Complete a Privacy Impact Assessment
Last updated on April 22, 2024A privacy impact assessment is a tool to help you assess risks to privacy and protect personal information. Follow the steps to get started.
5 Steps to Completing a PIA
Step 1: Download the PIA Template
Step 2: Fill Out the PIA Template With Help From Your MPO
Step 3: Submit for Review
Step 4: Get Signatures
Step 5: Start Your Project
Step 1: Download the PIA Template
Choose the PIA template that’s right for you. The template you need depends on the work you’re doing.
Starting a new initiative
Use the PIA template (Word, 64 KB) for a new system, project, program or activity in the B.C. government. Read through the questions and complete part 1.
You may also need to include an Information Sharing Agreement Supplement (Word, 21 KB) to the PIA.
Changing an existing initiative
Use the initiative update PIA template (Word, 43 KB) if you're changing the way you collect, use, store or share personal information in an initiative that has already been through a privacy impact assessment. You'll need the previous PIA number.
You may also need to include an Information Sharing Agreement Supplement (Word, 21 KB) to the PIA.
Drafting or amending legislation or regulations
Use the LPIA template (Word, 37 KB) for legislation and the RPIA template (Word, 37 KB) for regulations. Learn about doing a PIA for draft or amended legislation or regulations.
Using an online tool that has already been assessed
Find out which commonly used online tools have already been assessed in the list of corporate privacy impact assessments. If the tool you'd like to use has already been assessed, use a corporate PIA checklist.
Doing a PIA in the broader public sector
If you work in the broader public sector and you're starting a project, use the PIA template for non-ministry public bodies (Word, 52 KB). Complete your PIA with your organization's privacy officer, if you have one.
You may also need to include an Information Sharing Agreement Supplement (Word, 21 KB) to the PIA.
Step 2: Fill Out the PIA Template With Help From Your MPO
Contact your Ministry Privacy Officer (MPO) as early as possible in your project to get expert help with your PIA. You may also need to include:
- Subject matter experts
- Technical support
- Project vendors
- Other project teams
- Your Ministry Information Security Officer (MISO)
Step 3: Submit for Review
When you're finished with the template, you and your MPO will submit it to a privacy analyst at the Corporate Privacy Office (CPO) for review. The analyst will work with you and your MPO to finalize the PIA. The analyst may ask questions or suggest changes to the content.
CPO will sign the template when the analyst is satisfied that you have identified and will manage privacy risks. CPO make take longer to review more complex PIAs.
Step 4: Get Signatures
After CPO signs, the analyst will return the template to you to get signatures. When all the required signatures are in place, return the PIA to the CPO analyst. The analyst will file the PIA in the Personal Information Directory.
Step 5: Start Your Project
Start your project after your PIA is complete.
- Work to reduce the privacy risks you identified
- Monitor your initiative for future risks to privacy
- If you change the way you collect, use, store or share personal information in your initiative, update your PIA
Get question-by-question help in the PIA guidance.
Contact your Ministry Privacy Officer to get expert help in your ministry
Can't find what you're looking for? Contact the Privacy Helpline.