During which of the following system lifecycle stages is it BEST to conduct a privacy impact assessment (PIA) on a system that holds personal data?

During which of the following system lifecycle stages is it BEST to conduct a privacy impact assessment (PIA) on a system that holds personal data?
A . Functional testing
B . Development
C . Production
D . User acceptance testing (UAT)

View Answer

Answer: B

Explanation:

A PIA is a systematic process to identify and evaluate the potential privacy impacts of a system, project, program or initiative that involves the collection, use, disclosure or retention of personal data. A PIA should be conducted as early as possible in the system lifecycle, preferably during the development stage, to ensure that privacy risks are identified and mitigated before the system is deployed. Conducting a PIA during functional testing, UAT or production stages may be too late to address privacy issues effectively and may result in costly rework or delays1, p. 67

Reference: 1: CDPSE Review Manual (Digital Version)