With most provisions of the Act to modernize legislative provisions as regards the protection of personal information (Act 25) having just come into effect on September 22, public bodies and enterprises (organizations) will now need to conduct privacy impact assessments (PIA) during various projects that involve personal information. A PIA is an impact analysis that takes all personal information of the persons concerned into consideration to prevent the mismanagement of that information and ensure its protection throughout the project.
To help organizations, the Commission d’accès à l’information (CAI) published a guide (available in French only) that walks them through conducting a PIA. The guide describes the steps of a PIA and details various factors that must be considered in this analysis, including the specific considerations that apply in different situations. Interestingly, even though a PIA is mandatory in some contexts, Act 25 does not specifically indicate how it should be conducted. The CAI guide is therefore only intended for information purposes.
Read the full update here.