacy risk.
PIAs are recommended when carrying out any project involving personal data or if changing the way in which personal data is used by an organisation. A PIA can help identify issues at an early stage and avoid being in breach of the Data Protection Act (DPA). It will also avoid wasted costs and resources from having to make changes to a project part way through or once completed if it turns out that there is a data protection issue. PIAs are also useful as they can be a way of demonstrating to the ICO that activities comply with the DPA.