Where personal data is at risk of exposure, damage or loss, then a Privacy Impact Assessment (PIA) must be carried out to establish the potential impact or harm that could arise. This knowledge helps determine the kinds of controls necessary to provide adequate protection to the personal data. The PIA process helps to identify and minimise the privacy risks of new projects or policies. Conducting a PIA can involve working with people within the University, and possibly with partner organisations and with the people affected to identify and reduce privacy risks. The PIA will help to ensure that potential problems are identified at an early stage, when addressing them will often be simpler and less costly.
A code of practice for conducting PIAs is available from the Information Commissioners Office.