Privacy assessments

Privacy impact assessment

A privacy impact assessment (PIA) is a process used to determine how a program or service could affect the privacy of an individual. It can also help to avoid or lessen possible negative effects on privacy that might result from a program or service. Also, a PIA is a way for the federal government to state its commitment to protect the privacy of individuals. PIAs promote transparency and accountability, and contribute to continued public confidence in the way the government manages personal information.

In accordance with the Directive on Privacy Impact Assessment, the Canada Revenue Agency conducts PIAs when new programs or services raise privacy issues or changes to programs or services affect the way personal information is collected, used, or disclosed.  

Privacy compliance evaluation

A privacy compliance evaluation (PCE) is a privacy assessment process used in place of a full privacy impact assessment for urgent COVID-19-related initiatives that do not continue beyond March 31, 2021. PCEs are carried out at the discretion of deputy heads or assistant deputy minister level delegates.

Privacy protocol assessment

A privacy protocol assessment (PPA) is a privacy assessment process designed to assess initiatives that have a non-administrative purpose (e.g., research, audit, evaluation or statistical purposes) to ensure that they comply with CRA's privacy practices. 

Privacy assessment summaries

At the links listed by fiscal year below, you can find summaries of the results of privacy assessments that the Canada Revenue Agency has conducted.

2014–2015 and earlier 

More information

If you have questions about privacy assessments at the Canada Revenue Agency, contact:

Privacy Risk Management Section
Access to Information and Privacy Directorate
555 MacKenzie Avenue, 5th Floor
Ottawa ON  K1A 0L5

613-960-5393 (Ottawa area)
1-866-333-5402 (toll free)


Page details

Date modified: