A Privacy Impact Assessment (PIA) is a process used to evaluate and manage privacy impacts, and to ensure compliance with privacy protection rules and responsibilities.

A PIA should be completed when any of the following activities occur:

  1. Developing, or procuring any new technologies or systems that handle or collect personal information.
  2. A PIA is required for all submissions. The PIA should show that privacy was considered from the beginning stage of system development.  If a program is beginning with a pilot, a PIA is required prior to the commencement of the pilot test.  
  3. Developing system revisions. If an existing system is modified, a PIA may be required.
  4. Initiating a new electronic collection of information in identifiable form.
  5. Issuing a new or updated rule-making that affects personal information.

PIA Checklist

Privacy Impact Assessment (PIA) Process

The following diagram outlines Selkirk College's process for Privacy Impact Assessments.