Privacy Impact Assessments (PIA) | Minimize Privacy Risks | Consulting & Advisory Services
Step 1: Identifying PIA Needs
Do you even need a PIA? That’s often the first – and biggest – question to be answered. If the project is significant in any way for an organization – and it includes data (any type of data) as a meaningful element of the project - then the answer is yes. But Centris can help better qualify the answer by digging deeper to understand all the necessary project considerations relating to data privacy. If the answer is “yes” that a PIA is needed, the next step is assessing specific needs in terms of scope, types of data impacted, and the goal of ‘privacy by design’.
Step 2: Assessing Information Flows
It’s important to understand how an organization collects, uses, shares & discloses, stores, protects, retains, and disposes of data for a given project. With Centris guiding you through the process, we’ll document the entire information flow, digging deep to learn more about the entire data flow lifecycle, starting with how data enters a system and, ultimately, how data is purged.
Step 3: Identifying Privacy and Related Risks
Identifying privacy risks to individuals, compliance risks and any related risks for the organization are conducted for ensuring a full understanding of all related risks. During this crucial step, Centris identifies risks to individual privacy, compliance risks and related corporate or organizational risks, and more.
Step 4: Identifying Privacy Solutions
During this step, Centris identifies what actions should be taken to address risks to privacy. Generally speaking, this will depend on the nature of the project, thus the assessment will include Centris offering proven strategies for reducing risks to privacy. Some of the more meaningful measures to take for reducing privacy risks that we’ve implemented for clients (per ICO PIA guidelines) include the following:
- Deciding not to collect or store particular types of information.
- Devising retention periods which only keep information for as long as necessary and planning secure destruction of information.
- Implementing appropriate technological security measures.
- Ensuring that staff are properly trained and are aware of potential privacy risks.
- Developing ways to safely anonymize the information when it is possible to do so.
- Producing guidance for staff on how to use new systems and how to share data if appropriate.
- Using systems which allow individuals to access their information more easily and make it simpler to respond to subject access requests.
Step 5: Reporting & Integrating PIA Findings
Centris’ initial assessment findings – and subsequent reporting in terms of recommendations, guidelines, and next steps – are all formally documented within our customized PIA report. Developed by our data privacy experts, Centris’ PIA reports provide all the necessary information for making informed, business-driven decisions regarding data privacy issues. With Centris, we offer a wide range of data privacy, cybersecurity, and regulatory compliance solutions and services, including assessments & programs, data governance, data mapping, PIA, DPIA, GDPR assessments, CCPA/CPRA assessments, international international privacy assessments, U.S. state privacy assessments, EU Cloud Code of Conduct, Microsoft SSPA/DPR, along with data privacy programs.
