|
No.: |
2002-08 |
DATE: |
May 2, 2002 |
TO: |
Access to Information and Privacy Coordinators |
SUBJECT: |
Privacy
Impact Assessment Policy (PIA) |
The Privacy Impact Assessment (PIA) Policy
came into effect today and applies to all federal institutions listed in the
Schedule of the Privacy Act, with the exception of the Bank of
Canada. PIAs are a means of ensuring
that institutions will be in compliance with the fair information practices
embodied in sections 4 through 8 of the Privacy Act.
The policy provides guidance regarding the
circumstances that would require privacy impact assessments. This would include situations such as when
there is an increase in the amount of personal information being collected or
there is a greater sharing of personal information under an existing program
or service, and when a new program or service will result in new collection,
use, disclosure or retention of personal information. By conducting PIAs at an early stage,
institutions can determine the effects of a program or service on personal
privacy and take appropriate action.
Here are some of the highlights of
the PIA Policy:
- departments and agencies must
conduct and maintain privacy impact assessments where warranted.
-
a copy of the PIA must be provided
to the Privacy Commissioner prior to implementing a program and service.
-
departments and agencies must make
summaries of the PIA available to the public.
-
institutions
seeking Preliminary Project Approval from the Treasury Board pursuant to the Project Approval Policy must include
the results of the Privacy Impact Assessment in the body of the submission or
the project brief, whereapplicable.
-
institutions
seeking Effective Project Approval from the Treasury Board must provide a
status report summarizing the actions taken or to be taken to avoid or
mitigate the privacy risks, if any, described in the PIA.
-
the deputy head of the institution
has full discretion for establishing the most appropriate processes for
consulting with the Office of the Privacy Commissioner, for responding to any
advice that might come from the Office of the Privacy Commissioner and for
approving final PIAs.
The PIA Guidelines are intended as a practical tool to assist in the
conduct of a PIA and can be adapted to the specific program, service or
institution conducting the assessment.
Michelle d'Auray, Chief Information
Officer of the Treasury Board Secretariat, has written to her colleagues in
departments notifying them of the Policy and its effective date. Frank
Claydon, Secretary of the Treasury
Board, has also informed all deputies and heads of agencies.
Ian Sinclair, Director,
Information Policy Division, Government On-Line and his staff will be pleased
to answer your questions, provide information and assist your officials in
implementing the policy requirements.
Should you or your officials require further information, please
contact Ross Hodgins at (613) 941-4811 or hodgins.ross@tbs-sct.gc.ca
or Diane Boland at (613) 952-3222 or boland.diane@tbs-sct.gc.ca.
The PIA Policy and guidelines can be
accessed on the TBS Website at: http://www.tbs-sct.gc.ca/pubs_pol/ciopubs/pia-pefr/paip-pefr_e.html
Anne Brennan
Director
Information and Security Policy Division
Government Operations Sector
|