Privacy Impact Assessments (PIA)

According to international privacy laws, organizations should perform a Privacy Impact Assessment (PIA) to identify potential weaknesses in their privacy governance programs. The Privacy Management Toolkit by Rebecca Herold, CISSP, CISA contains a complete Privacy Impact Assessment that allows organizations to measure their privacy program against the organizational requirements specified within the O.E.C.D. Privacy Principles. Most privacy laws are based in large part on the guidelines from the O.E.C.D.

The following articles provide sample assessments, policies and discussion for each of the core privacy principles:

1. Privacy Principle 1: Collection Limitation Principle
2. Privacy Principle 2: Data Quality Principle
3. Privacy Principle 3: Purpose Specification Principle
4. Privacy Principle 4: Limiting Use, Disclosure and Retention Principle
5. Privacy Principle 5: Security Safeguards Principle
6. Privacy Principle 6: Openness Principle
7. Privacy Principle 7: Individual Participation Principle
8. Privacy Principle 8: Accountability Principle
9. Privacy Principle 9: Free Flow of Personal Information

For more information on the Privacy Management Toolkit please contact us.