Privacy Impact Assessments: the UK experience
conference contributionposted on 2010-01-13, 11:16 authored by Adam WarrenAdam Warren, Robin Bayley, Colin Bennett, Andrew Charlesworth, Roger Clarke, Charles Oppenheim
This paper builds on original work undertaken as part of a team of researchers into Privacy Impact Assessments (PIAs), defined as a systematic risk assessment tool that can be usefully integrated into decision-making processes. The team were commissioned by the UK Information Commissioner’s Office (ICO) in June 2007 to develop a study of PIAs in overseas jurisdictions and a handbook to guide UK organisations through the PIA process. This research has subsequently attracted interest in the UK and overseas. PIAs are now mandatory for all UK central government departments. In this paper, the development of the project team’s PIA methodology and subsequent user experiences led to a key project output, the PIA handbook. The handbook has become a significant part of the privacy ‘toolkit’ and has impacted on public policy. Some important lessons from PIAs conducted in the UK and overseas are identified. Finally, areas are outlined for further development.
- Social Sciences
- Geography and Environment
CitationWARREN, A.P. ... et al, 2009. Privacy Impact Assessments: the UK experience. 31st International Conference of Data Protection and Privacy Commissioners, Madrid, 4-6 November.
PublisherSpanish Data Protection Agency (AEPD)
- NA (Not Applicable or Unknown)
NotesThis conference paper was presented at the 31st International Conference of Data Protection and Privacy: http://www.privacyconference2009.org/home/index-iden-idweb.html