Skip to main content

Part of A guide to confidentiality in health and social care: references

Section 11: Privacy Impact Assessments

Previous Chapter

Section 10

Current Chapter

Current chapter – Section 11: Privacy Impact Assessments

View all

Next Chapter

Section 12

A Privacy Impact Assessment (PIA) is a process which helps assess privacy risks to individuals in the collection, use and disclosure of information. PIAs help identify privacy risks, foresee problems and bring forward solutions. They help to

  • identify privacy risks to individuals
  • identify confidentiality, privacy and Data Protection compliance liabilities for an organisation
  • protect an organisation’s reputation
  • instil public trust and confidence in an organisation’s project/product
  • avoid expensive, inadequate “bolt- on” solutions
  • inform an organisation’s communications strategy; and
  • represent enlightened self-interest

PIAs are most effective when they are started at an early stage of a project, when

  • the project is being designed
  • organisations know what they want to do
  • organisations know how they want to do it
  • and organisations know who else is involved

But ideally they should be started before

  • decisions are set in stone
  • organisations have procured systems
  • organisations have signed contracts, Memorandum Of Understandings (MOUs) or agreements; and
  • while organisations can still change their mind

Guidance on Privacy Impact Assessments (Privacy Impact Assessments – An Overview) is provided by the Information Commissioner.

Last edited: 17 January 2022 1:03 pm

Previous Chapter

Section 10

Next Chapter

Section 12

Chapters

  1. A guide to confidentiality in health and social care: references
  2. Section 1: The information governance review
  3. Section 2: The common law of confidentiality and consent
  4. Section 3: The Data Protection Act 1998
  5. Section 4: Human Rights Act provisions
  6. Section 5: Professional regulators’ guidance
  7. Section 6: Record-keeping best practice
  8. Section 7: Sharing information for direct care
  9. Section 8: Carers, family members and friends
  10. Section 9: Safeguarding
  11. Section 10: Using health and social care information –direct care and indirect care purposes
  12. Section 11: Privacy Impact Assessments
  13. Section 12: Anonymisation guidance
  14. Section 13: Accredited Safe Havens
  15. Section 14: Data sharing contracts and agreements
  16. Section 15: The Health and Social Care Information Centre’s powers under the Health and Social Care Act 2012
  17. Section 16: Legislation that controls confidential information disclosures
  18. Section 17: Information security management
  19. Section 18: Objections to sharing
  20. List of key documents
  21. Glossary