# Privacy Impact Assessment Template

## Intake
- Product / feature:
- Owner:
- Launch date:
- Data categories:
- Sensitive / regulated data:
- Users affected:
- Countries / states:
- Vendors / SDKs:
- AI / automated decision-making:
- Children / students / patients / financial consumers:

## Required analysis
1. Purpose and necessity.
2. Data minimization and proportionality.
3. Notice, consent, opt-out, and app-store disclosures.
4. Sale/share/targeted advertising and GPC/UOOM controls.
5. Retention/deletion and legal holds.
6. Security controls and access restrictions.
7. Vendor contracts and subprocessors.
8. Cross-border or DOJ Data Security Program restrictions.
9. Regulated-sector review: HIPAA, HBNR, consumer health data, FERPA, GLBA, FDA, biometric, children/minors.
10. Residual risks, approvals, launch conditions, and monitoring.
