Treasury Board of Canada, Secretariat - Government of Canada
Skip all menus Skip first menu
,  Français  Contact Us  Help  Search  Canada Site
     What's New  About Us  Policies  Documents  TBS Site
   Calendar  Links  FAQs  Presentations  Home
,
Chief Information Officer Branch
Information, Privacy and Security Policy Division
Privacy and Government
On-Line
PIA
e-learning tool
Overview
Manage/Monitor
Course Outline
Privacy Fundamentals
PIAs
The PIA Process
Course Summary
Course summary
Glossary
Links
PIA Assistant
Site Map

Find Information:
by Subject [ A to Z ] by Sub-site
Versions:  
Print Version Print Version
Related Subjects:
Assessment
Learning
Privacy
Feedback on Website
, 		,

Course summary,

Module 1: Privacy fundamentals

  • The concept of privacy is closely linked to the control and use of information.
  • Canada has a strong privacy legislative and policy framework involving two federal privacy-related Acts of general application—the Privacy Act and PIPEDA—and many provincial/territorial Freedom of Information Acts.
  • The Privacy Act limits collection, use and disclosure of personal information by federal government institutions.
  • PIPEDA focuses on personal information and the private business sector.
  • The PIA Policy document created a framework for conducting, maintaining and publishing PIAs.
  • The PIA Guidelines document provides a step-by-step process for completing a PIA.
  • There are many other federal laws and policies that may have an impact on privacy.
  • All provinces and territories have privacy legislation and policies that may also need to be considered when conducting a PIA.

Module 2: PIAs

  • A PIA is a process, very similar to a risk management approach, to help determine if there are privacy-related concerns with a program or service.
  • PIAs are generally required if there is an increase in the amount of personal information being collected; if there is a broadening of a client target population; if there has been a significant change in the technology used to collect and protect personal information.
  • PPIAs can be used if you don't have enough information to conduct a full PIA or if there is doubt as to whether or not privacy is actually a concern.

Module 3: The PIA Process

  • There are four primary steps in completing a PIA - Project Initiation, Data Analysis, Privacy Analysis and the Privacy Impact Assessment Report.
  • Project Initiation involves defining scope, determining resources and adapting tools to be used in the PIA to reflect the scope of the PIA. Start your PIA as early as possible, create a PIA Team, allocate realistic timeframes for the project and stay organized.
  • Data Analysis will involve your IT and systems resources. They will be of invaluable assistance in developing data flow tables. Make sure that these tables are complete and include charters, SOS/TRAs, datasharing agreements, contracts by federal government institutions and MOUs as appropriate.
  • Step Three is the Privacy Analysis. Complete the questionnaires with explanations, rationales and context information and remember to appropriately address all 10 universal privacy principles.
  • Step Four is the Privacy Impact Assessment Report, which needs to be written in plain language and in both official languages. Include documentation, address the degree and nature of the privacy risks involved and discuss options to mitigate those risks. Also, develop your communications plans.
  • As you get ready to submit your Report to the Privacy Commissioner, consider contacting the OPC first and have them review your PIA. Get all necessary approvals and make sure your PIA goes to the Privacy Commissioner before the program or service is implemented.
  • After receiving advice and recommendations from the Privacy Commissioner, implement changes to your PIA, publish the results of the PIA and create an ongoing maintenance program for updating your PIA.

Previous PageModule 3 summary

GlossaryNext Page

  ,
Date published: 2003-10-03
Date modified: 2003-09-26
Date reviewed: 2003-09-26
 Return to
Top of Page		 Important Notices