Privacy impact assessment: Its origins and development

Roger Clarke*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

137 Citations (Scopus)


Privacy impact assessment (PIA) is a systematic process for evaluating the potential effects on privacy of a project, initiative or proposed system or scheme. Its use has become progressively more common from the mid-1990s onwards. On the one hand, privacy oversight agencies and privacy advocates see PIAs as an antidote to the serious privacy-intrusiveness of business processes in the public and private sectors and the ravages of rapidly developing information technologies. On the other, governments and business enterprises alike have struggled to encourage public acceptance and adoption of technologies that are very apparently privacy-invasive, and have been turning to PIAs as a means of understanding concerns and mitigating business risks. This paper distinguishes PIAs from other business processes, such as privacy issues analysis, privacy law compliance checking and privacy audit, and identifies key aspects of the development of PIA practice and policy from their beginnings through to the end of 2008.

Original languageEnglish
Pages (from-to)123-135
Number of pages13
JournalComputer Law and Security Review
Issue number2
Publication statusPublished - 2009
Externally publishedYes


Dive into the research topics of 'Privacy impact assessment: Its origins and development'. Together they form a unique fingerprint.

Cite this