CLSRpaper_revd_280208.pdf (129.97 kB)
Privacy Impact Assessments: international experience as a basis for UK guidance
journal contribution
posted on 2009-04-09, 11:11 authored by Adam WarrenAdam Warren, Robin Bayley, Andrew Charlesworth, Colin Bennett, Roger Clarke, Charles OppenheimIn July 2007, the UK Information Commissioner’s Office commissioned a team of researchers,
coordinated by Loughborough University, to conduct a study into Privacy Impact
Assessments (PIAs). This was with a view to developing PIA guidance for the UK. The project
resulted in two key deliverables: a study of the use of PIAs in other jurisdictions, identifying
lessons to be learnt for the UK; and a handbook that can be used to guide
organisations through the PIA process, taking into account the provisions of the UK Data
Protection Act (DPA) 1998. This paper draws on the original research undertaken as part
of that assignment to provide an overview of the ICO-funded project and the extent to
which PIAs can be used in the current UK context. Firstly, the authors consider the findings
of the comparative study and how the UK experience can be informed by developments
overseas. Secondly, the paper outlines the development of the handbook during the course
of the project and the extent to which it has been influenced by the overseas experience
and the current UK political context. Thirdly, aspects of the handbook itself are considered
and explained. Particular attention is paid to: its format; its key features; and feedback received
on an interim version from a focus group of experienced data protection and project
management practitioners. Finally, the paper concludes by stating why the study and the
handbook provide appropriate tools for guidance in the current UK context, and how they can be developed further.
History
School
- Social Sciences
Department
- Geography and Environment
Citation
WARREN, A.P. ... et al, 2008. Privacy Impact Assessments: international experience as a basis for UK guidance. Computer Law and Security Report, 24 (3), pp. 233-242Publisher
Elsevier Ltd. / © Adam Warren, Robin Bayley, Andrew Charlesworth, Colin Bennett, Roger Clarke, Charles OppenheimVersion
- NA (Not Applicable or Unknown)
Publication date
2008Notes
This article was subsequently published in the journal Computer Law & Security Report [Elsevier / © The authors]. The definitive version is available at: http://www.sciencedirect.com/science/journal/02673649. Whilst this paper was submitted in response to referee comments, it may not exactly match the final published versions.ISSN
0267-3649Language
- en