Privacy Impact Assessment (PIA)

The Privacy Impact Assessment is a formal and necessary compliance assessment process used to identify and evaluate privacy risks associated with the use of a solution or a service component offered by an identity service or a technology provider, or the development cycle of a project, a program or system (technology or solution).

Regulatory regimes:

  • Canada: The Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Canada: Various Provincial Privacy laws
  • EU: General Data Protection Regulation (GDPR)

Available services

Documentation Review

Pillar: Privacy | Type: Conformity | Level: 1

This option includes the review of software documentation and related company policies, plans and procedures against relevant privacy frameworks. The deliverable will be a detailed report containing insights and recommendations on how to improve the privacy robustness of your solution and of its future development. The report would indicate that IDLab did not perform an arm’s length examination of the software and only relied on documentation.


Technology Review

Pillar: Privacy | Type: Conformity | Level: 2

This option includes an arm’s length review of software policies and business logic, user rights management procedures, coupled with a review of software documentation and related company policies, plans and procedures against relevant privacy frameworks. The deliverable will be a detailed report containing insights and recommendations on how to improve the privacy robustness of your solution and of its future development. The report would indicate that IDLab did perform an arm’s length examination of the software.


That's what they say ;-)

“We believe that a strong Digital Identity ecosystem is critical to unlocking the digital economy in a way that both drives economic growth and protects Canadians’ privacy. We are proud to work with The Lab to promote interoperability, reduce technological barriers, and accelerate adoption of these exciting digital solutions.”

Esther Dryburgh, Digital Identity Lead at Deloitte