Privacy Impact Assessment handbook and surveillance society conference

On 11 December 2007 the Information Commissioner’s Office hosted a conference entitled 'Surveillance Society: Turning Debate into Action' at the Bridgewater Hall in central Manchester.

The conference built on our previous report, 'A Surveillance Society' and looked forward to actions that can be taken to deal with the consequences of a surveillance society.

Information and materials from the conference can be found below:

Presentations

• Privacy Impact Assessment Project - Presented by Adam Warrens  
• Privacy impact assessments around the world - Presented by Colin Bennetts  
• Exploiting engineering ingenuity to protect personal privacy - Presented by Martyn Thomas CBE
• Data Protection Legislation - Presented by Gareth Crossman, Liberty
• A Surveillance Society - Qualitative Research - Presented by Oliver Murphy, Diagonostics research  
• Privacy and security in road pricing - Presented by Phil Carey, Department for Transport  

Reports

• Overlooked: Surveillance and personal privacy in modern Britain - Produced by Liberty
• Dilemmas of Privacy and Surveillance - Produced by The Royal Academy of Engineering

Privacy impact assessment (PIA)

The main new initiative launched at the conference was the Privacy Impact Assessment (PIA) handbook, a new tool for use in the UK.

PIAs are a process of ensuring that privacy concerns are identified at the early stage of an initiative so that these can be addressed and safeguards built in rather than bolted on as an expensive afterthought. We have called for the use of these in the past with major public policy developments like ID cards and reinforced the need for these impact assessments in evidence to parliamentary enquiries and in our other publications such as the Information Sharing Framework Code of Practice.

PIAs go wider than simply a data protection compliance check and are aimed at looking at all aspects affecting privacy. The approach we are recommending involves a number of elements including an initial screening process and, depending upon the results, two possible levels of assessment (small scale and full scale) together with a data protection law checklist. The important thing about PIAs is the process of undertaking the assessment where the organisation considers the impact on privacy and whether there are more privacy friendly alternatives. Although a report is produced at the end and is usually published this is will not be subject to an approval process by the ICO.

View the ‘privacy impact assessment’ handbook here.

A study on the use of PIAs around the world was also presented at the conference.  You can view a full copy of the PIAs around the world study here.

The study and handbook were developed for the Information Commissioner by an international team of experts coordinated by the University of Loughborough. This is groundbreaking work and has provoked much interest with some government departments already wanting to use it. We are eager to encourage use of the handbook and to learn the lesson of how well it works in practice.

Over the next year we are keen to work closely with those organisations using it so we can learn about their experiences and consider whether any amendments may be necessary. We want the PIA handbook to stand the test of time so leaning from early experiences and making any necessary revisions will be essential.

More information on how you can submit your feedback on our privacy impact assessment handbook will follow shortly.