This paper builds on original work undertaken as part of a team of researchers into Privacy Impact Assessments (PIAs), defined as a systematic risk assessment tool that can be usefully integrated into decision-making processes. The team were commissioned by the UK Information Commissioner’s Office (ICO) in June 2007 to develop a study of PIAs in overseas jurisdictions and a handbook to guide UK organisations through the PIA process. This research has subsequently attracted interest in the UK and overseas. PIAs are now mandatory for all UK central government departments. In this paper, the development of the project team’s PIA methodology and subsequent user experiences led to a key project output, the PIA handbook. The handbook has become a significant part of the privacy ‘toolkit’ and has impacted on public policy. Some important lessons from PIAs conducted in the UK and overseas are identified. Finally, areas are outlined for further development.
[1]
T. Lipinski.
The Governance of Privacy: Policy Instruments in Global Perspective
,
2008
.
[2]
Charles Oppenheim,et al.
Privacy Impact Assessments: International Study of Their Application and Effects
,
2007
.
[3]
Charles Oppenheim,et al.
Privacy Impact Assessments: International experience as a basis for UK Guidance
,
2008,
Comput. Law Secur. Rev..
[4]
Roger Clarke,et al.
Privacy impact assessment: Its origins and development
,
2009,
Comput. Law Secur. Rev..
[5]
Anthony Finkelstein,et al.
PRAIS - PRivacy impact Analysis for Information Sharing
,
2008
.