The manager responsible for a new program or a new undertaking will assess whether a privacy impact assessment is required. They will first of all determine if personal information is involved in the new undertaking, and, if so, will do a preliminary privacy impact assessment to see whether a full-blown PIA is required. If so, we then strike a committee. We have representatives on the committee from various sectors, including legal, security, ATIP, and the branch or division that is introducing a new undertaking.
On June 5th, 2008. See this statement in context.