Language selection

OPC Logo Office of the Privacy Commissioner of Canada

Search

Announcement

March 3, 2020

OPC updates guidance to help federal public sector institutions conducting privacy impact assessments

The Office of the Privacy Commissioner of Canada (OPC) is launching updated guidance – Expectations: OPC’s Guide to the Privacy Impact Assessment Process – offering practical tips to help federal public sector institutions effectively manage privacy risks and meet their legal requirements under the Privacy Act.

Privacy impact assessments (PIAs) are an important tool allowing federal institutions to identify and mitigate risks to privacy posed by programs and activities as early and as completely as possible.

Revisions made to the guidance designed to promote compliance with the Privacy Act include:

  • Discussion of key concepts related to PIAs, including their purpose and when they are required.
  • Practical instructions for each phase of the PIA process.
  • Clarification of the OPC’s role in the PIA process and expectations with respect to the PIA reports.
  • A list of risk factors to consider during the risk assessment phase, and a roadmap for high-risk programs.
  • Relevant legal and policy requirements, questions to consider, as well as risk and mitigation examples, for each of the ten privacy principles against which an institution should assess its programs.

In today’s environment, assessing potential privacy risks is more important than ever. Done properly and before launching an initiative, PIAs can help ensure legal requirements are met and that privacy impacts are addressed or minimized.

Under the Treasury Board Secretariat Directive on Privacy Impact Assessment, institutions must undertake PIAs for programs and activities when personal information is used or intended to be used in a decision-making process directly affecting individuals; substantial modifications are made to existing programs or activities where personal information is used or intended to be used for an administrative purpose; and contracting out or transferring programs or activities to another level of government or to the private sector results in substantial modifications to the program or activities.

Date modified: