Privacy impact assessments (PIAs) are an important tool for managing risk in both public and private sector projects. The best evidence of how PIAs are being conducted is the PIA reports published at the conclusion of the process. This paper aims to consider PIA reports from five countries and assesses their strengths, weaknesses and impacts.
The paper also identifies key trends and makes recommendations for improving the PIA process and enabling access to lessons learned by PIA practitioners.
The paper calls for further study of PIA case studies to determine how closely practitioners and assessors follow the PIA methodologies promulgated in their countries, to seek good practice in the preparation of PIAs and for the creation of a central repository for PIAs.
The author believes this is the first such paper to review actual PIA reports.
