PIA Flashcards

1
Q

When developing or reviewing a project, consider the need for a _______ _______ _______.

A

privacy impact assessment (PIA)

A PIA identifies how a project can have an impact on individuals’ privacy and makes recommendations to manage, minimise or eliminate privacy impacts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

OAIC recommends that organisations conduct PIAs as part of their risk management and planning processes. While each project is different, a PIA should generally include the following __ steps.

A

10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

OAIC recommends that organisations conduct PIAs as part of their risk management and planning processes. While each project is different, a PIA should generally include the following __ steps.

A

10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Threshold assessment
A

Ask if any personal information will be collected, stored, used or disclosed in the project. If the answer is yes, a PIA is usually necessary. Keep a record of this threshold assessment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Plan the PIA
A

Consider the scope of your assessment, who will conduct it, the timeframe, budget and who will be consulted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. Describe the project
A

Prepare a project description to provide context for the PIA project. This should be brief, but sufficiently detailed to allow external stakeholders to understand the project.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. Identify and consult with stakeholders
A

Identify the project stakeholders. Consulting them can help to identify new privacy risks and concerns, better understand known risks, and develop strategies to mitigate all risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. Map information flows
A

Describe and map the project’s personal information flows. Detail what information will be collected, used and disclosed, how it will be held and protected, and who will have access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. Privacy impact analysis and compliance check
A

Critically analyse how the project impacts on privacy. Consider compliance with privacy legislation and any other information handling obligations that may apply to your organisation. Even if the project appears to be compliant with privacy legislation, there may be other privacy considerations that need to be addressed such as community expectations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Privacy management — considering risks
A

Consider options for removing, minimising or mitigating any privacy risks identified through the privacy impact analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. Recommendations
A

Make recommendations to remove, minimise or mitigate the risks identified through the privacy impact analysis. Include a timeframe for implementing the recommendations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. Report
A

Prepare a report that sets out all the PIA information. It should be a practical document that can easily be interpreted and applied. The OAIC encourages the publication of PIA reports and has developed a PIA tool to help you conduct a PIA, report its findings and respond to recommendations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. Respond and review
A

Monitor the implementation of the PIA recommendations. A PIA should be regarded as an ongoing process that does not end with preparation of a report. It is important that action is taken to respond to the recommendations in the report, and to review and update the PIA, particularly if issues arise during implementation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The Privacy Act 1988 (Privacy Act) was introduced to promote and protect the privacy of individuals and to regulate how Australian Government agencies and organisations with an annual turnover of more than $3 million, and some other organisations, handle personal information.

The Privacy Act includes 13 Australian Privacy Principles (APPs), which apply to some private sector organisations, as well as most Australian Government agencies. These are collectively referred to as ‘APP entities’. The Privacy Act also regulates the privacy component of the consumer credit reporting system, tax file numbers, and health and medical research.

A

Section 33C of the Privacy Act establishes that the Commissioner may conduct an assessment relating to the following:

the Australian Privacy Principles (s 33C(1)(a)(i))
a registered APP code (s 33C(1)(a)(ii))
credit information files and credit reports held by credit reporting agencies and credit providers (s 33C(1)(b))
tax file number recipients (s 33C(1)(c))
data matching programs (s 33C(1)(d))
claims information associated with the Medicare Benefits Scheme and the Pharmaceutical Benefits Scheme (s 33C(1)(e))
acts or practices of an entity or a state or territory authority in relation to COVID app data (s 33C, 94T(1)).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The Executive Branch go Mexico has also issued:

A

The Regulations to the Federal Law on the Protection of Personal Data held by Private Parties (Reglamento de la Ley Federal de Protección de Datos Personales en Posesión de los Particulares) (the Regulations), which entered into force on December 22, 2011
The Privacy Notice Guidelines (the Guidelines), which entered into force on April 18, 2013
The Recommendations on Personal Data Security, on November 30, 2013
The Parameters for Self-Regulation regarding personal data, which entered into force on May 30, 2014
The General Law for the Protection of Personal Data in Possession of Obligated Subjects (Ley General de Protección de Datos Personales en Posesión de Sujetos Obligados), which entered into force on January 27, 2017

How well did you know this?
1
Not at all
2
3
4
5
Perfectly