PIAs, Practice Reviews and Audits: A Better Way to Manage Privacy

(IAPP Canada Privacy Symposium 2010)

For a decade or more, the privacy impact assessment (PIA) has been the privacy risk management tool of choice. Intended to identify privacy risks and propose mitigation measures, PIAs have proven fairly effective at encouraging the design of privacy-compliant programs, services and applications. However, PIAs are difficult to do well, can require considerable time, expense and expertise and, most importantly, are valid only for a given point in time. A better alternative for enterprise privacy risk management involves a combination of a multi-stage PIA, regular internal privacy practice reviews and periodic external privacy audits. Find out how you can use this methodology to improve privacy compliance without increasing cost, in part through the use of well-designed tools and checklists. Presenter: Alec Campbell, CIPP/C, CIPP/IT, President, Excela Associates Inc.