9. Authorisation and publication
The PIA report should be signed by your Information Asset Owner ( IAO). The IAO will be the Deputy Director or Head of Division.
Before signing the PIA report, an IAO should ensure that she/he is satisfied that the impact assessment is robust, has addressed all the relevant issues and that appropriate actions have been taken.
By signing the PIA report, the IAO is confirming that the impact of applying the policy has been sufficiently assessed against the individuals' right to privacy.
The results of the impact assessment must be published in the eRDM with the phrase "Privacy Impact Assessment ( PIA) report" and the name of the project or initiative in the title.
Details of any relevant information asset must be added to the Information Asset Register, with a note that a PIA has been conducted.
I confirm that the impact of the relevant provisions of the Human Tissue (Authorisation) (Scotland) Bill has been sufficiently assessed against the needs of the privacy duty:
Name and job title of a IAO or equivalent
Gareth Brown, Deputy Director,
Scottish Government, Health Protection Division
Date each version authorised
24 May 2018
There is a problem
Thanks for your feedback