posted on 2010-01-13, 11:16authored byAdam WarrenAdam Warren, Robin Bayley, Colin Bennett, Andrew Charlesworth, Roger Clarke, Charles Oppenheim
This paper builds on original work undertaken as part of a team of researchers into
Privacy Impact Assessments (PIAs), defined as a systematic risk assessment tool that
can be usefully integrated into decision-making processes. The team were
commissioned by the UK Information Commissioner’s Office (ICO) in June 2007 to
develop a study of PIAs in overseas jurisdictions and a handbook to guide UK
organisations through the PIA process. This research has subsequently attracted
interest in the UK and overseas. PIAs are now mandatory for all UK central
government departments. In this paper, the development of the project team’s PIA
methodology and subsequent user experiences led to a key project output, the PIA
handbook. The handbook has become a significant part of the privacy ‘toolkit’ and has
impacted on public policy. Some important lessons from PIAs conducted in the UK and
overseas are identified. Finally, areas are outlined for further development.
History
School
Social Sciences
Department
Geography and Environment
Citation
WARREN, A.P. ... et al, 2009. Privacy Impact Assessments: the UK experience. 31st International Conference of Data Protection and Privacy Commissioners, Madrid, 4-6 November.
Publisher
Spanish Data Protection Agency (AEPD)
Version
NA (Not Applicable or Unknown)
Publication date
2009
Notes
This conference paper was presented at the 31st International Conference of Data Protection and Privacy: http://www.privacyconference2009.org/home/index-iden-idweb.html