Scribd Logo
Carica

Benvenuto in Scribd!

  • 02 Privacy Impact Assessment

    Caricato da

    Marnie Tonson
    120 visualizzazioni3 pagine
    Privacy Impact Assessment

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Privacy Impact Assessment

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    120 visualizzazioni3 pagine

    02 Privacy Impact Assessment

    Caricato da

    Marnie Tonson
    Privacy Impact Assessment

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 3

    The Department of Information and Communications Technology

    Privacy Impact Assessment

    A Privacy Impact Assessment (PIA) is a process undertaken and


    used by a government agency to evaluate and manage the impact of
    its program, process and/or measure on data privacy.

    A government agency engaged in the processing of personal data


    is required to conduct a PIA for each of its programs, processes or
    measures that involve personal data.
    The Contents of the PIA The Control Framework
    A control framework is a comprehensive set of measures
    1. Data inventory identifying: intended to address the risks identified in the privacy impact
    the types of personal data held by the agency, including assessment. It includes organizational, physical and technical
    records of its own employees; measures that maintain the availability, integrity and confidentiality
    list of all information repositories holding personal data, of personal data and protect the latter against natural dangers
    including their location; such as accidental loss or destruction, and human dangers such
    types of media used for storing the personal data; and as unlawful access, fraudulent misuse, unlawful destruction,
    risks associated with the processing of the personal data; alteration and contamination.

    2. Systematic description of the anticipated processing operations It must consider the following:
    and the purposes of the processing, including, where applicable, the
    legitimate interest pursued by the agency;

    3. Assessment of the necessity and proportionality of the


    processing in relation to the purposes of the processing; and

    4. Assessment of the risks to the rights and freedoms of data


    subjects.

    Nature of the personal data Risks represented by the


    Is there a recommended minimum standard for to be protected processing, the size of the
    organization and complexity
    assessing gaps in the control framework? of its operations

    For agencies that process the personal data records of more than
    one thousand (1,000) individuals, including agency personnel, the
    Commission recommends the use of the ISO/IEC 27002 control
    set as the minimum standard to assess any gaps in the agencys
    control framework.

    Current data privacy Cost of security


    best practices implementation

    PRIVACY.GOV.PH PRIVACY IMPACT ASSESSMENT


    PRIVACY.GOV.PH

    Potrebbero piacerti anche