Privacy Impact Assessments: International Experience as a Basis for UK Guidance

Computer Law and Security Report, 2008

17 Pages Posted: 16 May 2010

See all articles by Adam Warren

Adam Warren

Loughborough University

Robin Bayley

Linden Consulting

Colin Bennett

Department of Political Science, University of Victoria

Andrew J. Charlesworth

affiliation not provided to SSRN

Roger Clarke

Xamax Consultancy Pty Ltd; University of New South Wales (UNSW) - UNSW Law & Justice; Australian National University (ANU)

Charles Oppenheim

affiliation not provided to SSRN

Date Written: 2008

Abstract

In July 2007, the UK Information Commissioner’s Office commissioned a team of researchers, coordinated by Loughborough University, to conduct a study into Privacy Impact Assessments (PIAs). This was with a view to developing PIA guidance for the UK. The project resulted in two key deliverables: a study of the use of PIAs in other jurisdictions, identifying lessons to be learned for the UK; and a handbook that can be used to guide organisations through the PIA process, taking into account the provisions of the UK Data Protection Act (DPA) 1998. This paper draws on the original research undertaken as part of that assignment to provide an overview of the ICO-funded project and the extent to which PIAs can be used in the current UK context. Firstly, the authors consider the findings of the comparative study and how the UK experience can be informed by developments overseas. Secondly, the paper outlines the development of the handbook during the course of the project and the extent to which it has been influenced by the overseas experience and the current UK political context. Thirdly, aspects of the handbook itself are considered and explained. Particular attention is paid to: its format; its key features; and feedback received on an interim version from a focus group of experienced data protection and project management practitioners. Finally, the paper concludes by stating why the study and the handbook provide appropriate tools for guidance in the current UK context, and how they can be developed further.

Suggested Citation

Warren, Adam and Bayley, Robin and Bennett, Colin and Charlesworth, Andrew J. and Clarke, Roger and Oppenheim, Charles, Privacy Impact Assessments: International Experience as a Basis for UK Guidance (2008). Computer Law and Security Report, 2008, Available at SSRN: https://ssrn.com/abstract=1606622 or http://dx.doi.org/10.2139/ssrn.1606622

Adam Warren (Contact Author)

Loughborough University ( email )

Ashby Road
Loughborough, LE11 3HZ
Great Britain

HOME PAGE: http://www.lboro.ac.uk/departments/gy/staff/gyaw/index.html

Robin Bayley

Linden Consulting ( email )

Canada

HOME PAGE: http://lindenconsult.ca/

Colin Bennett

Department of Political Science, University of Victoria ( email )

3800 Finnerty Rd
Victoria, British Columbia V8P 5C2
Canada

HOME PAGE: http://www.colinbennett.ca

Andrew J. Charlesworth

affiliation not provided to SSRN ( email )

Roger Clarke

Xamax Consultancy Pty Ltd ( email )

78 Sidaway St
Chapman, ACT 2611
Australia
+61 2 6288 1472 (Phone)

University of New South Wales (UNSW) - UNSW Law & Justice ( email )

Kensington, New South Wales 2052
Australia

Australian National University (ANU) ( email )

Canberra, Australian Capital Territory 2601
Australia

Charles Oppenheim

affiliation not provided to SSRN

No Address Available

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
78
Abstract Views
929
Rank
633,783
PlumX Metrics