Do you know what makes a Privacy Impact Assessment effective?
Organizations doing privacy impact assessment or PIA must make sure that their language and questioning is directed to the party which they required both practical (meaning completeness of processes being utilized) and truthful answer from.
If the PIA itself was designed and developed collectively by business, technology, legal and compliance practitioners putting every relevant element as a subject of business objectives, which doesn't tolerate counterproductive actions, then one might say, it's really hard to do this but then it would conclude and it's the best way to get into it really.
No guilty feelings. It's what the people really would experience which is considerably good and ultimately the organization's safety is better emplaced in the face of the searing cyberspace.
A PIA that's entirely an initiative of inexperience practitioner or a beginner in the job would show its shallowness and that can be very obvious to the other party who has good, if not real deal or expert, resource leading such a practical opportunity to secure business systems and related processes and the effect is usually satisfactory beyond privacy matters.
The same is true for the receiving party when, no matter the construct of the PIA requirement, they find it hard to answer, clearly there is absence of a right resource.
These entities may be showing they never consider such a role in their staffing and if they did but still lacking, the capability to identify and engage the right people who has the know-how to deal with such business requirement is dearth with foreknowledge and initiative. Just a little idea in these good stuff would have really made a helpful difference in the job.
A re-used of questionnaire being directed to one organization alone is not entirely effective. The answering party would see it right in their face that those questions were not for them! A business, technology or legal practitioner who knows its way in particular to data privacy would not bother returning the document, if it wouldn't ask the requesting party, those who wants PIA to be conducted against the company's data privacy processes and efforts, and have it answered, that the document they received is not necessarily useful for them. Of course, that is all about the effect of having honesty is the best policy in an entity, which is extraordinary in this time of continuously oppugning digital needs by those who can't, or won't like to, change the way they are, mostly due to obsolete knowledge and skills or laziness is beginning to be enjoyed as the norm, if not seeping, entirely.
Working on a job just to appear that formality is being taken up would break it whatever pretensions are there almost immediately and when such manner saves those responsible, albeit temporarily, buying time, the technology is itself definitely broken from start because it is easy to manipulate whatever setup they have in place. The bottom line is that their performance will never get better with the same tactic and stakeholders and decision makers should be wary about it. Such thing can be detected as soon as new technology had been acquired and it didn't improve anything. From planning alone, this could have been in fact identified and debated. See that. Right?
We wrote about this subject in 2020 but our language were about data privacy as a whole which also cover privacy impact assessment as it is alone now.
Comments