Demystifying the Privacy Impact Assessment Process at UBC

Last updated: November 21, 2024


 

At UBC, protecting the personal information of our community is a fundamental commitment, one that is mandated by law. The Privacy Impact Assessment (PIA) process exemplifies this dedication.  It serves as a critical tool for thoroughly examining and mitigating potential privacy and information security risks in every new program, service, or initiative. What is a PIA? 

Think of a PIA as a thorough review process that identifies and addresses potential privacy concerns before a new university project launches. By proactively assessing risks, the PIA helps UBC ensure that projects uphold privacy standards, avoid costly disruptions, and maintain trust by demonstrating accountability and transparency. This proactive approach is essential not just for preventing data breaches, but for managing all aspects of privacy risks effectively. 

Why is it Needed? 

A PIA is a systematic review that evaluates how personal information is managed within a project. It identifies and mitigates potential privacy and information security risks, which is crucial for compliance with regulations such as The Freedom of Information and Protection of Privacy Act (FIPPA) and UBC’s Information Systems Policy.   

When is a PIA Required? 

Any new project or existing project undergoing significant modifications needs a PIA. This includes changes to how personal information is collected, used, disclosed, or stored. While research projects are generally exempt from PIAs, they may still require a security assessment for data collection tools. For more information, please visit the Office of Research Ethics. 

Important Considerations 

  • For initiatives that involve data handling and storage outside Canada, a risk-based decision is required to determine whether to proceed. 
  • Start the PIA process early to avoid delays and rework later. 
  • UBC's risk-based approach means complex projects may require a multi-step process throughout the project lifecycle, from conception to implementation and ongoing maintenance. 
  • Sharing completed PIAs with external entities requires approval from the Office of the University Counsel. 

Help and Resources 

For specific questions about the PIA process, the PIA Inquiry form is the best resource. UBC also offers a range of resources to support responsible use of technology, including: 

  • Privacy Matters Website: The UBC PIA webpage offers an overview of the PIA process, detailed guidelines and tools, FAQ, and PIA reports, and more to support and enhance privacy practices.  
  • Information Security Standards: These standards provide a comprehensive set of guidelines for handling personal information at UBC. 
  • Privacy Fact Sheets: These fact sheets offer clear and concise explanations of key privacy concepts relevant to UBC faculty, staff, and students. 
  • Interim PIA Guidelines:  Generative AI Tools:  These guidelines define the PIA standards for generative AI tools such as ChatGPT, GitHub Copilot, and DALL-E, addressing evolving privacy and security concerns. 
  • Principles for the Use of Generative AI Tools : These Principles provide direction for the UBC community on using generative AI responsibly. 

By engaging with the PIA process and leveraging UBC's strong commitment to privacy, faculty, staff, and collaborators are better equipped to manage and oversee projects that not only protect personal information but also fully comply with FIPPA and other relevant regulations. This approach not only mitigates risks but also enhances trust and accountability in handling data.  Ultimately, embedding these practices within the University’s operations fosters a culture of privacy awareness, significantly benefiting the UBC community and enhancing the success of technology-supported initiatives. 


  • Article

UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service. Bell Warning