PRE-PRIVACY ASSESSMENT

Mist Over Skyscrapers
Mist Over Skyscrapers

Welcome to your Pre-Privacy Assessment

Some types of projects are commonly known to create privacy risks. If the project involves one or more of these risk areas, it’s likely that a Privacy Impact Assessment (PIA) will be valuable.

Use this quiz to identify whether your proposal raises certain privacy risks.

A substantial change to an existing policy, process or system that involves personal information. Example: New legislation or policy that makes it compulsory to collect or disclose information.
Any practice or activity that is listed on a risk register kept by your organization. Example: Practices or activities listed on your office’s privacy risk register or health and safety register.
A new way of collecting or a new collection of personal information. Example: Collecting information about individuals’ location. Example: Collecting information online rather than on paper forms.
Changing the way personal information is stored, managed or kept. Example: Storing information in the cloud or outsourcing information. Example: Moving health or financial records to a new database. Example: Changing IT backups to be kept for 10 years when you previously only stored them for 7.
A new use or disclosure of personal information that is already held. Example: Sharing information with other parties in a new way. Example: Combining information with other information held on public registers, or sharing information to enable organisations to provide services jointly.
A change in policy that results in people having less access to information that you hold about them. Example: Archiving documents after 6 months into a facility from which they can’t be easily retrieved.
Establishing a new way of identifying individuals. Example: A unique identifier, a biometric, or an online identity system.
Introducing a new system for searching individuals’ property, persons or premises. Example: A phone company adopts a new policy of searching data in old phones that are handed in.
Surveillance, tracking or monitoring of movements, behavior or communications, physical changes to your premises that will involve private spaces where clients or customers may disclose their personal information. Example: Installing a new CCTV system or changing the location of the reception desk, where people may discuss personal details.
New regulatory requirements that could lead to compliance action against individuals on the basis of information about them. Example: Adding a new medical condition to the requirements of a pilot’s license.

Thanks for submitting!