Impact Assessments in the Design Phase
An impact assessment is a risk management tool assessing an AI system's benefits, risks and limitations across the life cycle. The AIA covers data issues; a DPIA tackles personal-data risk; a PIA confirms PII handling complies.
An Impact assessment is a risk management tool assessing an AI system's benefits, risks and limitations across the life cycle. Perform or review one at design time.
| Assessment | What it does |
|---|---|
| Algorithmic IA (AIA) | Covers the data issues and documents the stakeholder group's decisions - risk identification and mitigation, and who approves and accepts risk on the organisation's behalf. The Government of Canada publishes an AIA tool. |
| DPIA | A means to identify risks coming out of the processing of personal data and minimise them as much as possible. |
| PIA | An analysis of how personally identifiable information is handled - confirms handling conforms to applicable privacy requirements. |
Build off existing DPIAs and PIAs where possible → but their limitation is that they are not tailored specifically for AI applications → identify the gaps between existing processes and a comprehensive algorithmic impact assessment. Consider a PIA on the underlying training data, add a DPIA since a PIA won't cover everything an AI governance document needs, and adapt existing assessments to the AI project.