Privacy Impact Assessment (PIA)

   

The Privacy Impact Assessment is a formal and necessary compliance assessment process used to identify and evaluate privacy risks associated with the use of a solution or a service component offered by an identity service or a technology provider, or the development cycle of a project, a program or system (technology or solution).

Regulatory regimes:

  • Canada: The Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Canada: Various Provincial Privacy laws
  • EU: General Data Protection Regulation (GDPR)

Available services

Documentation Review

Pillar: Privacy | Type: Conformity | Level: 1

This option includes the review of software documentation and related company policies, plans and procedures against relevant privacy frameworks. The deliverable will be a detailed report containing insights and recommendations on how to improve the privacy robustness of your solution and of its future development. The report would indicate that IDLab did not perform an arm’s length examination of the software and only relied on documentation.

Technology Review

Pillar: Privacy | Type: Conformity | Level: 2

This option includes an arm’s length review of software policies and business logic, user rights management procedures, coupled with a review of software documentation and related company policies, plans and procedures against relevant privacy frameworks. The deliverable will be a detailed report containing insights and recommendations on how to improve the privacy robustness of your solution and of its future development. The report would indicate that IDLab did perform an arm’s length examination of the software.

Blog

Read the blog

September 28, 2023

Impact Area – IDLab 2.0 is Promoting a Better Understanding of Digital Identity and Credentials