Privacy Impact Assessments

A privacy impact assessment (PIA) is a step-by-step review process to make sure you protect the personal information you collect or use in your project. You’ll work with privacy experts to identify, evaluate and manage privacy risks.

Personal information belongs to the person it's about. As public servants, we must protect any personal information we collect, use, store and share. Doing a PIA can help you protect privacy and build public trust by being clear about what information you're collecting, who has access to it, and where and how it's stored.

Amendments to the Freedom of Information and Protection of Privacy Act (FOIPPA) were passed on November 25, 2021.

Why You Need a PIA

Section 69 (5) of the Freedom of Information and Protection of Privacy Act (FOIPPA) requires you to conduct a PIA. You need a PIA to determine whether your project involves personal information and if so, how you'll protect the information you collect or use in your project.

Directions on Completing a PIA

Public bodies in B.C. are required to complete a PIA in accordance with the directions of the minister. The purpose of PIA directions is to clarify the legislative requirement for PIAs and assist public bodies in conducting and documenting a PIA. This includes determining when to complete a PIA and determining whether the initiative meets the requirements under Part 3 (Protection of Privacy) of FOIPPA and the Freedom of Information and Protection of Privacy Regulation (FOIPP Regulation).