Initiating a Privacy Impact Assessment
If your department is contemplating a new system or program or is making a significant change to an existing program that involves personal information, a Privacy Impact Assessment should be completed.
The first step is to complete and submit a PIA Needs Analysis Questionnaire. The Privacy Officer will determine whether a PIA is required.
Completing a Privacy Impact Assessment
Refer to the University’s Guide to Completing a Privacy Impact Assessment for detailed instructions on how to complete the PIA.
The author(s) of the PIA may need to work with the related service provider, VIU’s IT Department and VIU’s Privacy Officer to ensure the relevant information is gathered to answer the questions in the PIA.
Annual Review
It is important to ensure that PIAs are reviewed annually and document any changes regarding collection, use, disclosure, storage, and security of personal information.
Signoff
The following positions should be signatories on a PIA:
- PIA author or designate
- Initiative Lead
- Privacy Officer
- For IT related systems or services also include a designate from the IT Department.