Ontario public sector institutions must meet high standards of care and trust whenever collecting, using and disclosing personal and other sensitive information. Any public institution considering new information technologies, systems, and program services that may affect privacy are strongly encouraged to complete a privacy impact assessment (PIA).

A PIA is an organizational risk management tool and a process used to identify the effects of a given process or other activity on an individual’s privacy. PIAs also serve to identify any risks to the institution. The IPC’s new guide, Planning for Success, provides institutions with step-by-step advice on how to conduct a PIA from beginning to end.

The new guide will help institutions define scope, engage internal and external stakeholders, understand information flows, identify privacy solutions and prepare an effective PIA report. Beginning a PIA early in a project’s development provides a systematic basis for mitigating privacy risks at every step, and for documenting decisions for accountability and compliance purposes.