Privacy Impact Assessments

A privacy impact assessment (PIA) is a process that helps us evaluate and manage privacy risks related to new or changing projects, initiatives, systems, and processes that involve personal information.

In addition to being a requirement of the Freedom of Information and Protection of Privacy Act (FIPPA), PIAs help to identify potential deficiencies in privacy protection. They help CNC make informed decisions and avoid privacy breaches by including privacy as part of the design of new initiatives or systems.

When to complete a PIA

A PIA should be completed during the initial development of any new or changing system or program, or prior to any significant changes being made.

The PIA must be completed and signed off by CNC’s Privacy Office, before the launch of a new initiative or system. 

Who is responsible for completing a PIA

The Privacy Office works with the department responsible for the initiative, system, or program to draft the PIA. Technology based initiatives may need involvement from the IT Services department, which we can help to coordinate.

Questions about PIAs

If you are planning a new initiative, or have questions regarding the completion of a Privacy Impact Assessment, please contact the Privacy Office at