The UK Information Commissioner’s Office (ICO) published a new code of conduct regarding privacy impact assessments (“PIA”) when developing a new product. The new code of conduct explains what PIAs are and how organizations can use them. The code contains annexes which can be used as the basis for any PIA process which include questions to guide the process and templates for recording the assessment.
A PIA is a process that assists organizations in identifying and minimizing the privacy risks of new projects or policies. Conducting a PIA involves working with people within an organization, partner organizations and the people affected by the relevant project to identify and reduce privacy risks. The PIA may help to identify potential problems at an early stage, when addressing them will often be simpler and less costly.
Implementing the suggested PIA procedures as part of any product development process is advisable not only in order to comply with the UK regulatory requirements, but it will also assist businesses to prepare themselves for changes in EU law, which are now under discussions and are expected to be implemented early next year.
The new code of conduct is available here.