This month, the ICO launched its new Privacy Impact Assessment (PIA) handbook which is intended to be a practical guide for organisations to help them identify the risks to personal privacy before implementing new initiatives and technologies.
The handbook notes that the increase in the use of intrusive technologies has led to an increase in the collection, storage, use and disclosure of personal data and this in turn has caused increased concern about individual privacy. The handbook splits the privacy risks into two categories:
- Risks to the individual as a result of contravention of their rights in relation to privacy, or loss, damage, misuse or abuse of their personal information; and
- Risks to the organisation.
By completing a PIA, organisations will be able to address any data handling issues at an early stage. Although there are no statutory requirements to complete a PIA, government departments have been directed to do so by the Cabinet Office. That said, there are clearly advantages to be had for any organisation in completing a PIA; it will improve the public perception of an organisation and will hopefully help avoid unnecessary expense at a later stage. Jonathon Bamford, the Assistant IPO, has stated that: "The new PIA handbook is more accessible and will aim to assist organisations in protecting people’s personal information and ensuring that privacy safeguards are built into systems at the outset rather than bolted on as an inadequate and expensive afterthought."
The ICO hopes that the PIA handbook will encourage organisations to incorporate data protection safeguards into any new development which involves personal information.
A copy of the PIA handbook is located at: http://www.ico.gov.uk/upload/documents/pia_handbook_html_v2/index.html