Privacy Impact Assessments

A privacy impact assessment (PIA) is a step-by-step review process to make sure you protect the personal information you collect or use in your project. You’ll work with privacy experts to identify, evaluate and manage privacy risks.

Digital Privacy Impact Assessment

Development of a BC Ministry digital Privacy Impact Assessment (DPIA) is underway. Please talk to your MPO before you begin.

The DPIA is being built in Agile and Scrum which means that BC Ministries can use the DPIA now while new features and functionality are added on an iterative basis. 

Personal information belongs to the person it's about. As public servants, we must protect any personal information we collect, use, store and share. Doing a PIA can help you protect privacy and build public trust by being clear about what information you're collecting, who has access to it, and where and how it's stored.

Why You Need a PIA

Section 69 (5) of the Freedom of Information and Protection of Privacy Act (FOIPPA) requires you to conduct a PIA. You need a PIA to determine whether your project involves personal information and if so, how you'll protect the information you collect or use in your project.

Directions on Completing a PIA

Public bodies in B.C. are required to complete a PIA in accordance with the directions of the minister. The purpose of PIA directions is to clarify the legislative requirement for PIAs and assist public bodies in conducting and documenting a PIA. This includes determining when to complete a PIA and determining whether the initiative meets the requirements under Part 3 (Protection of Privacy) of FOIPPA and the Freedom of Information and Protection of Privacy Regulation (FOIPP Regulation).