What is which action requires an organization to carry out a privacy impact assessment?

A <a href="https://www.wikiwhat.page/kavramlar/Privacy%20Impact%20Assessment">Privacy Impact Assessment (PIA)</a> is generally required when an organization:

  • Creates, collects, uses, or discloses <a href="https://www.wikiwhat.page/kavramlar/Personal%20Information">personal information</a> in a new or substantially modified system, program, or activity.
  • Implements a new technology or system that may have a significant impact on the privacy of individuals. This is especially true when the technology involves <a href="https://www.wikiwhat.page/kavramlar/Data%20Processing">data processing</a>, <a href="https://www.wikiwhat.page/kavramlar/Data%20Storage">data storage</a>, or <a href="https://www.wikiwhat.page/kavramlar/Data%20Sharing">data sharing</a>.
  • Enters into an agreement with another organization where <a href="https://www.wikiwhat.page/kavramlar/Personal%20Information">personal information</a> will be exchanged.
  • Introduces a new policy or procedure that could affect the privacy of individuals.
  • When legislation or regulations mandate it. Many privacy laws require PIAs in specific circumstances.

The specific triggers for requiring a PIA vary depending on the jurisdiction and applicable privacy laws (e.g., <a href="https://www.wikiwhat.page/kavramlar/GDPR">GDPR</a>, <a href="https://www.wikiwhat.page/kavramlar/CCPA">CCPA</a>).