Privacy Impact Assessments
For information relating to the cyber incident notifications, please visit our Cyber Incident website.
Privacy Impact Assessments (PIAs)
The Privacy Management Plan requires the University to ensure ‘privacy by design’ in its projects, system, activity, product, or service (an “undertaking”) by completing and approving Privacy Impact Assessments (PIA) on the Online PIA Form.
The Privacy Impact Assessment Procedures within the PMP outlines the steps with which to comply.
Why is a PIA required?
The University requires a PIA to be completed for any new or updated project, system, activity, product, or service (an “undertaking”) that involves the collection, use, disclosure, storage, access, retention, or destruction of personal, health, or sensitive information.
What does a PIA achieve?
A PIA ensures that potential privacy risks and impacts are identified, assessed, and appropriately mitigated throughout the lifecycle of the undertaking.
When does a PIA need to be completed?
A PIA must be completed prior to implementation of the undertaking, allowing sufficient time to address any identified risks and implement mitigation measures.
Who completes the PIA?
The staff member responsible for managing the undertaking, or overseeing the team responsible for it, is accountable for completing the PIA.
Who approves the PIA?
The relevant Executive responsible for the business unit (the Executive Sponsor) approves the PIA.
View PIA Workflow
View PIA Workflow