Privacy Impact Assessments
Privacy impact assessments are a key component of a 'Privacy by design' approach to projects and other personal data processing activities. 'Privacy by design' promotes privacy and data protection compliance at project/processing inception.
The ICO encourages organisations to ensure that privacy and data protection is a key consideration in the early stages of any project, and then throughout its lifecycle. Examples of activities which wouldlend themselves to using privacy impact assessments are:
- building new IT systems for storing or accessing personal data
- developing legislation, policy or strategies that have privacy implications
- data sharing with third parties
- using personal data for new purposes.
'Privacy by design' is an essential tool in minimising privacy risks and building trust. Designing projects, processes, products or systems with privacy in mind at the outset can lead to benefits for the University which include:
- Identified of potential probelms at an early stage, when addressing them will often be simpler and less costly
- Increased awareness of privacy and data protection across the institution
- Being more likely to meet legislative, statutory and contractual obligations, particularly the Data Protection Act
- Taking actions which are less likely to be privacy intrusive and have a negative impact on individuals.
Please read the Information Commissioner's 'Conducting Privacy Impact Assessements Code of Practice' (https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-by-design/) and use the Annexes to compile you own privacy impact assessments.
For further advice please contact the Information Governance Unit.