PART 1 APPENDIX A:

TEMPLATE – BRIEF PRIVACY ANALYSIS

Tailoring this template to your own project

• Add your own branding and formatting throughout this document.

• Review the list of questions and risks in sections 2.1 and 2.2 of the template to suit
your organisation and project.
• If your organisation has written policies, procedures or guidelines on privacy, you could
add these as a background reference section at the end of the document.
• Update the sign-off list in section 5 to include:
- people who should be involved in preparing and reviewing the document (for
example the project manager)
- people who need to review and approve the document (for example, the privacy
officer).

Page 1 of 8
[Project name]
Brief Privacy Analysis
<Day> <Month> <Year>

1. Project summary: [TITLE]

1.1 Brief description of the project

a) Describe your existing systems and the main changes that are proposed

b) Describe the purpose of the change, including any projected benefits to your
organisation or to the individuals affected

c) Identify the main stakeholders or entities involved, and their role in the project.

1.2 Personal information that the project will involve

In the table below, describe:

• the personal information that will be collected, used and/or disclosed
• the source of the information
• the purpose of the information for your project.
Note: “Personal information” is any information about an identifiable living person.
However, a person doesn’t have to be named in the information to be identifiable.

Type of personal Source of Purpose of information

Information Information for the project

Page 2 of 8
2. Privacy assessment
2.1 Areas that are risky for privacy

Some types of projects are commonly known to create privacy risks. If the project
involves one or more of these risk areas, it’s likely that a PIA will be valuable.

Use this checklist to identify and record whether your proposal raises certain privacy
risks. Delete any that do not apply.

Does the project involve Yes No If yes, explain your response

any of the following? (tick) (tick)

Information management generally

A substantial change to an existing policy,

process or system that involves personal
information
Example: New legislation or policy that makes it
compulsory to collect or disclose information

Any practice or activity that is listed on a risk

register kept by your organisation
Example: Practices or activities listed on your
office’s privacy risk register or health and safety
register

Collection

A new collection of personal information

Example: Collecting information about individuals’
location

A new way of collecting personal information

Example: Collecting information online rather than
on paper forms

Storage, security and retention

A change in the way personal information is

stored or secured
Example: Storing information in the cloud

A change to how sensitive information is

managed
Example: Moving health or financial records to a
new database

Page 3 of 8
Does the project involve Yes No If yes, explain your response
any of the following? (tick) (tick)

Does the project involve Yes No If yes, explain your response

any of the following? (tick) (tick)

Transferring personal information offshore or

using a third-party contractor
Example: Outsourcing the payroll function or
storing information in the cloud

A decision to keep personal information for

longer than you have previously
Example: Changing IT backups to be kept for
10 years when you previously only stored them for
7

Use or disclosure

A new use or disclosure of personal

information that is already held
Example: Sharing information with other parties in
a new way

Sharing or matching personal information held

by different organisations or currently held in
different datasets
Example: Combining information with other
information held on public registers, or sharing
information to enable organisations to provide
services jointly

Individuals’ access to their information

A change in policy that results in people

having less access to information that you
hold about them
Example: Archiving documents after 6 months into a
facility from which they can’t be easily retrieved

Identifying individuals

Establishing a new way of identifying

individuals
Example: A unique identifier, a biometric, or an
online identity system

Page 4 of 8
Does the project involve Yes No If yes, explain your response
any of the following? (tick) (tick)

New intrusions on individuals’ property, person or activities

Introducing a new system for searching

individuals’ property, persons or premises
Example: A phone company adopts a new policy
of searching data in old phones that are handed in

Surveillance, tracking or monitoring of

movements, behaviour or communications
Example: Installing a new CCTV system

Changes to your premises that will involve

private spaces where clients or customers
may disclose their personal information
Example: Changing the location of the reception
desk, where people may discuss personal details

New regulatory requirements that could lead

to compliance action against individuals on
the basis of information about them
Example: Adding a new medical condition to the
requirements of a pilot’s license

List anything else that may impact on privacy,

such as bodily searches, or intrusions into
physical space

Page 5 of 8
2.2 Initial risk assessment

If you answered “Yes” to any of the questions above, use the table below to give a rating –
either Low (L), Medium (M), or High (H) – for each of the aspects of the project set out in
the first column.

For risks that you’ve identified as Medium or High, indicate (in the right-hand column) how
the project plans to lessen the risk (if this is known).

If you answered “No” to all the questions in 2.1 above, move on to section 3 below.

Aspect of the Project Rating Describe any medium and high

(L, M or H) risks and how to mitigate them

Level of information handling

L – Minimal personal information will be

handled

M – A moderate amount of personal

information (or information that could become
personal information) will be handled

H – A significant amount of personal

information (or information that could become
personal information) will be handled

Sensitivity of the information (eg

health, financial, race)

L – The information will not be sensitive

M – The information may be considered to be

sensitive

H – The information will be highly sensitive

Significance of the changes

L – Only minor change to existing

functions/activities

M – Substantial change to existing

functions/activities; or a new initiative

H – Major overhaul of existing

functions/activities; or a new initiative that’s
significantly different

Page 6 of 8
 Interaction with others

L – No interaction with other agencies

M – Interaction with one or two other agencies

H – Extensive cross-agency (that is,

government) interaction or cross-sectional
(non-government and government) interaction

Public impact

L – Minimal impact on the organisation and

clients

M – Some impact on clients is likely due to

changes to the handling of personal
information; or the changes may raise public
concern

H – High impact on clients and the wider

public, and concerns over aspects of project;
or negative media is likely

3. Summary of privacy impact

The privacy impact for this project has been assessed as: Tick

Low – There is little or no personal information involved; or the use of personal

information is uncontroversial; or the risk of harm eventuating is negligible; or the
change is minor and something that the individuals concerned would expect; or risks
are fully mitigated

Medium – Some personal information is involved, but any risks can be mitigated
satisfactorily

High – Sensitive personal information is involved, and several medium to high risks
have been identified

Reduced risk – The project will lessen existing privacy risks

Inadequate information – More information and analysis is needed to fully assess

the privacy impact of the project.

3.1 Reasons for the privacy impact rating

Briefly summarise your reasons for the rating you gave above.

Page 7 of 8
4. Recommendation
Do a full privacy impact assessment

Describe:
• the likely timing of the PIA
• the level of complexity that will be needed
• who will be responsible for doing the PIA

or

A full privacy impact assessment is not required

Explain why a PIA is not needed

5. Sign off

_______________________________ _________________________________
Name Position (Project Manager)

_______________________________ _____/_____/_____
Signature Date

_______________________________ _________________________________
Name Position (Manager)

_______________________________ _____/_____/_____
Signature Date

Page 8 of 8