Published on Office of the Information Commissioner Queensland (https://www.oic.qld.gov.au)

Home Training and events  >  Privacy Impact Assessment video

Privacy Impact Assessment video

It is a common perception that privacy impact assessments (PIA) are administratively arduous, technically challenging and automatically at odds of both the proposed outcomes of a program and to any proposed methodology. This video presentation has been designed to dispel these perceptions and de-mystify the PIA process.

The video will achieve this by emphasising the limited focus of a PIA and providing a framework to conduct it. While each PIA will be individually crafted to each program, they will all have three core components:

  • mapping the personal information flows within and without the program
  • identifying the relevant privacy principle for each flow
  • addressing the resulting privacy obligations into the design and implementation of the program.

The video will run through the undertaking of a PIA a hypothetical initiative and step through a detailed examination of the three core components showing that once broken down into their individual transactions, the attendant privacy analysis and accommodations are both manageable and add value to the program. It is facilitated by a senior OIC officer with experience in interpreting and applying the legislation.

Contents

0:00 Introduction

1:35  Why do a PIA?

2:26 Benefits of a PIA (No, seriously, why even bother?)

5:32 Who do you consider to be your ‘audience’ when you undertake a PIA

7:14 Sometimes…less is more

8:41 When’s a good time to talk about the PIA

12:23 How does it work, really?

13:58 PIA example: Project ‘No more free rides’

17:44 Points to consider

18:59 Mapping information flows

22:20 Mapping information flows example: How could it have been done?

22:59 So, how do I get started?

25:24 Identifying the relevant privacy principles

31:51 Get out of jail – free (comply with the Information Privacy Principles)

32:37 Collection from the individual concerned

37:21 Storage and security

42:20 Compliance with Information Privacy Principle 5

44:26 Bound contracted service provider

49:33 Speak now or forever hold your peace (Should we publish the PIA?)

51:34 In summary

57:07 Where to next?

58:16 End