Text size A  A  A

WV State Privacy Office

1124 Smith Street
Suite 4300
Charleston, WV 25311

304-766-2646 Phone
304-558-6004 Fax

 Privacy Impact Assessment (PIA)

What is a Privacy Impact Assessment (PIA)?

A PIA is a tool used to assess the privacy impact and risks to the personally identifiable information (PII) stored, used, and exchanged by information systems. A PIA evaluates privacy implications when information systems are created, when existing systems are significantly modified, or new technology is purchased.

Here are just a few benefits of a PIA:

+ It provides a proactive approach to privacy management.
+ It evaluates whether appropriate privacy protections and necessary mitigation or safeguards are present.
+ It applies privacy requirements, complementing organization-wide compliance activities (e.g. HIPAA privacy, etc.)
+ It enhances current data inventories of information collected, used, stored, and exchanged by systems.
+ It provides opportunity for additional education and awareness about privacy.

When should a PIA be conducted?
 
To be effective, a PIA should be an integral part of the project planning process. It should be conducted to evaluate information privacy and security throughout the lifecycle of a system, product or project, or when sharing or exchanging PII with other organizations or Departments.
A Department should:
+ Start early to ensure that project risks are identified and appreciated before the problems become embedded in the design.
+ Incorporate a PIA into the project initiation phase
+ Start today if the project is already underway, so that any major issues are identified with the minimum possible delay.

The Privacy Impact Assessment is a new program. We welcome your feedback and suggestions for improvement.

Privacy Impact Assessment Guidance

Screenshots - Privacy Threshold Analysis (PTA)
(This part of the Assessment determines if the full Assessment should be completed)

​Screenshots - Full Privacy Impact Assessment (PIA)

Privacy Impact Assessment Tool
Please plan for this assessment to take about 30 minutes to complete, and be aware that your answers will not be saved.
You must complete the entire assessment to generate the report at the conclusion.
You will be logged out of the assessment after 20 minutes of inactivity.
If your department is not listed in the tool, please contact Sue Haga (shaga@hcawv.org).

Privacy Impact Assessment Training
Power Point Slides: Part 1Part 2
Test your knowledge! Privacy QuizcompleteScreenshots - Privacy


Privacy, Security and Accessibility | WV.gov | USA.gov | © 2017 State of West Virginia