Multi-Jurisdiction Privacy Assessment
Privacy Impact Assessments (PIA) are frequently required for new information initiatives in the public sector. A PIA audits an organization’s processes to determine how these processes support or compromise the privacy of personal information collected, held or processed by the organization.
Our privacy by design approach to projects promotes privacy and data protection compliance from the start. This proactive approach supports compliance with legislation across jurisdictions.
Review privacy practices surrounding an online outreach and data collection tool to be implemented across three provinces, highlighting areas of vulnerability and concern.
KI Design offered tailored information, access, and privacy services. Following the Privacy in Design method, we focused on issues most relevant to the organization. We provided privacy expertise, recommendations, and practical implementation tools to resolve privacy concerns regarding a pilot project for the organization’s online outreach tool.
We conducted a review in three stages:
Jurisdictional Analysis: Building a profile of the organization’s legal and contractual compliance with regulations within jurisdictions of operation.
Risk Measurement and Control Methods: Evaluating risk, reviewing control methods, implementing checklists, installing issue management systems and writing risk mitigation plans.
Providing practical solutions which could be implemented quickly for the pilot project.
At the end of the assessment, we ensured that systems and processes were in place to support the adoption and implementation of the outreach and data collection tool, along with appropriate privacy controls.
- Analyzed the privacy implications of organizational decisions across three jurisdictions
- Reviewed privacy concerns related to the nature of the outreach tool itself
- Identified steps to facilitate compliance in other provinces
- Identified concrete solutions to other privacy concerns
- Reviewed existing practices
- Measured compliance and highlighted risks
- Identified growth opportunities
- Offered concrete tools for responding to privacy concerns