Protect Private Information. Protect Your Organization.
Overcome Risk with a Privacy Impact Assessment
$6.7 million is the average cost of a data breach for organizations in Canada, and 92% of people say they are concerned about their privacy.
Having robust privacy practices, especially when it comes to the collection, storage, and sharing of an individual’s private and personal information is not only a legal requirement – it is essential in ensuring public trust, and critical for the future operations of every organization in the digital age.
Think You Don't Need a PIA?
A Privacy Impact Assessment is a decision-making tool used to identify and mitigate privacy risks, more specifically what Personally Identifiable Information (PII) is collected and why, and how the information will be collected, used, accessed, shared, safeguarded, and stored.
Some organizations are legally required to complete a PIA, other organizations need a PIA to mitigate serious organizational risk. But there is no possible risk to your organization for simply completing a PIA – the provincial privacy office will either accept the submission or provide mitigation actions. Your PIA gives you two things:
- A proven record of investigating your privacy & security
- And possibly provincial acceptance of your current practices
You Need Smarter Policies for the Digital Age
The PIA will accomplish three goals:
1
Ensure compliance with applicable legal, regulatory and policy requirements for privacy
2
Expose potential risks and negative outcomes
3
Evaluate protections and alternative processes to mitigate potential privacy risks
PIA Legislation
Legislation requires health and social service providers to take certain steps (like completing a PIA) to protect the data and privacy associated with the individuals they serve. Under Alberta provincial legislation, a health service is a service that is provided to an individual for any of the following purposes:
- The protection, promotion, or assistance dealing with maintaining physical and mental health
- Illness prevention, the diagnosis and treatment of illness
- Rehabilitation
- Care for the health needs of the ill, disabled, injured, or dying
Custodians of health information are mandated to implement a PIA, but the process also mitigates privacy oversights by finding gaps in the storage, treatment, and disposal of data, and taking inventory of your security. A Privacy Impact Assessment ensures your organization is properly protecting not only those receiving services, but also the organization as a whole by mitigating financial and reputational risk to privacy breaches.
Either Mandatory or Voluntary, It’s Just Best Practice
Organizations that are not legally mandated to complete a PIA must consider the risk mitigation benefits in completing a voluntary PIA and the increased capacity to reduce the dangers of a privacy breach. Not only will you be better equipped to identify risks, but the province won’t mandate remediation, instead just suggest steps for your organization to follow.
The HelpSeeker PIA Process
With layers of information and legislation to sift through, ensuring your privacy protections are compliant can be a daunting task, but HelpSeeker’s process makes it easy:
A simple questionnaire on your current practices.
Staff training to enhance internal capacity.
Draft PIA prepared for review, edits and submission.
One-on-one leadership check-ins to provide additional insights.
Faster and easier annual compliance guidance and updates.
