PIA Methodology
& Approach



The assessment will based on the methodology defined by the Government of Ontario Ministry of Government Services (MGS) Privacy Impact Assessment Guidelines which requires that a PIA be completed on any initiative that involves a substantive change to the collection, use or disclosure of personal information. This includes, for example, the creation or modification of databases, identification or authentication schemes; changes to program delivery mechanisms that may modify existing masking of information, or the use of 'smart cards'. The Guidelines also set out a framework for PIAs.

Below is a high-level PIA Process and methodology:

Figure 2: Privacy Impact Assessment Process


Other international standards will be used such as:

  • ISO/IEC 27799:2008 Health informatics -- Information security management in health using
  • COACH Guidelines for the protection of health information, 2009
  • ISO/IEC 22307:2008 Financial services — Privacy impact assessment

Back to Our Services