TrustArc Blog

Privacy Impact Assessments: Final Steps

February 03, 2015

This post is part 4 of a 4 part series about Privacy Impact Assessments (PIAs). 

Every day, Internet users around the globe generate nearly 2.5 quintillion bytes of data. That number will only grow as connected devices become more ubiquitous and our world becomes even more connected.

With all that data, companies need to ensure users’ information is protected. Taking this important step not only protects users and clients, but also helps to ensure companies mitigate risk and protect their reputations.

A PIA is a great way for companies to assess their privacy practices. The six-step process starts with high-level privacy questions, then steps 2 and 3 take a deeper dive into the intricate privacy practices and data flows of organizations to check for gaps that could lead to privacy problems.

SEE ALSO: Privacy Impact Assessments: Creating a Data Map 

Step 4 is to identify and evaluate solutions for any privacy gaps that were discovered with the initial steps. The group conducting the PIA will assist the business owners to create a remediation plan and figure out which features need to be implemented.

The plan of action from step 4 is recorded for future use in that particular company’s PIAs. Compliant business will document the problem and solution in detail, except for data covered under the non-disclosure agreements and the like.

The final step of the PIA is to integrate the outcomes back into the PIA plan of record – essentially, to fill the identification gaps. This document will also list the people responsible to oversee the remediation effort. The final step serves as a chance to record lessons learned in order to reduce risk of future issues.

What surprises you most about the PIA process? Share your thoughts in the comments.

To read TRUSTe’s Whitepaper, “A Guide for Structuring and Implementing PIAs” click here.