It is a common perception that privacy impact assessments (PIA) are administratively arduous, technically challenging and automatically at odds of both the proposed outcomes of a program and to any proposed methodology. This video presentation has been designed to dispel these perceptions and de-mystify the PIA process.
The video will achieve this by emphasising the limited focus of a PIA and providing a framework to conduct it. While each PIA will be individually crafted to each program, they will all have three core components:
The video will run through the undertaking of a PIA a hypothetical initiative and step through a detailed examination of the three core components showing that once broken down into their individual transactions, the attendant privacy analysis and accommodations are both manageable and add value to the program. It is facilitated by a senior OIC officer with experience in interpreting and applying the legislation.
0:00 Introduction
1:35 Why do a PIA?
2:26 Benefits of a PIA (No, seriously, why even bother?)
5:32 Who do you consider to be your ‘audience’ when you undertake a PIA
7:14 Sometimes…less is more
8:41 When’s a good time to talk about the PIA
12:23 How does it work, really?
13:58 PIA example: Project ‘No more free rides’
17:44 Points to consider
18:59 Mapping information flows
22:20 Mapping information flows example: How could it have been done?
22:59 So, how do I get started?
25:24 Identifying the relevant privacy principles
31:51 Get out of jail – free (comply with the Information Privacy Principles)
32:37 Collection from the individual concerned
37:21 Storage and security
42:20 Compliance with Information Privacy Principle 5
44:26 Bound contracted service provider
49:33 Speak now or forever hold your peace (Should we publish the PIA?)
51:34 In summary
57:07 Where to next?
58:16 End