Privacy Impact Assessments

Privacy Impact Assessments (PIAs) are used to identify the potential privacy risks of new or redesigned federal government programs or services. They also help eliminate or reduce those risks to an acceptable level.

Virtually all government institutions, as defined in section 3 of the Privacy Act, including parent Crown corporations and any wholly owned subsidiary of these corporations, must conduct PIAs for new or redesigned programs and services that raise privacy issues. Government institutions must provide completed PIAs to the Treasury Board of Canada Secretariat (TBS) and the Office of the Privacy Commissioner of Canada (OPC).

TBS is responsible for preparing policy instruments concerning the operation of the Privacy Act and its regulations. This includes issuing directives and guidelines on privacy impact assessment related to the Privacy Act. The OPC has also developed guidance to assist federal institutions with the preparation of PIAs.

Explore the links on this page to access information related to PIAs.

Privacy Impact Assessments: Frequently asked questions

Learn about Privacy Impact Assessment under the Privacy Act.

Expectations: A Guide for Submitting Privacy Impact Assessments to the Office of the Privacy Commissioner of Canada

Read about what the OPC looks for in a privacy impact assessment when it conducts a review.

Top Ten Dos and Don’ts for Privacy Impact Assessments

Find basic tips for preparing privacy impact assessments under the Privacy Act.

Directive on Privacy Impact Assessment

Access the TBS’ Directive on PIA under the Privacy Act.

Why think about privacy? : A guide to the Privacy Impact Assessments process

Watch a video about preparing and submitting privacy impact assessments to the OPC.

OPC response to Canadian Air Transport Security Authority (CATSA) PIA

Read the OPC response to the CATSA PIA about the deployment of millimetre wave (MMW) screening technology at selected Canadian airports.

Speeches on Privacy Impact Assessments

Access speeches delivered by the OPC about privacy impact assessments.

Date modified: