Topic 8 Respond and review

5 minutes

Learning objectives

Understand what happens after you have completed your PIA report
Understand the benefits of seeking independent review of your PIA
Understand when you will need to update your PIA

Step 10 Respond and review

The PIA process does not end after you have written (and published) your PIA report. It is important that actions are taken to respond to the recommendations made in your report, and to continue to review and update your PIA.

Responding to recommendations

Responding to recommendations in a PIA is one of the most important stages of the process. The project manager and your organisation should document:

Which recommendations they intend to implement (or have already implemented)
The recommendations they do not intend to implement, and the rationale for this decision

Your organisation’s response should be published together with your PIA report, where possible. If your PIA report is not published, your organisation should consider providing it to significant stakeholders to assist in effective implementation of recommendations.

You may wish to prepare a plan for implementing the recommendations, indicating a specific timeframe and identifying who is responsible for the implementation.

Ongoing risk management

You should consider the ongoing management of any privacy risks inherent in your project. This could be incorporated into your organisation’s overall risk management strategy.

Independent review/audit

There are significant benefits to seeking independent review (internally or externally) of a PIA. Independent review will:

Ensure that PIAs have been properly carried out
Ensure that the PIA recommendations have been implemented (or that there is a clear rationale for not implementing the recommendations)

Update the PIA if required

As your project progresses, you should revisit your PIA and update or revise it if developments in the design or implementation of your project create new privacy impacts that had not previously been considered.