NL Centre for Health Information
Full PIA Report Template v2.2 2013-01-03 FINAL
Update cover page and header.
2
NL Centre for Health Information
Full PIA Report Template v2.2 2013-01-03 FINAL
Preamble
A Privacy Impact Assessment (PIA) is an assessment tool used to evaluate the impact
on privacy that results from change to a system, environment, or process; for example,
such change might take the form of a revised policy, a software upgrade, or the
introduction of new technology. A PIA is conducted by considering the system,
environment, or process in the context of privacy principles, best practices, codes of
conduct, legislation, and relevant directives.
The following sections constitute a template that has been created to support the writing
of full PIA reports by the Centre. The Centre also maintains a template for “short form”
PIAs, the results of which may lead to the need for a full PIA report.
This section should be removed from the final PIA report, as well as the table of
contents.
3
NL Centre for Health Information
Full PIA Report Template v2.2 2013-01-03 FINAL
Executive Summary
Brief commentary to summarize PIA.




Introduce subject
Timeframe/Scope
Other relevant points
Conclusion
List risks identified through PIA.
Privacy Risk 1: The possible locations of personal information in the System are
not well understood. (Risk Level: High)
Proposed Strategy
Mitigate by ….
Privacy Risk 2: Personal information is being retained in the System for longer
than it needs to be retained. (Moderate)
Proposed Strategy
Accept the risk.
4
NL Centre for Health Information
Full PIA Report Template v2.2 2013-01-03 FINAL
Table of Contents
Preamble......................................................................................................................... 3
Executive Summary ........................................................................................................ 4
1
2
3
Introduction.............................................................................................................. 6
1.1
What is a Privacy Impact Assessment?............................................................. 6
1.2
About this Privacy Impact Assessment.............................................................. 6
1.2.1
Timeline ..................................................................................................... 6
1.2.2
Scope......................................................................................................... 6
1.2.3
Methodology .............................................................................................. 6
General Description ................................................................................................. 7
2.1
Uses.................................................................................................................. 7
2.2
Support Tiers .................................................................................................... 7
2.3
Lifecycle ............................................................................................................ 7
2.4
Users and Roles ............................................................................................... 7
2.5
Personal Information ......................................................................................... 7
2.6
Architecture ....................................................................................................... 7
Privacy Analysis ...................................................................................................... 8
3.1
Accountability .................................................................................................... 8
3.2
Identifying Purpose ........................................................................................... 8
3.3
Consent ............................................................................................................ 8
3.4
Limiting Collection ............................................................................................. 8
3.5
Limiting Use, Disclosure, and Retention ............................................................ 9
3.6
Accuracy and Integrity ....................................................................................... 9
3.7
Security Safeguards .......................................................................................... 9
3.8
Openness ......................................................................................................... 9
3.9
Individual Access .............................................................................................. 9
3.10
Challenging Compliance ................................................................................ 9
4
Risks and Recommendations ................................................................................ 11
5
Conclusion............................................................................................................. 12
Appendix A
Risk Assessment Methodology ............................................................. 13
Appendix B
Sources of Information.......................................................................... 14
Appendix C
Additional appendices .......................................................................... 15
5
NL Centre for Health Information
Full PIA Report Template v2.2 2013-01-03 FINAL
1 Introduction
The Centre for Health Information (the “Centre”) provides quality information to health
professionals, the public, researchers, and health system decision-makers. Through
collaboration with the health system, the Centre supports the development of data and
technical standards, maintains key health databases, prepares and distributes health
reports and supports and carries out applied health research and benefits evaluations.
The Centre's mandate also includes the development and implementation of a
confidential and secure provincial Electronic Health Record, including the change
management required to support adoption by end user clinicians.
A line or two to describe subject of PIA. This report presents the results of a Privacy
Impact Assessment conducted on the subject.
1.1
What is a Privacy Impact Assessment?
A Privacy Impact Assessment (PIA) is an assessment tool used to evaluate the impact
on privacy that results from change to a system, environment, or process; for example,
such change might take the form of a revised policy, a software upgrade, or the
introduction of new technology. A PIA is conducted by considering the system,
environment, or process in the context of privacy principles, best practices, codes of
conduct, legislation, and relevant directives.
PIAs serve to inform relevant stakeholders and decision-makers on privacy
considerations pertaining to the system, environment, or process; as such, PIAs should
be timed so as to allow the findings of the assessment to factor into decision-making
processes.
PIAs are “living” documents that should be revisited whenever there is further change to
the system, environment, or process.
1.2
1.2.1
About this Privacy Impact Assessment
Timeline
The PIA was conducted between insert dates.
1.2.2
Scope
Describe scope.
1.2.3
Methodology
Add relevant commentary about methodology.
Sources of information that supported this PIA can be found in Sources of Information.
6
NL Centre for Health Information
Full PIA Report Template v2.2 2013-01-03 FINAL
2 General Description
Brief introduction to subject.
The subheadings found in this section are flexible – whatever is required to provide
sufficient context to perform a privacy analysis. Possible subheading might include











Uses of system
User accounts/roles
User registration
Personal Information sources
Data flows
Information Lifecycles
Architecture
Known Safeguards
Existing risk documentation
Support models
Collections, uses, and disclosures
2.1
Uses
2.2
Support Tiers
2.3
Lifecycle
2.4
Users and Roles
2.5
Personal Information
2.6
Architecture
7
NL Centre for Health Information
Full PIA Report Template v2.2 2013-01-03 FINAL
3 Privacy Analysis
The privacy analysis conducted as part of this PIA is centered on the principles of the
Canadian Standards Association Model Code for the Protection of Personal Information
(“Model Code”), which forms the basis for the Centre’s privacy program.
In addition to the principles found in the Model Code, the analysis will consider all
applicable legislation, codes of conduct, best practice, and directives. Specifically the
analysis will consider mention any specific legislation/codes (and whether or not they
align with the Model Code).
The focus of the analysis should be on the privacy principles found in the Model Code,
not legislation (discussion of specific legislative considerations should be woven through
the analysis of the principles).
3.1
Accountability
An organization is responsible for personal information under its control and shall
designate an individual or individuals who are accountable for the organization's
compliance [with the principles of the Model Code].1
Insert analysis on the principle.
3.2
Identifying Purpose
The purposes for which personal information is collected shall be identified by the
organization at or before the time the information is collected.2
Insert analysis on the principle.
3.3
Consent
The knowledge and consent of the individual are required for the collection, use, or
disclosure of personal information, except where inappropriate.3
Insert analysis on the principle.
3.4
Limiting Collection
The collection of personal information shall be limited to that which is necessary for the
purposes identified by the organization. Information shall be collected by fair and lawful
means.4
Insert analysis on the principle.
1
Canadian Standards Association Model Code for the Protection of Personal Information
2
Canadian Standards Association Model Code for the Protection of Personal Information
3
Canadian Standards Association Model Code for the Protection of Personal Information
4
Canadian Standards Association Model Code for the Protection of Personal Information
8
NL Centre for Health Information
3.5
Full PIA Report Template v2.2 2013-01-03 FINAL
Limiting Use, Disclosure, and Retention
Personal information shall not be used or disclosed for purposes other than those for
which it was collected, except with the consent of the individual or as required by law.
Personal information shall be retained only as long as necessary for the fulfillment of
those purposes.5
Insert analysis on the principle.
3.6
Accuracy and Integrity
Personal information shall be as accurate, complete, and up-to-date as is necessary for
the purposes for which it is to be used.6
Insert analysis on the principle.
3.7
Security Safeguards
Personal information shall be protected by security safeguards appropriate to the
sensitivity of the information. 7
Insert analysis on the principle, with specific attention to any security documentation,
such as Threat Risk Assessments and Vulnerability Assessments.
3.8
Openness
An organization shall make readily available to individuals specific information about its
policies and practices relating to the management of personal information. 8
Insert analysis on the principle.
3.9
Individual Access
Upon request, an individual shall be informed of the existence, use, and disclosure of his
or her personal information and shall be given access to that information. An individual
shall be able to challenge the accuracy and completeness of the information and have it
amended as appropriate. 9
Insert analysis on the principle.
3.10 Challenging Compliance
An individual shall be able to address a challenge concerning compliance [with the
principles of the Model Code] to the designated individual or individuals accountable for
the organization's compliance. 10
5
Canadian Standards Association Model Code for the Protection of Personal Information
6
Canadian Standards Association Model Code for the Protection of Personal Information
7
Canadian Standards Association Model Code for the Protection of Personal Information
8
Canadian Standards Association Model Code for the Protection of Personal Information
9
Canadian Standards Association Model Code for the Protection of Personal Information
10
Canadian Standards Association Model Code for the Protection of Personal Information
9
NL Centre for Health Information
Full PIA Report Template v2.2 2013-01-03 FINAL
Insert analysis on the principle.
10
NL Centre for Health Information
Full PIA Report Template v2.2 2013-01-03 FINAL
4 Risks and Recommendations
The Centre has not developed a risk management process explicitly for subject, but has
established an information protection risk management process for the entire
organization which is integrated into the Centre’s Enterprise Risk Management activities.
For details on the Centre’s risk assessment methodology, see Risk Assessment
Methodology.
There were insert numbers risks identified through the PIA.
Insert risks that have been identified
Privacy Risk 1: The possible locations of personal information in the System are
not well understood.
Brief explanation of risk.
Evaluation




Likelihood: Likely (4)
o List factors that contribute to scoring.
Impact: Major (4)
o List factors that contribute to scoring.
Risk Level: High (16)
Additional Notes:
o List any addition context that might be of benefit.
Proposed Strategy
Briefly describe proposed strategy (mitigate by, accept…).
Privacy Risk 2: Personal information is being retained in the System for longer
than it needs to be retained.
Brief explanation of risk.
Evaluation




Likelihood: Likely (4)
o List factors that contribute to scoring.
Impact: Major (4)
o List factors that contribute to scoring.
Risk Level: High (16)
Additional Notes:
o List any addition context that might be of benefit.
Proposed Strategy
Briefly describe proposed strategy (mitigate by, accept…).
11
NL Centre for Health Information
Full PIA Report Template v2.2 2013-01-03 FINAL
5 Conclusion
Brief conclusion.
12
NL Centre for Health Information
Appendix A
Full PIA Report Template v2.2 2013-01-03 FINAL
Risk Assessment Methodology
The Centre’s Risk Assessment approach rates both the likelihood of an adverse event,
and the impact of that event, on a scale of one to five, as illustrated in Table 1 and
Table 2. The overall score attributed to the risk of that such an adverse event occurring
is calculated as the product of the likelihood and impact ratings to produce a score and
risk level, as illustrated in Table 3. Once risks have been identified and qualified, a
decision must be made on how to manage the risk. Risks can be avoided, transferred,
mitigated or accepted.
LIKELIHOOD of Event
Level
Descriptor
5
Almost Certain
4
Likely
3
Possible
2
Unlikely
1
Rare
Table 1: Event Likelihood
IMPACT of Event
Level
Descriptor
5
Catastrophic
4
Major
3
Moderate
2
Minor
1
Insignificant
Table 2: Event Impact
Overall Risk
Level
Descriptor
20+
Extreme
11-19
High
5-10
Moderate
1-4
Low
Table 3: Overall Risk
13
NL Centre for Health Information
Appendix B
Full PIA Report Template v2.2 2013-01-03 FINAL
Sources of Information
The following sources were consulted or used in conducting the Privacy Impact
Assessment.

List sources
Some of the key informants for this PIA include the following.

List key informants
14
NL Centre for Health Information
Appendix C
Full PIA Report Template v2.2 2013-01-03 FINAL
Additional appendices
Insert additional appendices as required. Please use appendix styles for headers.
15