The Freedom of Information and Protection of Privacy Act (FOIPOP) sets out mandatory requirements relating to personal information held by public bodies. FOIPOP also requires that public bodies protect the confidentiality of personal information, and the privacy of the individual who is the subject of that information. This includes protecting the information from theft, loss and unauthorized access to, use of, disclosure, copying or disposal of the information.

A privacy impact assessment is a tool to identify risks and mitigation strategies associated with the use of personal information. It is an essential tool for ensuring compliance with the privacy requirements set out in FOIPOP and is a building block of a good privacy management program.

For more information about Privacy Management Programs visit the website of the Office of the Information and Privacy Commissioner’s website at:

A Privacy Impact Assessment (PIA) should be completed for all new systems, projects, programs or activities. PIAs should also be completed when any significant changes are being contemplated to projects, programs or systems.