Professional Documents
Culture Documents
Privacy Impact Assessment: Atty. Karl John A. Baquiran
Privacy Impact Assessment: Atty. Karl John A. Baquiran
ASSESSMENT
ATTY. KARL JOHN A. BAQUIRAN
A PROCESS:
PRIVACY
- to evaluate and manage the impact of a program,
IMPACT process and/or measure on data privacy.
ASSESSMENT
- to identify and minimize the privacy risks of new
projects or policies.
“The determination of the appropriate A government agency engaged in the
level of security under this section must processing of personal data shall ensure
take into account the nature of the that its conduct of a privacy impact
personal information to be protected, assessment is proportionate or consistent
the risks represented by the processing, with the size and sensitivity of personal
the size of the organization and data being processed, and the risk of
complexity of its operations, current harm from the unauthorized processing
data privacy best practices and the of that data.
cost of security implementation.” • Section 5 of Circular 16-01
• Section 20.c (R.A. 10173)
LEGAL BASIS
The PIA will help to ensure Conducting a PIA should
that potential problems are benefit organizations by
BENEFITS identified at an early stage,
when addressing them will
producing better policies and
systems and improving the
often be simpler and less relationship between
costly. organizations and individuals.
A PIA should be conducted for both new and existing systems,
programs, projects, procedures, measures, or technology
products that involve or impact processing personal data
Identify Projects
Identify Stakeholders
Detailed Plan
INITIAL SCREENING
QUESTIONS
• If you have answered “Yes”
to any of the questions
please proceed and
complete stage 2. If “No”,
proceed to stage 3 and sign
off.
WHERE PIA IS NEEDED
01 02 03 04
Plan and Conduct the Sign Off Documentation
Mobilize PIA and Review
Program,
Process, or Privacy Risk Benefit Controls Impact Assessment
Measure
X.1
X.2
X.3
X.4
PRIVACY RISK is the probability that the activity involving data will result in harm, or a loss
of the rights and freedoms of an individual.
CONTROLS may be applied in order to reduce severity, likelihood, and magnitude of the
privacy risk
Program,
Process, or Privacy Risk Benefit Controls Impact Assessment
Measure
X.4 MEDIUM
HIGH HIGH MEDIUM ACCEPTABLE
PRIVACY RISK MAP
C
O
N Extreme
Hackin Loss of
g data
S
E ID
Q Major theft
U
E Stressful
Telema
rketers
N
C
E Slight
collect
dispose use
share store
Step 1:
Define the Process
1. What data is being collected by this process (list all,
including personal as well as non-personal)?
2. Which data (if any) is considered sensitive personal
information (underline these)?
9. What is the key benefit/s the data subject gets from this
process?
10. What is the key benefit/s for the community or society?
Step 2:
Ensure that processing is legally allowed and in compliance with the Data Privacy Act of 2012.
1. What is the legal basis for collecting this data
2. Are we over-collecting
Legal Purpose
Controls
Overall Assessment
STAGE 3: FINAL REPORT AND SIGN OFF
IDENTIFIED RISKS, AGREED ACTIONS AND SIGN OFF FORM.
Privacy Issue Risk to Individuals Compliance Risk Corporate Risk What are the key privacy issues
and associated compliance and
corporate risks
Risk Approved Solution Solution Approved by Describe the actions you could take
to reduce the risk and any future
steps which would be necessary
(e.g. new guidance)
Action to be taken Date for completion Responsibile for Action
What solutions need to
be implemented?
Process Owner
Name Sign Off
Job Title
Signature
Date
IN CONCLUSION