The UK was the first country in Europe to develop and promulgate a privacy impact assessment methodology. The Information Commissioner’s Office (ICO) published a PIA Handbook in December 2007, followed by a revision in June 2009. The Cabinet Office accepted the value of PIA reports and stressed that they will be used and monitored in all departments as a means of protecting personal data from July 2008 onwards. PIAs have thus become a “mandatory minimum measure” in the UK government and its agencies.
The ICO’s PIA Handbook would appear to have had some success, the ICO has had concerns, which prompted the regulator to put out a tender in late 2012, the aim of which was to understand how privacy impact assessment (PIA) can be better integrated with existing project and risk management tools, and to help make PIA a more practical and effective tool.