PIA (PRIVACY IMPACT ASSESSMENT)
A Privacy Impact Assessment (PIA) is a Methodology (or a systematic process) for assessing the impact on privacy of a project, policy, program, service, product or other initiative that involves the processing of personal information and, in consultation with stakeholders, for taking remedial actions as necessary in order to minimise negative privacy impacts.
With the recent requirements developed by various organisations to meet EU Mandate 436 in relation to "Information and Communication technologies applied to RFID and Systems", the CSG prepared a framework template to help address the need for all stakeholders involved in distributing and operating RFID applications to undertake a Privacy Impact Assessment (PIA).
This framework sets out to accomplish two purposes:
Provide a template PIA for the common elements of the Contactless payment application, as well as possibility to add details of the individual implementation specificities; and
Provide a uniformed approach to use in documenting PIA for each product configuration across all entities.
The ECSG now maintains the template and offers it for download to all interested stakeholders to use as guidance for their own assessment process.
The template will be reviewed by the ECSG on a regular basis. Should you have any feedback or share your experiences on its use or layout, feel free to contact the ECSG Secretariat.