This was a joint project with Loughborough University, Linden Consulting Inc (Canada), and Xamax Consultancy Pty Ltd (Australia). The project proposal was accepted in July 2007, and ran from 9 July to 31 October 2007.
The project was designed to provide an international study of the use and effectiveness of Privacy Impact Assessments (PIAs), including recommendations for best practice for possible adoption in the UK context. It constructed a comprehensive methodology for the conduct of effective PIAs in the UK context, based on experience elsewhere, and developed a user-friendly PIA Handbook for use by practitioners, to guide them through the PIA process in line with relevant UK legislation.
Andrew Charlesworth carried out the primary research for the Canadian Federal, Ontario, and European jurisdiction reports, including interviews with Privacy and Information Commissioners, senior government officials and in-house public and private sector privacy teams.
An online handbook intended to be of practical use for organisations wishing to conduct a Privacy Impact Assessment
The ‘Privacy Impact Assessment’ handbook
A study into the use of Privacy Impact Assessments (PIAs) around the world. This groundbreaking work looked at the use of PIAs in other countries, identified lessons to be learned from their experiences, and developed a PIA methodology for use in the UK.
Privacy Impact Assessments: international study of their application and effects
Appendix A - Framework for analysis
Appendix B - List of interviewees, by jurisdiction, agency and organisation type
Appendix C - Jurisdictional report for Canada
Appendix D - Jurisdictional report for the United States of America
Appendix E - Jurisdictional report for Australia
Appendix F - Jurisdictional report for New Zealand
Appendix G - Jurisdictional report for Hong Kong
Appendix H - Broad jurisdictional report for the European Union
Appendix I - PIA templates and guides by jurisdiction
The Study and Handbook were publicly launched by the Information Commissioner’s Office at the conference 'Surveillance Society: Turning Debate into Action' in Manchester on 11 December 2007. Since the project's completion, the UK government has mandated PIAs for all government departments. In August 2008, nine different public agencies were in the process of commencing a PIA.
The deliverables have also attracted interest overseas:
See further:
A. Warren, R. Bayley, C. Bennett, A.Charlesworth, R. Clarke, C. Oppenheim, ‘Privacy Impact Assessments: international experience as a basis for UK Guidance’, (2008) 24(3) Computer Law & Security Report 233-242.