Privacy Impact Assessments

A Privacy Impact Assessment, or PIA, is a process that helps CNC identify, assess, and manage privacy risks related to new or changing projects, initiatives, systems, programs, and processes that involve personal information.
PIAs are required under the Freedom of Information and Protection of Privacy Act (FIPPA) and help ensure privacy is considered early, before decisions are finalized or a new initiative is launched. They also help CNC make informed decisions, reduce privacy risks, and build privacy protection into the design of new or changing work.

Start with the PIA Pre-Assessment Questionnaire

CNC uses a PIA Pre-Assessment Questionnaire to determine the level of privacy risk and the appropriate next steps.
The questionnaire should be completed early in the planning process for any new or changing initiative that involves personal information.
Complete the PIA Pre-Assessment Questionnaire

PIA Pathways

After reviewing the pre-assessment, the Privacy Office will advise on the required next steps:

Low risk: Privacy guidance may be provided. A PIA may not be required.

Medium risk: A PIA Lite may be required to assess key privacy risks and safeguards.

High risk: A full PIA will be required for a more detailed review of privacy risks, safeguards, and decision points.

Who Is Responsible

The department responsible for the initiative completes the pre-assessment. The Privacy Office reviews the submission, determines the risk level, and confirms the appropriate pathway. For technology-based initiatives, IT Services may also need to be involved, and the Privacy Office can help coordinate this as needed.

Questions about PIAs

If you are planning a new initiative or have questions about the PIA process, please submit a privacy inquiry through the Privacy Enquiries and Support page.