Privacy Commissioner Publishes Information Leaflet on Privacy Impact Assessment

1.    The Privacy Commissioner for Personal Data ("the Commissioner") Mr. Roderick B. Woo published a new Information Leaflet on Privacy Impact Assessment ("Information Leaflet") today.

2.    The Information Leaflet explains to data users why and how a PIA should be undertaken and the benefits to be derived from it.  A pragmatic approach for the conduct of a PIA is suggested which include (i) data process cycle analysis; (ii) privacy risks analysis; (iii) avoiding or mitigating privacy risks; and (iv) PIA reporting.

3.    "Although PIA is not a requirement under the Personal Data (Privacy) Ordinance, I always advise organizational data users to conduct a PIA before embarking on a project which involves the handling of a substantial amount of personal data.  A PIA will not only serve to indicate the privacy risks the project may involve but also helps data users to build data protection into the design of the project." Mr. Woo said.

4.    The Information Leaflet can be obtained from the Commissioner's Office at 12/F., 248 Queen’s Road East, Wan Chai, Hong Kong; or downloaded from the Commissioner's Office's website at  http://www.pcpd.org.hk/english/publications/infor_booklet.html.


END