pia checklist.png

PRIVACY ASSESSMENT

Privacy assessment can take multiple forms.  The most well-known is the privacy impact assessment (PIA), a process with which Excela has considerable experience. The equivalent term under the European Union's General Data Protection Regulation (GDPR) is 'data protection impact assessment' (DPIA).

Excela's president developed the privacy impact assessment process in use in Alberta's Office of Information and Privacy Commissioner from 2001 to 2010. That process was later adapted by the Ontario and Saskatchewan commissioners for use in those provinces. Excela assisted in the development of the Alberta Commissioner's Health Information Act PIA requirements, which replaced the original PIA process in 2010.

We have prepared PIAs and PIA methodologies for organizations in the Government of Canada, Newfoundland and Labrador, Nunavut, Ontario, Manitoba, Saskatchewan, Alberta and British Columbia, in the public, private and healthcare sectors. Excela can undertake privacy impact assessments for individual projects, for entire organizations, or on any scale in between.  We are experienced in the preparation of PIAs involving information technology, whether locally installed or cloud-based.

Privacy Checklists

You may not always need a full PIA. Simpler approaches, sometimes called privacy checklists, can be valuable to determine whether a complete privacy impact assessment is required. Such checklists can be implemented as online questionnaires, spreadsheets, or paper checklists. Excela has developed privacy checklists for organizations in Newfoundland, Ontario, Alberta, British Columbia and the federal government, among others. Checklists can be developed for use in any public or private sector organization, operating under any privacy legislation. 

Excela's privacy checklists refer specifically to the governing privacy legislation, ensuring that major risks of non-compliance are identified.  They require no privacy expertise to complete; any project manager or business unit manager can complete one.  Privacy checklists can provide automated responses based on risk assessment algorithms, or they can be forwarded to the organization's privacy officer for review and comment.

Privacy Governance

Excela recommends a privacy governance model for most larger organizations. A privacy governance model includes privacy policies and standards, as well as one or more of compliance checklists, privacy impact assessments, periodic privacy compliance reviews and audits.  We can design a cost-effective privacy governance model for your organization to minimize privacy risks. Such a model can dovetail nicely with PIA preparation.