privacy risk assessment - short form — confidential - International ...

PRIVACY RISK ASSESSMENT - SHORT FORM — CONFIDENTIAL
Collect, use and disclose data without individually identifiable information whenever possible. When this is not possible,
complete this form and submit it to {Privacy Office} for approval.
Project:
Is personal information (PI * ) affected by this project or process
Yes (please complete form)
No (please sign and date in Accountability Section below)
Assessment Version
Number:
Date:
What is the current stage of this project
Concept / Marketing
Initiate / Vision
Design / Requirements
Development / Construction
Deployment / In production
PRIVACY RISK IDENTIFICATION
Question Background information, questions to address Requirement Solution / Mitigation Action or Approval (Refer to
Appendix A)
1. What is the
business purpose of
the initiative, project
or undertaking
Collection, use and disclosure must be linked to a valid business
purpose.
2. Who are the data
subjects to be
impacted ([Company]
colleagues,
participants,
dependents,
employees, others)
* For insight into what can constitute Personal Information (PI) or Personally Identifiable Information (PII) please see Appendix A . For a good list of initial data elements that could
potentially be considered PI or PII please see Appendix B.

Question Background information, questions to address Requirement Solution / Mitigation Action or Approval (Refer to
Appendix A)
3. What PI is
collected, used,
retained or disclosed
Feel free to use Appendix B as an initial reference, and then be sure
and document any addition data elements here that may be
considered sensitive in the country(s) of concern.
Can the risk of unauthorized access be mitigated by de-identifying the PI, in whole
or part
*For each sensitive
data element, please
describe the need for
collecting or using it..
Can each data element be linked to a valid business or legal reason for collection
and use
Comment [A1]: Why are we asking
them if a data element is sensitive
4. Data flow: Please
describe the flow of
PI (between client,
ourselves, any
vendors or third
parties).
5. Are there any client
contractual
requirements
affecting or requiring
this collection, use or
disclosure of PI
6. Will any third party
be collecting,
managing or
processing PI
provided by
[Company] Please
attach any relevant
agreement.
7. To whom is the PI
disclosed Why (i.e.,
business, legal, or
regulatory reason)
8. Where is the PI
stored (physical
location)
Data flows are very helpful to understand how PI moves and with
whom it’s shared: this is a template to use:
Attach relevant contract terms.
If PI is being shared with a third party or being processed by a
vendor, please complete the data flow above.
Include where appropriate, PI shared with employers, vendors of the
client, or other third parties.
Are there any new vendors involved Have the vendor(s) gone through the Vendor
Security & Privacy Risk Assessment
Page 2 of 8

Question Background information, questions to address Requirement Solution / Mitigation Action or Approval (Refer to
Appendix A)
9. Is the PI gathered
in one country and
If PI is moving from one country to another or is accessible from
another country, please complete the data flow above.
accessible from,
processed in or
transferred to
another If so, please
describe.
10. Describe any IT
systems in which the
PI is stored or
processed.
Identify databases, servers, or applications.
11. What safeguards
are in place to secure
the PI (physical and
logical) Is PI
transmitted and stored
securely
12. How is access to
the PI restricted
Identify how need-to-know is enforced, and who is responsible to
determine and manage access.
13. How long is the
PI to be retained Is
this the minimal
period Will the PI be
returned to the client
(if applicable)
Describe any issues with regards to retention and/or disposal; is the
PI commingled with other client data
Can individual data elements be removed or deleted sooner
Is automatic retention applied (system-based)
Is the PI securely deleted
Page 3 of 8

Potential Privacy Loss Description (Mandatory):
What are the possible consequences of a privacy breach: describe financial, reputational or other impacts.
Management Action(s) (Completed/Proposed):
Are the risks described in this assessment acceptable to the business If not, what actions will be undertaken to reduce risks to an acceptable level
PRIVACY RISK EXPOSURE SCORE (High, Medium or Low) (Optional)
PROBABILITY: Probability of negative outcome
LOSS: Degree or severity of harm if negative outcome occurs
Status:
PRIVACY RISK TRACKING – ACCOUNTABILITY (please sign or indicate approval) - MANDATORY
Project Sponsor/Business Owner:
Date:
Cost Centre:
Line of Business/Department:
Project Manager:
Privacy Risk Assessment reviewed
by:
Follow-up Actions:
Date:
Date:
Date:
Escalation (if required):
Exception request required
Page 4 of 8

Final/Residual Risk Notes:
Additional Comments/Discussion:
Page 5 of 8

Appendix A
Personal Information (PI) or Personally Identifiable Information (PII) includes information collected in any form about an identifiable
individual (including [Company]’s own colleagues). Examples of PI or PII include: age, identification numbers, income, ethnic origin, opinions
of or about the individual, comments, credit records, account history and intentions (for example, to acquire goods or services). PII may also
include two discrete pieces of information which individually do not identify an individual, but together can or may.
Sensitive PI: Sensitive PI includes an individual’s first name and last name, or first initial and last name, in combination with one or more of
the following:
• National or government-issued identifiers, such as Social Security Number, Social Insurance Number, or driver’s license
• Driver's license number or state-issued identification card number
• Financial account number, credit or debit card number
• Protected Health Information (PHI)
Sensitive PI does not include information that is lawfully obtained from publicly available information, or from federal, state, or local
government records made available to the general public. Sensitive PI also does not include information which is otherwise considered
sensitive when all information identifying the individual is removed. Note that this definition is dependent on national and regional laws, and
that guidance should be sought from Compliance & Professional Standards and the Legal Department.
Requirement Solution / Mitigation Action or Approval
If you have mitigation actions, please include in this section otherwise this section will be used for Privacy updates
Page 6 of 8

Appendix B
DATA ELEMENT
WHO IS THE DATA ABOUT
(Place an X in each box that applies for every data element in scope of the project)
Company
Client/Consumer
Personal Information
Employee,
Temporary
Worker, or
dependents
Corporate
Contact
(e.g., John
Smith, X
Corp)
Employee,
Temporary
Worker
Consumer
Patient
Customer
Dependents
Other
(describe
in the
Comments
field)
Comments
(if applicable)
Name including first name or initials
Business Contact Details (e.g. Business Address,
phone, email)
Personal Contact Details (e.g. Home Address,
phone, email)
Dates Of Birth
Applicant Data (e.g. accounts, insurance
application forms)
Compensation Data
Human Resources Data
...Employee Attendance Data
…Employee Identification Demographic Data
...Employee Status
...Employee Travel Details
...Employee Work History
…Employee Training and Related Records
…Payroll / Salary Data
…Employee Performance Data
...Family /Dependent/Beneficiary Information
IP Address
Page 7 of 8

WHO IS THE DATA ABOUT
(Place an X in each box that applies for every data element in scope of the project)
Sensitive Information
Company
Employee,
Temporary
Worker, or
dependents
Corporate
Contact
(e.g., John
Smith, X
Corp)
Employee,
Temporary
Worker
Client
Consumer
Patient
Customer
Dependents
Other
(describe
in the
Comments
field)
Comments
(if applicable)
Social Security Numbers (SSN-U.S.)
Other Government Issued ID Numbers
Banking / Financial Info / Account History
Credit Card, Debit Card + PIN, and Banking
Information
Visa or Passport Numbers
Driver's License
Information relating to race or ethnic origin,
religious beliefs, health, political opinions, sexual
orientation or criminal record. Please detail what
is collected.
National or Health Insurance Numbers
…Medical History
…Medical Claims
…Medical Insurance Numbers
Page 8 of 8