The Office of the Privacy Commissioner of Canada/Commissariat à la protection de la vie privée du Canada has republished a 2016 quick reference ‘top ten dos and don’ts for privacy impact assessments’
DOs
– Start early: at the outset of the program development
– Consider the scope: be sure to clearly describe what is and is not being assessed and that the data flow diagram included in the report is consistent with the scope
– Meet the expectations: include the information the DPAs require to be included
– Remember the technicalities: in some cases particular standards or guidelines should be followed to complete the PIA
– Keep it fresh: PIA is a live instrument and should be kept updated
– Get in touch with the DPA
DON’Ts
– Don’t forget to read up: apart from legal provisions, it’s worth looking at the relevant sectoral guidelines
– Don’t do it alone: consult stakeholders (within or outside the organization), privacy experts, DPOs etc
– Don’t keep it to yourself: if some sections should remain publicly available
– Don’t forget to put the plan into action
0 comentarios