What are Data Protection Impact Assessments (DPIA)?
A DPIA is a process which helps organisations assess privacy risks to individuals in the collection, use and disclosure of information in order to foresee problems and bring forward solutions.
Privacy has become a much larger consideration for business and government in recent decades. New information technologies have increased public concerns about intrusion into their privacy.
In addition, in the Data Handling Review, part of the Hannigan report, for ICT projects the Cabinet Office has instructed central government departments to complete DPIAs, which are then assessed as part of the OGC Gateway Review / System Accreditation process prior to the granting of Accreditation of any system.
Similarly, information risk management needs to be considered as part of the Government’s “Gateway” reviews that monitor the progress of the most important projects.
Our Data Protection Impact Assessments
Any new initiative that involves personal information or intrusive technologies inevitably gives rise to privacy concerns.
Our experienced information security consultants have been involved in conducting DPIAs on some of the most high profile national police databases, which included managing the expectations of all stakeholders e.g. privacy groups, the Information Commissioner’s Office.
Benefits of Data Protection Impact Assessments
- Anticipate and address the likely privacy impacts of new initiatives, foresee problems, and negotiate solutions to ensure data protection compliance
- Systems can be designed to avoid unnecessary privacy intrusion, and features can be built in from the outset, that reduces privacy intrusion
- Where the success of a project depends on people accepting, adopting and using a new system, process or programme, privacy concerns can be a significant risk factor that threatens the return on the organisation’s investment. In order to address this risk, it is advisable to use the DPIA as a risk management technique
- By carrying out a DPIA, it will increase public confidence in data collection
If you have an information security question or would like to hear from one of our consultants, please call us now