Integrating privacy impact assessment in risk management

David Wright, Kush Wadhwa, Monica Lagazio, Charles Raab, Eric Charikane

Research output: Contribution to journalArticlepeer-review

Abstract / Description of output

This article presents the results of a study performed in 2013 for the United Kingdom (UK) Information Commissioner's Office (ICO) on improving the integration of a privacy impact assessment (PIA) with risk management and project management methodologies and making recommendations for the revision of the ICO's PIA Handbook.

The study included a large-scale survey of organizations' use of these methodologies and consonance with the Handbook; case studies based on in-depth interviews; and an analysis of methodologies with a view to their integration with PIA.

The main finding was that there are possibilities for integrating PIA into project and risk management practices. However, such integration would require some re-allocation and development of relevant roles, and the creation of a privacy-aware culture so that privacy risk can be assessed early enough in an organization's cycles to make a difference to the information systems, processes, and policies that are produced.

The study team made recommendations to the ICO and other organizations that use PIAs. The findings and recommendations have applicability not only to organizations in the UK, but in other countries as well.
Original languageEnglish
Pages (from-to)155-170
Number of pages16
JournalInternational Data Privacy Law
Issue number2
Publication statusPublished - 1 May 2014


Dive into the research topics of 'Integrating privacy impact assessment in risk management'. Together they form a unique fingerprint.

Cite this