NRM SDLC - Privacy

Protecting the privacy of personal information is a legislative requirement.

A PIA is created to ensure compliance with the Freedom of Information and Protection of Privacy Act when collecting, using or disclosing personal information.

A privacy impact assessment must be completed for any new or changes to applications.  The initial assessment must be completed for all initiatives to determine whether personal information is involved.

A draft Privacy Impact Assessment (PIA) is required during the Initiation Phase to identify potential risks and impacts of collecting, using, and disclosing personal information.  It is also a requirement to move to the Test environment through the Change Management process. A final PIA is required in the Design phase and is a requirement to move to the Production environment through the Change Management process.

Standards/Guidelines

BC Government Privacy Impact Assessment Process:

Templates

Deliverable Requisite

A Privacy Impact Assessment is mandatory for all project complexity levels.

Samples

There is no sample currently available.