ABSTRACT

Privacy impact assessments (PIAs) are emerging as an important privacy management tool for public and private sector organizations. However, a key concern of PIA policy and practice is the lack of follow-up and means to evaluate its conduct at different levels, particularly so that different stakeholders can make sense of PIA practice as evidenced in PIA reports. This article first outlines the evaluation criteria established under the EU Privacy Impact Assessment Framework project and attempts to find the best means of extending their application to help assess PIAs, based on good practice.