What is which action requires an organization to carry out a privacy impact assessment?
A <a href="https://www.wikiwhat.page/kavramlar/Privacy%20Impact%20Assessment">Privacy Impact Assessment (PIA)</a> is generally required when an organization:
- Creates, collects, uses, or discloses <a href="https://www.wikiwhat.page/kavramlar/Personal%20Information">personal information</a> in a new or substantially modified system, program, or activity.
- Implements a new technology or system that may have a significant impact on the privacy of individuals. This is especially true when the technology involves <a href="https://www.wikiwhat.page/kavramlar/Data%20Processing">data processing</a>, <a href="https://www.wikiwhat.page/kavramlar/Data%20Storage">data storage</a>, or <a href="https://www.wikiwhat.page/kavramlar/Data%20Sharing">data sharing</a>.
- Enters into an agreement with another organization where <a href="https://www.wikiwhat.page/kavramlar/Personal%20Information">personal information</a> will be exchanged.
- Introduces a new policy or procedure that could affect the privacy of individuals.
- When legislation or regulations mandate it. Many privacy laws require PIAs in specific circumstances.
The specific triggers for requiring a PIA vary depending on the jurisdiction and applicable privacy laws (e.g., <a href="https://www.wikiwhat.page/kavramlar/GDPR">GDPR</a>, <a href="https://www.wikiwhat.page/kavramlar/CCPA">CCPA</a>).