A Privacy Impact Assessment (“PIA”) is a method for collecting and documenting detailed information collected in order to conduct an in-depth privacy review of a program or project. It asks questions about the collection, use, sharing, security and access controls for data that is gathered using a technology or program. It also requests information about policies, training and documentation that govern use of the technology. The PIA responses are used to determine privacy risks associated with a project and mitigations that may reduce some or all of those risks. In the interests of transparency about data collection and management, many Washington jurisdictions have committed to publishing all PIAs on an outward facing website for public access.
As staff complete the document, they should keep the following in mind.
- Responses to questions should be in the text or check boxes only, all other information (questions, descriptions, etc.) should NOT be edited by the department staff completing this document.
- All content in this report will usually be available externally to the public. With this in mind, avoid using acronyms, slang, or other terms which may not be well-known to external audiences. Additionally, responses should be written using principally non-technical language to ensure they are accessible to audiences unfamiliar with the topic.
A PIA may be required in two circumstances.
- Your project, technology, or other review has been flagged as having a high privacy risk
- Your technology is required to complete a Surveillance Impact Report process. This is one deliverable that comprises the report.
PIA - Abstract
- Capture a brief description (one paragraph) of the purpose and proposed use of the project/technology.
- This 1-3 sentence explanation should include the name of the project/ technology/ program/ application/ pilot (hereinafter referred to as "project/technology"). It should also include a brief description of the project/technology and its function.
- Explain the reason the project/technology is being created or updated and why the PIA is required.
- This 1-3 sentence explanation should include the reasons that caused the project/technology to be identified as “privacy sensitive” in the Privacy Threshold Analysis form, such as the project/technology collection of personal information, or that the project/technology meets the criteria for surveillance.
PIA - Project
Provide an overview of the project or technology. The overview gives the context and background necessary to understand the purpose, mission and justification for the project / technology proposed
- Describe the benefits of the project/technology.
- Provide any data or research demonstrating anticipated benefits.
- Describe the technology involved.
- Describe how the project or use of technology relates to the organization's mission.
- Who will be involved with the deployment and use of the project / technology?
PIA - Governance
Provide an outline of any rules that will govern the use of the project / technology. Please note: non-City entities are bound by restrictions specified in the Surveillance Ordinance and Privacy Principles and must provide written procedures for how the entity will comply with any restrictions identified.
- Describe the processes that are required prior to each use, or access to/ of the project / technology, such as a notification, or check-in, check-out of equipment.
- List the legal standards or conditions, if any, that must be met before the project / technology is used.
- Describe the policies and training required of all personnel operating the project / technology, and who has access to ensure compliance with use and management policies.
- Include links to all policies referenced.
PIA - Collection + Use
Information about the policies and practices around the collection and use of the data collected.
- Provide details about what information is being collected from sources other than an individual, including other it systems, systems of record, commercial data aggregators, publicly available data and/or other city departments.
- What safeguards are in place, for protecting data from unauthorized access (encryption, access control mechanisms, etc.) and to provide an audit trail (viewer logging, modification logging, etc.)?
- What measures are in place to minimize inadvertent or improper collection of data?
- How and when will the project / technology be deployed or used? By whom? Who will determine when the project / technology is deployed and used?
- How often will the technology be in operation?
- What is the permanence of the installation? Is it installed permanently or temporarily?
- Is a physical object collecting data or images, visible to the public? What are the markings to indicate that it is in use? What signage is used to determine department ownership and contact information?
- How will data that is collected be accessed and by whom?
- If operated or used by another entity on behalf of the City, provide details about access, and applicable protocols. Please link memorandums of agreement, contracts, etc. that are applicable.
- What are acceptable reasons for access to the equipment and/or data collected?
PIA - Data Storage
Information on how the data will be stored, retained and deleted
- How will data be securely stored?
- How will the owner allow for departmental and other entities, to audit for compliance with legal deletion requirements?
- What measures will be used to destroy improperly collected data?
- Which specific departmental unit or individual is responsible for ensuring compliance with data retention requirements?
PIA - Sharing
- Which entity or entities inside and external to our organization will be data sharing partners?
- Why is data sharing useful?
- Are there any restrictions on external data use? If so, identify procedures and policies for ensuring compliance with these restrictions.
- Explain how the project/technology checks the accuracy of the information collected. If accuracy is not checked, please explain why.
- Describe any procedures that allow individuals to access their information and correct inaccurate or erroneous information.
PIA - Compliance
- What specific legal authorities and/or agreements permit and define the collection of information by the project/technology?
- Describe what privacy training is provided to users either generally or specifically relevant to the project/technology.
- Given the specific data elements collected, describe the privacy risks identified and for each risk, explain how it was mitigated. Specific risks may be inherent in the sources or methods of collection, or the quality or quantity of information included.
- Is there any aspect of the project/technology that might cause concern by giving the appearance to the public of privacy intrusion or misuse of personal information?
- Examples might include a push of information out to individuals that is unexpected and appears to be intrusive, or an engagement with a third party to use information derived from the data collected, that is not explained in the initial notification.
- Describe how the project/technology maintains a record of any disclosures outside of the department.
- What auditing measures are in place to safeguard the information, and policies that pertain to them, as well as who has access to the audit data? Explain whether the project/technology conducts self-audits, third party audits or reviews.