A Privacy Impact Assessment (PIA) is a risk management and compliance review process to identify and address potential information privacy and security issues, thus minimizing exposure to potential privacy breaches.
Why is a PIA required?
British Columbia’s Freedom of Information and Protection of Privacy Act (FIPPA) requires public bodies such as UBC to conduct a PIA for all new programs or activity that supports University business.
A PIA assesses the treatment of personal information (PI), which is defined as any recorded information about identifiable individuals, with the exception of the names and business contact information of employees, volunteers and service providers.
Examples of questions that are asked in the PIA process include, but are not limited to:
- What is the [University’s] legal authority to collect, use and disclose PI?
- Is the collection, use, and disclosure of the particular PI for a purpose that is consistent with the project as described?
- Is PI stored, processed, and accessed within Canada?
- How is PI protected from unauthorized use or disclosure?
- How long is PI retained for?
For more details about the PIA process please reach out to your UBCO Engagement Services Client Service Manager.