Privacy Impact Assessments

A privacy impact assessment (PIA) is a step-by-step review process to make sure you protect the personal information you collect or use in your project. You’ll work with privacy experts to identify, evaluate and manage privacy risks.

Why You Need a PIA

Section 69 (5) of the Freedom of Information and Protection of Privacy Act (FOIPPA) requires you to conduct a PIA. You need a PIA to determine whether your project involves personal information and if so, how you'll protect the information you collect or use in your project.

Personal information belongs to the person it's about. As public servants, we must protect any personal information we collect, use, store and share. Doing a PIA can help you protect privacy and build public trust by being clear about what information you're collecting, who has access to it, and where and how it's stored.

5 Steps to Completing a PIA

Step 1: Download the PIA Template

Step 2: Fill Out the PIA Template With Help From Your MPO

Step 3: Submit for Review

Step 4: Get Signatures

Step 5: Start Your Project

diagram of the PIA process

Step 1: Download the PIA Template

Choose the PIA template that’s right for you. The template you need depends on the work you’re doing.

Starting a new project or program

Use the PIA template (Word, 233 KB) for a new project or program in the B.C. government. Read through the questions and complete part 1.

Changing a project or program

Use the PIA update template (Word, 77 KB) if you're changing the way you collect, use, store or share personal information in a project that has already been through a privacy impact assessment. You'll need the previous PIA number.

Drafting or amending legislation or regulations

Use the LPIA template (Word, 41 KB) for legislation and the RPIA template (Word, 77 KB) for regulations. Learn about doing a PIA for draft or amended legislation or regulations.

Using an online tool that has already been assessed

Find out which commonly used online tools have already been assessed in the list of corporate privacy impact assessments. If the tool you'd like to use has already been assessed, use a corporate PIA checklist.

Doing a PIA in the broader public sector

If you work in the broader public sector and you're starting a project, use the PIA template for non-ministry public bodies (Word, 233 KB). Complete your PIA with your organization's privacy officer, if you have one.

Step 2: Fill Out the PIA Template With Help From Your MPO

Contact your Ministry Privacy Officer (MPO) as early as possible in your project to get expert help with your PIA. You may also need to include

Step 3: Submit for Review

When you're finished with the template, you and your MPO will submit it to a privacy analyst at the Privacy, Compliance and Training Branch (PCT) for review. The analyst will work with you and your MPO to finalize the PIA. The analyst may ask questions or suggest changes to the content.

PCT will sign the template when the analyst is satisfied that you have identified and will manage privacy risks. PCT make take longer to review more complex PIAs.

Step 4: Get Signatures

After PCT signs, the analyst will return the template to you to get signatures. When all the required signatures are in place, return the PIA to the PCT analyst. The analyst will file the PIA in the Personal Information Directory.

Step 5: Start Your Project

Start your project after your PIA is complete.

  • Work to reduce the privacy risks you identified
  • Monitor your project for future risks to privacy
  • If you change the way you collect, use, store or share personal information in your project, update your PIA