Table of contents:

back to checklists

Privacy Impact Assessment - Seattle

A Privacy Impact Assessment (“PIA”) is a method for collecting and documenting detailed information collected in order to conduct an in-depth privacy review of a program or project. It asks questions about the collection, use, sharing, security and access controls for data that is gathered using a technology or program. It also requests information about policies, training and documentation that govern use of the technology. The PIA responses are used to determine privacy risks associated with a project and mitigations that may reduce some or all of those risks. In the interests of transparency about data collection and management, many Washington jurisdictions have committed to publishing all PIAs on an outward facing website for public access.

  • PIA preliminaries

    As staff complete the document, they should keep the following in mind.

    • Responses to questions should be in the text or check boxes only, all other information (questions, descriptions, etc.) should NOT be edited by the department staff completing this document.
    • All content in this report will usually be available externally to the public. With this in mind, avoid using acronyms, slang, or other terms which may not be well-known to external audiences. Additionally, responses should be written using principally non-technical language to ensure they are accessible to audiences unfamiliar with the topic.

     

     

     

    A PIA may be required in two circumstances.

  • PIA - Abstract

  • PIA - Project

    Provide an overview of the project or technology. The overview gives the context and background necessary to understand the purpose, mission and justification for the project / technology proposed

  • PIA - Governance

    Provide an outline of any rules that will govern the use of the project / technology. Please note: non-City entities are bound by restrictions specified in the Surveillance Ordinance and Privacy Principles and must provide written procedures for how the entity will comply with any restrictions identified.

  • PIA - Collection + Use

    nformation about the policies and practices around the collection and use of the data collected.

  • PIA - Data Storage

    Information on how the data will be stored, retained and deleted