Privacy Impact Assessments

A Privacy Impact Assessment (PIA) is a compliance and risk management tool used by ÂÜÀòÉäÇø to assess and address privacy risks associated with a new or changing initiative or program. Completing a PIA is a requirement of British Columbia’s Freedom of Information and Protection of Privacy Act (FOIPPA) and is necessary for all initiatives or programs at ÂÜÀòÉäÇø. 

When is a PIA required?

A PIA is required for all new or changing initiatives or software programs at ÂÜÀòÉäÇø that collect or use personal information. 

What is considered personal information?

Personal information is considered any information about an identifiable individual. This can include names, birth dates, student ID numbers, mailing addresses, medical information, or any other information that can be used to identify an individual. 

Does my initiative require a PIA?

All new and changing initiatives at ÂÜÀòÉäÇø require discussion with ÂÜÀòÉäÇø Privacy to determine whether a PIA is required or not. 


For more information or to start the PIA process, contact Privacy. 

For more information on the PIA process, see the workflow chart below.


To complete a PIA, you will need to know the following information about the initiative:

  • What type of personal information is being collected.
  • How personal information is being collected.
  • How personal information is being stored.
  • How personal information is being used.
  • Who personal information is being shared with.
  • What safeguards are in place to ensure the protection of personal information.
  • What the privacy risk are and mitigation strategies.

In addition to working with Privacy, a new or changing initiative may also require input from Information SecurityContracts & Supply Chain Management, and IT Services. Contact these departments alongside Privacy. 


Privacy Impact Assessment Directory 

A public version of all privacy impact assessments approved after 2023 is available on the web.