Privacy Impact Assessments (PIAs) are documents that help organisations identify the most effective way to comply with data protection obligations, such as the Data Protection Act 1998 (DPA), and meet expectations of privacy held by individuals. By highlighting risks and proposing solutions at an early stage, PIAs help reduce damage to a firm’s reputation, legal action, financial penalties and other costs incurred through the triggering of potential scandals. The purpose of the PIA is to ensure that privacy risks are minimised while allowing the aims of the project to be met whenever possible. This document first sets out the need for a PIA in more detail along with information flows for the BioConnect system. Our consultations with various stakeholders are then discussed before outlining the risks and proposed solutions for the system. Lastly our PIA outcomes propose which of the solutions should be implemented and how the project should be managed to address risks now and in the future.
展开▼