The assessment will based on the methodology defined by the Government of Ontario Ministry of Government Services (MGS) Privacy Impact Assessment Guidelines which requires that a PIA be completed on any initiative that involves a substantive change to the collection, use or disclosure of personal information. This includes, for example, the creation or modification of databases, identification or authentication schemes; changes to program delivery mechanisms that may modify existing masking of information, or the use of 'smart cards'. The Guidelines also set out a framework for PIAs.
Below is a high-level PIA Process and methodology:
Figure 2: Privacy Impact Assessment Process
Other international standards will be used such as:
- ISO/IEC 27799:2008 Health informatics -- Information security management in health using
- COACH Guidelines for the protection of health information, 2009
- ISO/IEC 22307:2008 Financial services — Privacy impact assessment