Privacy Impact Assessments
A Privacy Impact Assessment (PIA) is a process which helps assess privacy risks to individuals in the collection, use and disclosure of personal information.
Building into Project Plans
Completion of a PIA should be built into the organisational business approval and procurement processes. Any systems which do not identify individuals in any way do not require a PIA to be completed. However, it is important to understand that what may appear to be "anonymised" data, could in fact be identifiable when used with other information, so anonymised data should be considered very carefully before any decision is made that it will not identify individuals. Advice may be sought from Derbyshire County Council's Data Protection Officer as to whether a PIA needs to be completed.
Responsibility for Conducting a PIA
Where a school is introducing a new or revised service or changes to a new system, process or information asset, the school is responsible for ensuring the completion of a PIA.
At the start of the design phase of any new service, process, purchase of implementation of an information asset for example, consideration should be given to the need and procedures for completing the PIA.