Serious risk. Serious innovation.

Security // Privacy Impact Assessment

A Privacy Impact Assessment (or “PIA”) is a process that helps organizations to identify, measure, and mitigate the risks associated with the introduction of a new program or service.  PIAs also help to anticipate and avoid the reputational risks attached to a new product offering. When properly performed, a PIA allows project managers to fully consider the privacy impacts of a program or service, before that program or service is rolled out.

Privacy Impact Assessments are mandatory for federal institutions implementing new or substantially modified programs involving personal information. PIAs must be submitted to the Office of the Privacy Commissioner (OPC) for review, and to the Treasury Board of Canada Secretariat (TBS) for approval. Although the performance of a Privacy Impact Assessment is not mandatory for private-sector organizations, they are considered an industry best practice and are employed by many of the world’s leading companies.

List of benefits

Ensuring that privacy protection is a core consideration in the design, development and operation of new programs and services involving personal information is more important than ever.  The introduction of new technologies, together with the widespread use and sharing of personal information across borders has created new threats to an individual’s privacy.  Individuals not only want to be informed of how their personal information is to be used, they want to be assured that it will be properly protected.

Conducting a PIA is a great way for an organization to evaluate its personal information handling practices, and to pinpoint privacy concerns in the design and development of new systems, programs and services. The purpose of a PIA is to evaluate an organization’s awareness of how it handles consumer and employee information, and to allow organizations to identify, monitor and mitigate privacy risks, as they arise, throughout the development and growth of the organization and its products.

When properly performed, a PIA helps to:

  • Extend the range of organizational security and vulnerability assessments;
  • Comply with privacy laws and regulations; and
  • Support and demonstrate good governance and accountability for privacy.

TRM proven solutions

At TRM, we believe that technology and privacy go hand in hand.  As such, our approach to ensuring privacy compliance begins in the design phase of new systems or programs.  Not only does this approach help to ensure that privacy is built into new systems or programs – providing stakeholders with assurances that the program has been designed with privacy in mind – it avoids the high costs associated with retrofitting a system or program after it is operational.  Our PIAs help build trust, avoid the reputational impacts associated with a privacy breach, and are completed in tandem with security and vulnerability assessments.

Please contact us if you would like more information on the PIA options that trm provides.

Find a job or contract opportunity

TRM leverages over 20 years of staffing and IT services delivery in supporting all our practices and our clients HR staffing needs.



K1P 5G8

T: 613-722-8843
F: 613-722-8574