Privacy Impact Assessments
Privacy Impact Assessments (PIAs) are used to identify the potential privacy risks of new or redesigned federal government programs or services. They also help eliminate or reduce those risks to an acceptable level.
Virtually all government institutions, as defined in section 3 of the Privacy Act, including parent Crown corporations and any wholly owned subsidiary of these corporations, must conduct PIAs for new or redesigned programs and services that raise privacy issues. Government institutions must provide completed PIAs to the Treasury Board of Canada Secretariat (TBS) and the Office of the Privacy Commissioner of Canada (OPC).
TBS is responsible for preparing policy instruments concerning the operation of the Privacy Act and its regulations. This includes issuing directives and guidelines on privacy impact assessment related to the Privacy Act. The OPC has also developed guidance to assist federal institutions with the preparation of PIAs.
Explore the links on this page to access information related to PIAs.
Learn about Privacy Impact Assessment under the Privacy Act.
Expectations: A Guide for Submitting Privacy Impact Assessments to the Office of the Privacy Commissioner of Canada
Read about what the OPC looks for in a privacy impact assessment when it conducts a review.
Find basic tips for preparing privacy impact assessments under the Privacy Act.
Access the TBS’ Directive on PIA under the Privacy Act.
Watch a video about preparing and submitting privacy impact assessments to the OPC.
Access speeches delivered by the OPC about privacy impact assessments.
Report a problem or mistake on this page
- Date modified: