Privacy Impact Assessments

Privacy Impact Assessments (PIA) are a common tool when personal data is collected.

The PIA is available to enable and support you and your unit to better meet your objectives and obligations when using Personally identifiable information (PII).

PIAs are used in a number of institutions of similar size and complexity. They are often required to be conducted and referred to by various modern privacy laws. The PIA asks questions about the nature of sensitive and/or personal information collected, stored, transmitted, or shared.

The assessment provides preliminary guidance on what you may need to do to protect privacy.
These recommendations include:

  • Recommendations on actions you can take to improve your project aligned to University Privacy Principles
  • Technology capabilities you can consider that improve the privacy and/or cybersecurity profile of your project
  • Ways to design your project to minimize the collection/use of personal information while still meeting your outcomes
  • Actions you can take to improve your  ability to meet your regulatory compliance obligations and align with a variety of privacy and other laws
  • Who to contact at the University
  • Additional follow up if needed

A good overview is available at for more information on the general approach for PIAs and some examples for comparison.

Questions regarding PIAs?

Please email