Privacy impact assessment: Its origins and development

Roger Clarke

doi:10.1016/j.clsr.2009.02.002

Privacy impact assessment: Its origins and development

Roger Clarke^*

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

150 Citations (Scopus)

Abstract

Privacy impact assessment (PIA) is a systematic process for evaluating the potential effects on privacy of a project, initiative or proposed system or scheme. Its use has become progressively more common from the mid-1990s onwards. On the one hand, privacy oversight agencies and privacy advocates see PIAs as an antidote to the serious privacy-intrusiveness of business processes in the public and private sectors and the ravages of rapidly developing information technologies. On the other, governments and business enterprises alike have struggled to encourage public acceptance and adoption of technologies that are very apparently privacy-invasive, and have been turning to PIAs as a means of understanding concerns and mitigating business risks. This paper distinguishes PIAs from other business processes, such as privacy issues analysis, privacy law compliance checking and privacy audit, and identifies key aspects of the development of PIA practice and policy from their beginnings through to the end of 2008.

Original language	English
Pages (from-to)	123-135
Number of pages	13
Journal	Computer Law and Security Review
Volume	25
Issue number	2
DOIs	https://doi.org/10.1016/j.clsr.2009.02.002
Publication status	Published - 2009
Externally published	Yes

Access to Document

10.1016/j.clsr.2009.02.002

Cite this

@article{e982e523a91445979e0ce3838946c811,

title = "Privacy impact assessment: Its origins and development",

abstract = "Privacy impact assessment (PIA) is a systematic process for evaluating the potential effects on privacy of a project, initiative or proposed system or scheme. Its use has become progressively more common from the mid-1990s onwards. On the one hand, privacy oversight agencies and privacy advocates see PIAs as an antidote to the serious privacy-intrusiveness of business processes in the public and private sectors and the ravages of rapidly developing information technologies. On the other, governments and business enterprises alike have struggled to encourage public acceptance and adoption of technologies that are very apparently privacy-invasive, and have been turning to PIAs as a means of understanding concerns and mitigating business risks. This paper distinguishes PIAs from other business processes, such as privacy issues analysis, privacy law compliance checking and privacy audit, and identifies key aspects of the development of PIA practice and policy from their beginnings through to the end of 2008.",

keywords = "Data matching program protocol, Privacy, Privacy impact, Privacy impact statement, Privacy strategy, Technology assessment",

author = "Roger Clarke",

year = "2009",

doi = "10.1016/j.clsr.2009.02.002",

language = "English",

volume = "25",

pages = "123--135",

journal = "Computer Law and Security Review",

issn = "0267-3649",

publisher = "Elsevier Ltd.",

number = "2",

}

TY - JOUR

T1 - Privacy impact assessment

T2 - Its origins and development

AU - Clarke, Roger

PY - 2009

Y1 - 2009

N2 - Privacy impact assessment (PIA) is a systematic process for evaluating the potential effects on privacy of a project, initiative or proposed system or scheme. Its use has become progressively more common from the mid-1990s onwards. On the one hand, privacy oversight agencies and privacy advocates see PIAs as an antidote to the serious privacy-intrusiveness of business processes in the public and private sectors and the ravages of rapidly developing information technologies. On the other, governments and business enterprises alike have struggled to encourage public acceptance and adoption of technologies that are very apparently privacy-invasive, and have been turning to PIAs as a means of understanding concerns and mitigating business risks. This paper distinguishes PIAs from other business processes, such as privacy issues analysis, privacy law compliance checking and privacy audit, and identifies key aspects of the development of PIA practice and policy from their beginnings through to the end of 2008.

AB - Privacy impact assessment (PIA) is a systematic process for evaluating the potential effects on privacy of a project, initiative or proposed system or scheme. Its use has become progressively more common from the mid-1990s onwards. On the one hand, privacy oversight agencies and privacy advocates see PIAs as an antidote to the serious privacy-intrusiveness of business processes in the public and private sectors and the ravages of rapidly developing information technologies. On the other, governments and business enterprises alike have struggled to encourage public acceptance and adoption of technologies that are very apparently privacy-invasive, and have been turning to PIAs as a means of understanding concerns and mitigating business risks. This paper distinguishes PIAs from other business processes, such as privacy issues analysis, privacy law compliance checking and privacy audit, and identifies key aspects of the development of PIA practice and policy from their beginnings through to the end of 2008.

KW - Data matching program protocol

KW - Privacy

KW - Privacy impact

KW - Privacy impact statement

KW - Privacy strategy

KW - Technology assessment

UR - http://www.scopus.com/inward/record.url?scp=63849328022&partnerID=8YFLogxK

U2 - 10.1016/j.clsr.2009.02.002

DO - 10.1016/j.clsr.2009.02.002

M3 - Article

SN - 0267-3649

VL - 25

SP - 123

EP - 135

JO - Computer Law and Security Review

JF - Computer Law and Security Review

IS - 2

ER -

Privacy impact assessment: Its origins and development

Abstract

Access to Document

Other files and links

Fingerprint

Cite this