Privacy Impact Assessment Quickscan

With the help of a Privacy Impact Assessment (PIA) you can (better) estimate the potential privacy risks associated with a new application, service or product. On the basis of ten simple questions it is determined whether conducting a PIA is useful, desirable or necessary.

Are large amounts of data concerning persons collected in the course of a project?

Examples: marketing databases, medical records, credit scoring

Are data concerning large groups of persons collected in the course of a project?

Examples: customer databases, medical records, files on employees.

Are multiple sources of data linked to each other, compared or otherwise integrated for the project?

Examples: data warehouses, reference indexes, data-matching, data mining, enriching data.

Are new technologies being used in the project that could threaten privacy?

Examples: RFID, biometrics, cameras, profiling, data mining or geolocation.

Are means being implemented for the project that are specifically for the purpose of identification of persons?

Examples: digital signatures, biometric data, identification numbers and social security numbers.

Does the project link the identity of a person to transactions or acts that could previously be performed anonymously or pseudonymously?

Examples: a train ticket mentioning the passenger’s name instead of an anonymous ticket.

Does the project entail the cooperation between multiple partners (public and/or private)?

Are data being shared between these partners?

Are these data being made public or disclosed to third parties?

Has there been societal opposition towards comparable projects in the past?