Foreword by Gary Marx -- Part 1 Setting the Scene.- 1 – Introduction to privacy impact assessment; David Wright and Paul de Hert.- 2 – A human rights perspective on privacy and data protection impact assessments; Paul de Hert.- 3 – (Regulatory) impact assessment and better regulation; David Parker.- 4 – Prior checking, a forerunner to privacy impact assessments; Gwendal Le Grand and Emilie Barrau.- Part 2 Five Countries Lead the Way -- 5 – PIAs in Australia: A work-in-progress report; Roger Clarke.- 6 – Privacy impact assessment – Great potential not often realised; Nigel Waters.- 7 – Privacy impact assessments in Canada; Robin Bayley and Colin Bennett.- 8 – PIA in New Zealand; John Edwards.- 9 – Privacy impact assessment in the UK; Adam Warren and Andrew Charlesworth.- 10 – PIA requirements and privacy decision-making in US government agencies; Kenneth Bamberger and Deirdre Mulligan.- Part 3 PIA in the Private Sector: Three Examples -- 11 – PIA: Cornerstone of privacy compliance in Nokia; Tobias Bräutigam.- 12 – How Siemens assesses privacy impacts;  Florian Thoma.- 13 – Vodafone’s approach to privacy impact assessments; Stephen Deadman and Amanda Chandler.- Part 4 Specialisesd PIA: the Cases of the Financial Services Indusrty and the RFID PIA Framwork -- 14 – The ISO PIA standard for financial services; Martin Ferris.- 15 – The RFID PIA – developed by industry, agreed by regulators; Sarah Spiekermann.- 16 – Double-take: getting to the RFID PIA Framework; Laurent Beslay and Anne-Christine Lacoste.- Part 5 Specific Issues -- 17 – Surveillance: extending the limits of privacy impact assessment; Charles Raab and David Wright.- 18 – The Madrid Resolution and prospects for transnational PIAs; Artemi Rallo Lombarte.- 19 – Privacy and ethical impact assessment; David Wright and Emilio Mordini.- 20 – Auditing privacy impact assessments: the Canadian experience; Jennifer Stoddart.- 21 – Privacy impact assessment: Optimising the regulator’s role; Blair Stewart.- 22 – Conclusion: Findings and recommendations; David Wright and Paul de Hert -- About the Authors -- References -- Index.

Virtually all organisations collect, use, process and share personal data from their employees, customers and/or citizens. In doing so, they may be exposing themselves to risks, from threats and vulnerabilities, of that data being breached or compromised by negligent or wayward employees, hackers, the police, intelligence agencies or third-party service providers. A recent study by the Ponemon Institute found that 70 per cent of organisations surveyed had suffered a data breach in the previous year. Privacy impact assessment is a tool, a process, a methodology to identify, assess, mitigate or avoid privacy risks and, in collaboration with stakeholders, to identify solutions. Contributors to this book – privacy commissioners, academics, consultants, practitioners, industry representatives – are among the world’s leading PIA experts. They share their experience and offer their insights to the reader in the policy and practice of PIA in Australia, Canada, New Zealand, the United Kingdom, the United States and elsewhere. This book, the first such on privacy impact assessment, will be of interest to any organisation that collects or uses personal data and, in particular, to regulators, policy-makers, privacy professionals, including privacy, security and information officials, consultants, system architects, engineers and integrators, compliance lawyers and marketing professionals. In his Foreword, leading surveillance studies and privacy scholar Gary T. Marx says, “This state-of-the-art book describes the most comprehensive tool yet available for policy-makers to evaluate new personal data information technologies before they are introduced.” This book could save your organisation many thousands or even millions of euros (or dollars) and the damage to your organisation’s reputation and to the trust of employees, customers or citizens if it suffers a data breach that could have been avoided if only it had performed a privacy impact assessment before deploying a new technology, product, service or other initiative involving personal data.