Opinion: Are PIAs Enough?
DATA PROTECTIONAugust 19, 2011
In a Communications of the ACM article, David Wright of Trilateral Research considers whether privacy impact assessments (PIAs) should be mandatory. As databases grow, so do data breaches. PIAs are a reasonable tool for any organization managing personal data, but are they enough? Wright says no; the most effective way to protect sensitive information is to use PIAs with a "combination of tools and strategies, which include complying with legislation and policy, using privacy-enhancing technologies and architectures and engaging in public education..." Whether PIAs will become mandatory, in the meantime, remains to be seen. (Registration may be required to access this story.)