On August 6, 2013, the UK Information Commissioner's Office
(ICO) announced a consultation on a draft code of practice for
conducting privacy impact assessments (PIAs). The
consultation document can be found here. The draft code of practice can be found
here. The consultation will end on November 5,
The consultation and the draft code of practice are most
relevant to organizations that fall within the jurisdiction of the
ICO. However, other organizations, including those in Canada, may
wish to review the code of practice as it provides a thorough
starting point for the development of a PIA process that is
consistent with the Canadian "privacy by design"
framework promoted by Ontario's Information and Privacy
Commissioner and adopted by other regulators, including the Federal
As the ICO points out, a PIA need not be time consuming or
complex. However, "there must be a level of rigour in
proportion to the privacy risks arising." The ICO proposes a
flexible methodology comprising six stages or steps.
Identifying the need for the
PIA by using screening questions.
Describing the information flows of the project (collection,
access, use, disclosure).
Identifying the privacy risks (individual risk, organizational
risk, compliance risk).
Identifying privacy solutions (cost/benefit and effectiveness
Signing off and recording the PIA outcomes (including
integrating into privacy disclosures).
Integrating the PIA outcomes into the project plan (monitor
actions and review outcomes).
Consultation (internal and, if necessary, external) is not a
separate step. Instead, the ICO recommends that it take place
throughout the PIA process.
Dentons is a global firm driven to provide you with the
competitive edge in an increasingly complex and interconnected
marketplace. We were formed by the March 2013 combination of
international law firm Salans LLP, Canadian law firm Fraser Milner
Casgrain LLP (FMC) and international law firm SNR Denton.
Dentons is built on the solid foundations of three highly
regarded law firms. Each built its outstanding reputation and
valued clientele by responding to the local, regional and national
needs of a broad spectrum of clients of all sizes –
individuals; entrepreneurs; small businesses and start-ups; local,
regional and national governments and government agencies; and
mid-sized and larger private and public corporations, including
international and global entities.
Now clients benefit from more than 2,500 lawyers and
professionals in 79 locations in 52 countries across Africa, Asia
Pacific, Canada, Central Asia, Europe, the Middle East, Russia and
the CIS, the UK and the US who are committed to challenging the
status quo to offer creative, actionable business and legal
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances. Specific Questions relating to
this article should be addressed directly to the author.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).