|
|
|
|
|
Privacy Impact Assessment Workshop |
Organizations involved in the collection, use, retention or disclosure of health information must pay careful attention to issues of privacy and confidentiality in order to comply with new and emerging privacy legislation. One relatively new practice in assisting organizations to ensure that a new or re-designed information system, program or service complies with privacy legislation and fair information practices is the Privacy Impact Assessment (PIA). Many government funding agencies now require proof of PIA completion before approval of a new initiative.
The task of completing a PIA can be daunting. The objective of this workshop will be to make this task easier for the participants. The Privacy Impact Assessment Workshop is a specialized, interactive workshop that will make the task of conducting a PIA much easier.
Who should attend?
Anyone who is responsible for conducting privacy impact assessments in your organization:
- Privacy Officers
- Project Managers
- Risk Managers
|
- IT Managers
- CIOs
- HR Managers
|
Objectives/Benefits
- To enable participants to lead and conduct a Privacy Impact Assessment in their organization
- To learn which PIA methodology is right for your organization
- To learn how to overcome common challenges associated with PIAs
Toolkit
Participants in this workshop will receive a comprehensive take home kit of Canadian PIA resource materials to supplement your privacy work at your own organization:
- PIA Internet Guide - a guide to online support for PIAs including websites with methodologies, PIA news, etc.
- Whitepapers - PRIVA-CTM's Comparative Analysis of PIA Methodologies, and others
- Q & A Sheet for participants who need to inform other staff who need a quick PIA briefing
- Hard copies of the Federal Government Treasury Board Secretariat PIA policies and guidelines
- PIA template and development guide
PIA Workshop Program - 1 Day (Tentative Agenda):
Session 1: Backgrounder on Privacy Impact Assessments
- History of the PIA
- Reasons for conducting a PIA
- PIA Goals
- PIA Requirements
- When to conduct a PIA
- The staged nature of the PIA as it follows the system design lifecycle throughout its three stages of maturity: conceptual design, detailed design and implementation
- Global experience with PIAs
- Identification of all major current methodologies in Canada/What applies to you?
- Comparison of Canadian PIA Methodologies
Session 2: Overview of Health Care PIA Methodology
- Information Gathering
- Business Process Diagram
- Data Flow Analysis
- Privacy Risk Identification
- Recommendations for Risk Mitigation
Session 3: PIA Exercise -Privacy Risk Identification
A case study approach for identifying the major privacy risks associated with the implementation of a new health information system. Participants will learn how to develop and analyze business process diagrams and data flow analyses, critical tools for the successful completion of any PIA.
Session 4: How to Solve Common PIA Challenges
Learn about common PIA challenges and how to implement successful risk mitigation strategies, including:
- Forming the right PIA Team - Learn how to recruit and train your PIA team. Define the scope of the PIA and establish an effective project plan.
- Minimizing Impact to Project Timelines - Learn how to conduct PIAs with minimal impact on the timelines of your system or program.
- Securing Stakeholder Buy-in - Learn how to gain senior management and stakeholder support by framing your recommendations in a report that will facilitate the development and implementation of your system or program.
|
|
