Privacy Impact Assessments Draft Code Of Practice


On August 6, 2013, the UK Information Commissioner’s Office (ICO) announced a consultation on a draft code of practice for conducting privacy impact assessments (PIAs). The consultation document can be found here. The draft code of practice can be found here. The consultation will end on November 5, 2013.

The consultation and the draft code of practice are most relevant to organizations that fall within the jurisdiction of the ICO. However, other organizations, including those in Canada, may wish to review the code of practice as it provides a thorough starting point for the development of a PIA process that is consistent with the Canadian “privacy by design” framework promoted by Ontario’s Information and Privacy Commissioner and adopted by other regulators, including the Federal Trade Commission.

As the ICO points out, a PIA need not be time consuming or complex. However, “there must be a level of rigour in proportion to the privacy risks arising.” The ICO proposes a flexible methodology comprising six stages or steps.

  1. Identifying the need for the PIA by using screening questions.
  2. Describing the information flows of the project (collection, access, use, disclosure).
  3. Identifying the privacy risks (individual risk, organizational risk, compliance risk).
  4. Identifying privacy solutions (cost/benefit and effectiveness analysis).
  5. Signing off and recording the PIA outcomes (including integrating into privacy disclosures).
  6. Integrating the PIA outcomes into the project plan (monitor actions and review outcomes).

Consultation (internal and, if necessary, external) is not a separate step. Instead, the ICO recommends that it take place throughout the PIA process.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Dentons | Attorney Advertising

Written by:


Dentons on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.