Privacy Impact Assessments
TRU uses a Privacy Impact Assessment (PIA) to assess a project or program and identify the most effective way to comply with the BC Freedom of Information and Protection of Privacy Act (FIPPA). Section 69(5.3) of FIPPA requires TRU to perform a PIA on any new initiative for which no PIA has previously been conducted, or where there is a significant change to an existing initiative, including but not limited to a change in the location in which sensitive personal information is stored when it is stored outside of Canada.
The PIA assessment process is led by the Information Security Office and includes the participation and input from the Privacy and Access Office, and the department’s project coordinator or sponsor (client/requestor). It is the client/requestor’s responsibility to understand how the project uses personal information.
If you would like to implement a new initiative (software, etc.) please contact the Director of Information Security at firstname.lastname@example.org. You should gather basic information about the initiative first, including the following:
- The purpose or objective of the initiative.
- The information elements, including personal information, to be collected, used, disclosed, or stored, and confirm that the personal information elements are necessary for the purpose of the initiative.
- Where applicable:
- How and from whom the personal information will be collected;
- How the personal information will be used;
- How and to whom the personal information will be disclosed; and
- If an assessment or disclosure for storage of personal information outside of Canada is required (will be required where the initiative involves information that is sensitive and that information will be disclosed to be stored outside of Canada).
- Information about any security/safeguards in place to protect personal information.
- A link to the main website/product page.
- Any relevant company contact information.
- Please also provide any applicable privacy policies, and any applicable security policies.