PRIVACY IMPACT ASSESSMENT (PIA)
[ORGANIZATION NAME]
ASSESSMENT INFORMATION
| Field | Information |
|---|---|
| Assessment ID | PIA-[YEAR]-[NUMBER] |
| Assessment Date | |
| Project/Initiative Name | |
| Business Owner | |
| Privacy Contact | |
| Assessment Status | ☐ Draft ☐ In Review ☐ Approved ☐ Reassessment |
SECTION 1: PROJECT OVERVIEW
1.1 Project Description
Brief Description of the Project/Processing Activity:
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
Business Purpose and Objectives:
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
1.2 Project Classification
Type of Processing Activity:
☐ New product or service
☐ New data collection
☐ Modification to existing processing
☐ New technology implementation
☐ Third-party data sharing
☐ Automated decision-making / AI
☐ Profiling
☐ Marketing / advertising
☐ Research / analytics
☐ Other: _______________________________
1.3 Assessment Triggers
This PIA is being conducted because (check all that apply):
☐ Processing of sensitive personal data
☐ Large-scale processing
☐ Systematic monitoring
☐ Profiling with legal/significant effects
☐ Automated decision-making
☐ Processing of children's data
☐ New technology
☐ Targeted advertising
☐ Sale of personal data
☐ Cross-border data transfer
☐ Processing that presents heightened risk of harm
☐ Regulatory requirement
☐ Company policy / standard practice
☐ Other: _______________________________
SECTION 2: DATA INVENTORY
2.1 Personal Data Collected/Processed
Categories of Personal Data:
| Data Category | Specific Elements | Collected | Purpose |
|---|---|---|---|
| Identifiers | ☐ Name ☐ Email ☐ Address ☐ Phone ☐ IP Address ☐ Device ID ☐ Account ID ☐ SSN ☐ Other: _____ | ☐ Yes ☐ No | |
| Demographics | ☐ Age ☐ Gender ☐ Language ☐ Other: _____ | ☐ Yes ☐ No | |
| Contact Information | ☐ Email ☐ Phone ☐ Address ☐ Other: _____ | ☐ Yes ☐ No | |
| Commercial | ☐ Purchase history ☐ Browsing history ☐ Product preferences ☐ Other: _____ | ☐ Yes ☐ No | |
| Financial | ☐ Payment info ☐ Bank account ☐ Credit history ☐ Other: _____ | ☐ Yes ☐ No | |
| Online Activity | ☐ Browsing ☐ Search history ☐ Clicks ☐ App usage ☐ Other: _____ | ☐ Yes ☐ No | |
| Geolocation | ☐ Precise ☐ Approximate ☐ IP-derived ☐ Other: _____ | ☐ Yes ☐ No | |
| Professional | ☐ Employment ☐ Job title ☐ Employer ☐ Other: _____ | ☐ Yes ☐ No | |
| Education | ☐ Schools ☐ Degrees ☐ Transcripts ☐ Other: _____ | ☐ Yes ☐ No | |
| Inferences | ☐ Preferences ☐ Behaviors ☐ Characteristics ☐ Other: _____ | ☐ Yes ☐ No |
2.2 Sensitive Personal Data
Does this processing involve sensitive personal data? ☐ Yes ☐ No
If yes, specify:
| Sensitive Category | Collected | Justification |
|---|---|---|
| Racial or ethnic origin | ☐ Yes ☐ No | |
| Religious beliefs | ☐ Yes ☐ No | |
| Political opinions | ☐ Yes ☐ No | |
| Union membership | ☐ Yes ☐ No | |
| Health information | ☐ Yes ☐ No | |
| Sex life / sexual orientation | ☐ Yes ☐ No | |
| Genetic data | ☐ Yes ☐ No | |
| Biometric data | ☐ Yes ☐ No | |
| Precise geolocation | ☐ Yes ☐ No | |
| Account credentials with access codes | ☐ Yes ☐ No | |
| Citizenship / immigration status | ☐ Yes ☐ No | |
| Transgender / nonbinary status | ☐ Yes ☐ No | |
| Children's data (under 13/16/18) | ☐ Yes ☐ No |
2.3 Data Subjects
Categories of Individuals:
☐ Customers / consumers
☐ Prospective customers
☐ Employees
☐ Job applicants
☐ Contractors
☐ Business contacts
☐ Website visitors
☐ Children (under 13)
☐ Minors (13-17)
☐ Other: _______________________________
Estimated Number of Data Subjects Affected:
☐ <1,000 ☐ 1,000-10,000 ☐ 10,000-100,000 ☐ 100,000-1M ☐ >1M
SECTION 3: DATA FLOW ANALYSIS
3.1 Data Collection
How is data collected?
☐ Directly from individuals (forms, account creation)
☐ Automatically (cookies, device information)
☐ From third parties (data brokers, partners)
☐ From publicly available sources
☐ Through observation/monitoring
☐ Through inference/derivation
☐ Other: _______________________________
Collection Points:
| Collection Point | Data Collected | Notice Provided |
|---|---|---|
| ☐ Yes ☐ No | ||
| ☐ Yes ☐ No | ||
| ☐ Yes ☐ No |
3.2 Data Use
Processing Purposes:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| [PRIMARY PURPOSE] | ☐ Consent ☐ Contract ☐ Legal Obligation ☐ Legitimate Interest ☐ Other | |
| [SECONDARY PURPOSE] | ☐ Consent ☐ Contract ☐ Legal Obligation ☐ Legitimate Interest ☐ Other | |
| [ADDITIONAL PURPOSE] | ☐ Consent ☐ Contract ☐ Legal Obligation ☐ Legitimate Interest ☐ Other |
3.3 Data Storage
Where will data be stored?
| Storage Location | Data Stored | Provider | Security Measures |
|---|---|---|---|
Geographic Location(s):
☐ United States (specify state(s)): _______________________________
☐ European Union: _______________________________
☐ Other international: _______________________________
3.4 Data Sharing
Will data be shared with third parties? ☐ Yes ☐ No
| Third Party | Data Shared | Purpose | Contract in Place |
|---|---|---|---|
| ☐ Yes ☐ No | |||
| ☐ Yes ☐ No | |||
| ☐ Yes ☐ No |
Is data sold or shared for cross-context behavioral advertising? ☐ Yes ☐ No
3.5 Data Retention
Retention Period: _______________________________
Retention Justification:
_______________________________________________________________________________
Deletion/Anonymization Method:
_______________________________________________________________________________
SECTION 4: RISK ASSESSMENT
4.1 Risk Identification
Potential Risks to Individuals:
| Risk Category | Applicable | Description | Likelihood | Severity | Risk Level |
|---|---|---|---|---|---|
| Unauthorized access/disclosure | ☐ Yes ☐ No | ☐ Low ☐ Medium ☐ High | ☐ Low ☐ Medium ☐ High | ||
| Data breach | ☐ Yes ☐ No | ☐ Low ☐ Medium ☐ High | ☐ Low ☐ Medium ☐ High | ||
| Identity theft/fraud | ☐ Yes ☐ No | ☐ Low ☐ Medium ☐ High | ☐ Low ☐ Medium ☐ High | ||
| Financial harm | ☐ Yes ☐ No | ☐ Low ☐ Medium ☐ High | ☐ Low ☐ Medium ☐ High | ||
| Reputational harm | ☐ Yes ☐ No | ☐ Low ☐ Medium ☐ High | ☐ Low ☐ Medium ☐ High | ||
| Discrimination | ☐ Yes ☐ No | ☐ Low ☐ Medium ☐ High | ☐ Low ☐ Medium ☐ High | ||
| Unfair/deceptive treatment | ☐ Yes ☐ No | ☐ Low ☐ Medium ☐ High | ☐ Low ☐ Medium ☐ High | ||
| Loss of autonomy/control | ☐ Yes ☐ No | ☐ Low ☐ Medium ☐ High | ☐ Low ☐ Medium ☐ High | ||
| Physical harm | ☐ Yes ☐ No | ☐ Low ☐ Medium ☐ High | ☐ Low ☐ Medium ☐ High | ||
| Intrusion/surveillance | ☐ Yes ☐ No | ☐ Low ☐ Medium ☐ High | ☐ Low ☐ Medium ☐ High | ||
| Chilling effects on rights | ☐ Yes ☐ No | ☐ Low ☐ Medium ☐ High | ☐ Low ☐ Medium ☐ High | ||
| Harm to minors | ☐ Yes ☐ No | ☐ Low ☐ Medium ☐ High | ☐ Low ☐ Medium ☐ High | ||
| Other: ______________ | ☐ Yes ☐ No | ☐ Low ☐ Medium ☐ High | ☐ Low ☐ Medium ☐ High |
Risk Level Calculation:
| Likelihood / Severity | Low | Medium | High |
|---|---|---|---|
| Low | Low | Low | Medium |
| Medium | Low | Medium | High |
| High | Medium | High | Critical |
4.2 Vulnerable Populations
Does processing affect vulnerable populations? ☐ Yes ☐ No
☐ Children
☐ Elderly
☐ Financially disadvantaged
☐ Individuals with disabilities
☐ Other: _______________________________
Additional Protections Needed:
_______________________________________________________________________________
SECTION 5: NECESSITY AND PROPORTIONALITY
5.1 Necessity Assessment
Is each data element necessary for the stated purpose?
| Data Element | Purpose | Necessary | Justification |
|---|---|---|---|
| ☐ Yes ☐ No | |||
| ☐ Yes ☐ No | |||
| ☐ Yes ☐ No |
Can the purpose be achieved with less data? ☐ Yes ☐ No
If yes, what alternatives were considered?
_______________________________________________________________________________
5.2 Proportionality Assessment
Do the benefits of processing outweigh the risks to individuals?
☐ Yes, benefits clearly outweigh risks
☐ Yes, with mitigation measures
☐ Uncertain - requires further review
☐ No - processing should not proceed
Analysis:
_______________________________________________________________________________
_______________________________________________________________________________
_______________________________________________________________________________
SECTION 6: PRIVACY PRINCIPLES COMPLIANCE
6.1 Transparency and Notice
☐ Privacy notice/policy updated to cover this processing
☐ Notice provided at point of collection
☐ Purposes clearly disclosed
☐ Third-party sharing disclosed
☐ Rights information provided
6.2 Choice and Consent
Consent Required? ☐ Yes ☐ No
If yes:
☐ Consent is freely given
☐ Consent is specific
☐ Consent is informed
☐ Consent is unambiguous
☐ Mechanism to withdraw consent exists
Opt-Out Required? ☐ Yes ☐ No
If yes:
☐ Opt-out mechanism implemented
☐ Universal opt-out signal recognized
6.3 Data Minimization
☐ Only data necessary for purpose is collected
☐ Data collection is limited to what is disclosed
☐ Excessive data is not collected "just in case"
6.4 Purpose Limitation
☐ Data used only for disclosed purposes
☐ Secondary uses compatible with original purpose OR consent obtained
☐ No undisclosed uses
6.5 Data Quality
☐ Mechanisms to ensure accuracy exist
☐ Individuals can correct inaccurate data
☐ Data is kept up to date where necessary
6.6 Storage Limitation
☐ Retention period defined
☐ Retention no longer than necessary
☐ Deletion/anonymization procedures exist
6.7 Security
☐ Appropriate security measures implemented
☐ Access controls in place
☐ Encryption used where appropriate
☐ Security monitoring in place
6.8 Individual Rights
☐ Access requests can be fulfilled
☐ Deletion requests can be processed
☐ Correction requests can be processed
☐ Portability requests can be fulfilled (where applicable)
☐ Opt-out requests can be honored
SECTION 7: MITIGATION MEASURES
7.1 Proposed Mitigations
| Risk | Mitigation Measure | Owner | Status | Residual Risk |
|---|---|---|---|---|
| ☐ Planned ☐ Implemented | ☐ Low ☐ Medium ☐ High | |||
| ☐ Planned ☐ Implemented | ☐ Low ☐ Medium ☐ High | |||
| ☐ Planned ☐ Implemented | ☐ Low ☐ Medium ☐ High | |||
| ☐ Planned ☐ Implemented | ☐ Low ☐ Medium ☐ High |
7.2 Privacy by Design Measures
☐ Data minimization built into design
☐ Privacy-protective defaults
☐ De-identification/pseudonymization used
☐ Access controls implemented
☐ Encryption implemented
☐ Audit logging enabled
☐ User controls provided
☐ Other: _______________________________
SECTION 8: AUTOMATED DECISION-MAKING / AI
(Complete if processing involves automated decisions)
8.1 Automated Processing Details
Type of Automated Processing:
☐ Fully automated (no human involvement)
☐ Partially automated (human review available)
☐ AI/Machine Learning used
☐ Profiling
Description of Logic:
_______________________________________________________________________________
_______________________________________________________________________________
8.2 Significant Decisions
Does automated processing produce decisions with legal or similarly significant effects?
☐ Yes ☐ No
If yes, describe effects:
_______________________________________________________________________________
8.3 Safeguards
☐ Human review available
☐ Right to contest decision
☐ Explanation of logic available
☐ Bias testing conducted
☐ Regular accuracy review
SECTION 9: THIRD-PARTY AND CROSS-BORDER TRANSFERS
9.1 Third-Party Processors
| Processor | Processing Activity | DPA in Place | Location |
|---|---|---|---|
| ☐ Yes ☐ No | |||
| ☐ Yes ☐ No |
9.2 International Transfers
Is data transferred outside the US? ☐ Yes ☐ No
If yes:
| Destination | Transfer Mechanism | Adequacy/Safeguards |
|---|---|---|
| ☐ SCCs ☐ BCRs ☐ Adequacy ☐ Consent ☐ Other |
SECTION 10: ASSESSMENT CONCLUSION
10.1 Overall Risk Assessment
Initial Risk Level: ☐ Low ☐ Medium ☐ High ☐ Critical
Residual Risk Level (after mitigations): ☐ Low ☐ Medium ☐ High ☐ Critical
10.2 Recommendation
☐ Approve - Processing may proceed without conditions
☐ Approve with Conditions - Processing may proceed with the following conditions:
- [ ] Condition 1: _______________________________
- [ ] Condition 2: _______________________________
- [ ] Condition 3: _______________________________
☐ Defer - Additional review required before decision
☐ Reject - Processing should not proceed due to unacceptable risk
10.3 Reassessment Schedule
Reassessment Required: ☐ 6 months ☐ 12 months ☐ 24 months ☐ Upon material change
Trigger Events for Reassessment:
☐ Change in data collected
☐ Change in processing purpose
☐ New third-party sharing
☐ Security incident
☐ Regulatory change
☐ Consumer complaints
SECTION 11: APPROVALS
11.1 Assessment Prepared By
Name: _______________________________
Title: _______________________________
Date: _______________________________
Signature: _______________________________
11.2 Privacy Review
Name: _______________________________
Title: _______________________________
Date: _______________________________
Signature: _______________________________
Comments:
_______________________________________________________________________________
11.3 Legal Review (if required)
☐ Legal review required ☐ Legal review not required
Name: _______________________________
Title: _______________________________
Date: _______________________________
Signature: _______________________________
Comments:
_______________________________________________________________________________
11.4 Final Approval
Name: _______________________________
Title: _______________________________
Date: _______________________________
Signature: _______________________________
Decision: ☐ Approved ☐ Approved with Conditions ☐ Deferred ☐ Rejected
DOCUMENT CONTROL
| Version | Date | Author | Changes |
|---|---|---|---|
| 1.0 | [DATE] | [NAME] | Initial assessment |
This Privacy Impact Assessment is confidential and should be retained in accordance with the organization's record retention policy.
SOURCES AND REFERENCES
- CCPA/CPRA, Cal. Civ. Code § 1798.185(a)(15) (Risk Assessments)
- CPPA ADMT Regulations, 11 CCR § 7030 et seq.
- Colorado Privacy Act, C.R.S. § 6-1-1309 (Data Protection Assessments)
- Virginia Consumer Data Protection Act, Va. Code § 59.1-580
- Connecticut Data Privacy Act, Conn. Gen. Stat. § 42-521
- Texas Data Privacy and Security Act, Tex. Bus. & Com. Code § 541.105(b)
- GDPR Article 35 (Data Protection Impact Assessment)
- NIST Privacy Framework 1.0 (Jan. 2020)
- NIST SP 800-122, "Guide to Protecting the Confidentiality of PII"
- ISO/IEC 27701:2019, Privacy Information Management
- Article 29 Working Party, "Guidelines on Data Protection Impact Assessment" (WP 248 rev.01)
This template is provided for informational purposes only and does not constitute legal advice. Consult qualified legal counsel before use.
About This Template
Jurisdiction-Specific
This template is drafted for general use across all U.S. jurisdictions. State-specific versions with local statutory references are also available.
How It's Made
Drafted using current statutory databases and legal standards for compliance regulatory. Each template includes proper legal citations, defined terms, and standard protective clauses.
Important Notice
This template is provided for informational purposes. It is not legal advice. We recommend having an attorney review any legal document before signing, especially for high-value or complex matters.
Last updated: April 2026