Privacy Impact Assessment
A structured analysis to identify and mitigate privacy risks associated with AI systems, covering data collection, use, sharing, and retention.
Definition
A formal process—often required by regulation—where teams catalogue data flows, map personal data elements, evaluate legal bases (consent, legitimate interest), identify potential privacy harms, and define mitigation measures (opt-out options, retention limits). The PIA culminates in a report with risk ratings and action plans, and it must be revisited whenever substantial changes occur.
Real-World Example
Before launching a customer-segmentation AI, a retail bank conducts a PIA: they document that geolocation and purchase history are collected, assess the necessity and proportionality of each data field, propose monthly auto-deletion of location logs, and secure senior-management sign-off on the completed report.
.svg)
