Blog

Concept of a Privacy Threshold Assessment

September 26, 2016

A graphic of a green gradient background.

PTA overview

Privacy Impact Assessments/Analyses (PTAs) are an important aspect of privacy compliance documentation, but aren’t the only evaluations necessary for an organization.

Privacy teams also create PTAs to preemptively detect an organization’s PII use, which, if identified, would require subsequent PIAs.

Typical PTAs include the following information:

  • Description of the system
  • What PII, if any, is collected or used
  • From whom is the PII is collected

The purpose of the Privacy Threshold Analysis (PTA) is to help a company’s departments gauge their system’s information, and determine how to appropriately treat data that has been acquired by the organization.

PTAs primarily focus on two main areas:

  • Business data and business processes within each business unit
  • Potential connections with individuals including the use of PII – any use of social security numbers must be specifically identified

 

Why do we need PTAs?

PTAs are useful for initiating communication and collaboration between a company’s departments, including: the CPO, information security officer, CIO, and even heads of the HR, marketing, IT, and operations teams.

It’s an effective tool that helps organizations analyze and record the potential privacy documentation requirements of corporate activities.

As recommended in National Institute of Standards and Technology (NIST) Special Publication 800-122:

“PTAs are used to determine if a system contains PII, whether a Privacy Impact Assessment is required, whether a System of Records Notice (SORN) is required, and if any other privacy requirements apply to the information system. PTAs should be submitted to an organization’s privacy office for review and approval. PTAs are often comprised of simple questionnaires that are completed by the system owner.”


You may also like

Webinar

Privacy Management

Managing data transfers within the UK & EU

Join our experts as we discuss ways to effectively manage data transfers between the UK & EU while staying compliant with the latest privacy regulations.

October 31, 2023

Learn more

Webinar

Data Discovery & Security

A guided tour of OneTrust Data Discovery magic

Our expert speaker will demonstrate how common real-world data challenges can be identified, addressed, and reported on, leading to better data governance, security, and alignment with business goals. 

October 26, 2023

Learn more

Webinar

Data Discovery & Security

Data minimization and risk assessment in data discovery

Explore the concept of data minimization and its crucial role in enhancing security, privacy, and reducing risk.

October 19, 2023

Learn more