Privacy Impact Assessment (PIA)

Privacy Impact Assessment (PIA)

Privacy Impact Assessment (PIA)

A Privacy Impact Assessment (PIA) is a risk management and compliance review process used to identify and address potential information privacy and security issues, thus avoiding costly program, service, or process redesign and minimizing exposure to potential privacy breaches.

Why is a PIA required?
British Columbia’s Freedom of Information and Protection of Privacy Act (FIPPA) requires public bodies such as UBC to conduct a PIA for all new or substantially modified projects. A “project” refers to any system, process, program or activity that supports University business.

Overall accountability for the PIA process resides with the University Counsel, under whose guidance the PrISM unit of UBC’s Safety & Risk Services (SRS) handles the PIA process.