Description of the Program, Project, Process, Measure, System, or Technology for which the PIA is being

conducted:

1. What data is being collected by this

process (list all, including personal as well
as non-personal)

2. Which data (if any) is considered

sensitive personal information (underline
these)

3. Who are we collecting this data from

4. How are we collecting this data

5. Why is this data being collected

6. Will we use this data to make any

decisions that have a legal effect on the
data subject

7. Who will be handling and accessing this

data

8. Will the data be shared with any other

organizations

9. What is the key benefit/s the data

subject gets from this process

10. What is the key benefit/s for the

community or society

Ensure that processing is legally allowed and in compliance with the Data Privacy Act of 2012:
1. What is the legal basis for
collecting/processing this data

2. Are we over-collecting

3. How will consent be obtained

4. Do individuals have the opportunity

and/or right to decline to provide data

5. What happens if they decline

6. How will the data collected be checked

for accuracy

7. How will data subjects be allowed to

correct errors, if any

8. Will the data be re-used

9. How

10. How long are we required to keep the

data

11. How do we plan to dispose of the

data
List of those involved in the information life cycle:

Stakeholders/Parties

Create/Collect

Use

Disclose/Share

Store/Dispose

1. What things might happen if someone

unauthorized gets this data

2. How might this happen (describe scenario/s)

3. How much damage might this cause to the

data subject (on a scale of 1 to 4)

1. What things might happen if someone alters

or changes this data

2. How might this happen (describe scenario/s)

 3. How much damage might this cause to the
data subject (on a scale of 1 to 4)

1. What things might happen if this data

suddenly becomes unavailable

2. How might this happen (describe scenario/s)

3. How much damage might this cause to the

data subject (on a scale of 1 to 4)

1. What things might happen if this data is used

for other purposes

2. How might this happen (describe scenario/s)

3. How much damage might this cause to the

data subject (on a scale of 1 to 4)

Summary of Privacy Risks Identified:

Ref Data Privacy Risk/ Type of
.# Subject Impact on the Data Subject threat
Severity Likelihood
 1. For each privacy risk, determine the type of threat:

(C) Confidentiality – disclosure to unauthorized persons

(I) Integrity – accidental or intentional alteration of data
(A) Availability – loss or destruction of data
(U) Unauthorized – purpose or processing goes beyond what was authorized
(V) Violation – privacy rights of the data subject may be curtailed or violated

2. Rate each privacy risk for severity or impact:

(1) Level 1 – Negligible (minor stress, irritation, annoyance)
(2) Level 2 – Limited (inconvenience which can be overcome somehow)
(3) Level 3 – Significant (significant consequences, serious difficulties)
(4) Level 4 – Extreme (long-term consequences, maybe even irreversible)

3. Rate each privacy risk for likelihood or probability:

(1) Unlikely – very slight possibility of this happening in the future
(2) Possible – medium possibility of this happening in the future
(3) Likely – strong possibility of this happening in the future
(4) Almost Certain – very high possibility of this happening in the future

Risk Map before controls are applied (place ref. # on the chart below):
Explore if some privacy-by-design principles can be applied:

What are the ways we can

increase the benefits provided?
If yes, how?

What are the ways we can

collect less data and thus
reduce the exposure level?

What are the ways we can

reduce the number of people
who are accessing this data?

What are the ways we can

reduce the privacy risks related
to someone unauthorized
getting this data?

What are the ways we can

reduce the privacy risks related
to someone altering or
changing the data?

What are the ways we can

reduce the privacy risks related
to the data suddenly becoming
inaccessible?

What are the ways we can

reduce the privacy risks related
to re-using the data for other
purposes?
Summarize below the list of proposed control measures with type of measure (organizational, physical,
technical, policy, legal), estimated cost, and estimated implementation timeframe:

Description of Proposed Control Type of Estimated Time to Complexity

Measure measure Cost Deploy (H/M/L)

Risk Map after controls are applied (place ref. # on the chart below):
Benefits of conducting a PIA (select/rank those which apply to your organization):

◻ A PIA has often been described as an early warning system. It provides a way to detect
potential privacy risks arising from the processing of PI and thereby informing an
organization of where they should take precautions and build tailored safeguards
before, not after, the organization makes heavy investments. The costs of amending a
project at the planning stage will usually be a fraction of those incurred later on. If the
privacy impact is unacceptable, the project may even have to be cancelled altogether.
Thus, a PIA helps to identify privacy issues early and/or to reduce costs in management
time, legal expenses and potential media or public concern by considering privacy issues
early. It may also help an organization to avoid costly or embarrassing privacy mistakes.

◻ Although a PIA should be more than simply a compliance check, it does nevertheless
contribute to an organization’s demonstration of its compliance with relevant privacy
and data protection requirements in the event of a subsequent complaint, privacy audit
or compliance investigation. In the event of a privacy risk or breach occurring, the PIA
report can provide evidence that the organization acted appropriately in attempting to
prevent the occurrence. This can help to reduce or even eliminate any liability, negative
publicity and loss of reputation.

◻ An appropriate PIA also demonstrates to an organization’s customers and/or citizens

that it respects their privacy and is responsive to their concerns. Customers or citizens
are more likely to trust an organization that performs a PIA than one that does not.
◻ A PIA enhances informed decisionmaking and exposes internal communication gaps or
hidden assumptions on privacy issues about the project. A PIA is a tool to undertake the
systematic analysis of privacy issues arising from a project in order to inform decision
makers. A PIA can be a credible source of information.

◻ A PIA enables an organization to learn about the privacy pitfalls of a process,

information system or programme upfront, rather than having its auditors or
competitors point them out. A PIA assists in anticipating and responding to the public’s
privacy concerns.

◻ A PIA can help an organization gain the public’s trust and confidence that privacy has
been built into the design of a process, information system or programme. Trust is built
on transparency, and a PIA is a disciplined process that promotes open communications,
common understanding and transparency. An organization that undertakes a PIA
demonstrates to its employees and contractors that it takes privacy seriously and
expects them to do so too.

◻ A PIA is a way of educating employees about privacy and making them alert to privacy
problems that might damage the organization. It is a way to affirm the organization’s
values.

◻ A PIA can be used as an indication of due diligence and may reduce the number of
consumer and compliance audits.

◻ Others: _________________________________________________________________