A PIA is a systematic assessment of a project that identifies the impact that the project might have on the privacy of individuals, and sets out recommendations for managing, minimising or eliminating that impact.

The term ‘project’ is used loosely and is intended to cover the full range of activities and initiatives that may have privacy implications, including:

• policy proposals
• new or amended legislation
• new or amended programs, activities, practices, systems or databases
• new methods or procedures for service delivery or information handling
• changes to how information is stored
• new systems, processes or practices for handling personal information,
• new information sharing

PIAs are an important component in the protection of privacy, and should be part of the overall risk management and planning processes of APP entities.

Undertaking a PIA can assist entities to:

• describe how personal information flows in a project
• analyse the possible impacts on individuals’ privacy
• identify and recommend options for avoiding, minimising or mitigating negative privacy impacts
• build privacy considerations into the design of a project
• achieve the project’s goals while minimising the negative and enhancing the positive privacy impacts.

(1) Office of the Information Commissioner Queensland, Undertaking Privacy Impact Assessment