9. Authorisation and publication
The PIA report should be signed by your Information Asset Owner ( IAO). The IAO will be the Deputy Director or Head of Division.
Before signing the PIA report, an IAO should ensure that she/he is satisfied that the impact assessment is robust, has addressed all the relevant issues and that appropriate actions have been taken.
By signing the PIA report, the IAO is confirming that the impact of applying the policy has been sufficiently assessed against the individuals’ right to privacy.
The results of the impact assessment must be published in the eRDM with the phrase “Privacy Impact Assessment ( PIA) report” and the name of the project or initiative in the title.
Details of any relevant information asset must be added to the Information Asset Register, with a note that a PIA has been conducted.
I confirm that the impact of delivering Work First Scotland has been sufficiently assessed against the needs of the privacy duty:
Gavin Gray (Deputy Director, Employability Programme Division)
Date each version authorised
Version 1.0: 30 March 2017