Privacy impact assessment: Its origins and development

Privacy impact assessment (PIA) is a systematic process for evaluating the potential effects on privacy of a project, initiative or proposed system or scheme. Its use has become progressively more common from the mid-1990s onwards.On the one hand, privacy oversight agencies and privacy advocates see PIAs as an antidote to the serious privacy-intrusiveness of business processes in the public and private sectors and the ravages of rapidly developing information technologies. On the other, governments and business enterprises alike have struggled to encourage public acceptance and adoption of technologies that are very apparently privacy-invasive, and have been turning to PIAs as a means of understanding concerns and mitigating business risks.This paper distinguishes PIAs from other business processes, such as privacy issues analysis, privacy law compliance checking and privacy audit, and identifies key aspects of the development of PIA practice and policy from their beginnings through to the end of 2008.