Privacy Impact Assessment

ISO 29134

ISO 29134:2017 Privacy Impact Assessment is an instrument to assess the potential impact on privacy. Privacy is a process, information system, program, software module, or other initiative that processes personally identifiable information and consults with stakeholders to take actions such as addressing privacy risks.

Privacy Impact Assessments are conducted by organizations that take their responsibilities seriously and treat PII adequately. In many areas, PIA is required to meet legal and regulatory requirements.

The terms that are intended to be used when the impact of privacy on PII principles include considerations of processes, information systems or programs, such as:

  • Responsibility for the implementation and/or delivery of processes, information systems or programs is shared with other organizations and it must be ensured that each organization is properly addressing the identified risks.
  • An organization undertakes privacy risk management as part of its overall risk management effort while preparing for the implementation or improvement of its ISMS or an organization undertakes privacy risk management as an independent function
  • An organization (e.g. government) undertakes an initiative where the future controlling organization of PII is not yet known, so the treatment plan cannot be implemented directly and, therefore, this treatment plan must be part of an appropriate law, regulation or contract.
  • Organizations want to act responsibly towards PII principles