Guide to Privacy Impact Assessments in NSW

View the document overview below or download it here Guide to Privacy Impact Assessments in NSW December 2016

Overview

Privacy Impact Assessments (PIA) assist public and private sector organisations identify and minimise the privacy risks of changes to services or policies and new projects. Also, a PIA can assist compliance with privacy obligations, address wider privacy issues and execute a ‘privacy by design’ approach.

This Privacy Impact Assessment Guide has been issued by the NSW Privacy Commissioner under:

  • section 36(2) of the Privacy and Personal Information Protection Act 1998 (PPIP Act) to promote the adoption of, and compliance with, the Information Protection Principles (IPPs) and protection of personal information and the privacy of individuals; and
  • section 58 of the Health Records and Information Privacy Act 2002 (HRIP Act) to promote the adoption of, and compliance with, the Health Privacy Principles (HPPs) and the protection of heath information and the privacy of individuals.

The Guide:

  • explains the benefits of undertaking a PIA;
  • sets out the basic steps of a PIA process and relevant considerations;
  • draws upon practice in Australia, New Zealand, the United Kingdom, the United States, Canada and the European Union. 

This Guide is not intended to offer legal advice or restrict the NSW Privacy Commissioner’s statutory powers. Advice can be sought from the Privacy Commissioner’s Office (see contact details at the back).

Dr Elizabeth Coombs
A/NSW Privacy Commissioner
December 2016