To provide a formal risk management process to identify, assess, and mitigate privacy risks before development begins.
Invoked by the P-PRIVACY-BY-DESIGN protocol.
The @Compliance-Auditor or @Project-Manager executes a multi-phase workflow.
An initial check is run to determine if a full PIA is necessary (e.g., does the feature involve a new PII collection?).
If needed, a sub-team maps how data is collected, used, and stored, producing a data_flow_diagram.md and a data_inventory.json.
The @Security-Auditor analyzes the data flows against privacy principles (like GDPR) to identify risks.
For each high or medium risk, a specific mitigation strategy is defined. The final pia_report.md becomes a mandatory input for subsequent protocols.