Personal Information Risk Assessment Tool (PIRAT)

Two women looking at desktop computer screen

The Personal Information Risk Assessment Tool (PIRAT) is a risk calculation application that helps anyone handling personal information (PI) understand the possible consequences individuals face when their data is compromised and encourages proactive measures based on a customised risk score and the necessary remediation steps to safeguard individuals.

What are the benefits?

  • Proactive risk management: Evaluate risks before they occur to stay ahead of possible threats and implement preventative measures to protect your customers' data and privacy.
  • Compliance: PIRAT enhances your risk and privacy assessment process and encourages privacy best practices.
  • Easy-to-use interface: PIRAT offers quick assessment, results, and simplicity of use. Receive actionable risk insights, no technical expertise is required.
  • Customer trust: Demonstrate your commitment to protecting customer information and privacy, as well as maintaining stakeholder trust.
  • Informed decision-making: Recognise the potential harm and severity of risks associated with collecting and handling high-risk, high-value personal and sensitive information to facilitate informed decisions and cybersecurity investments.

When should I use it?

  • Conduct a PIRAT assessment and add the score or report to your risk, data security, and privacy impact assessments to produce a comprehensive risk profile, demonstrate practical implementation of Information Protection Principles (IPPs), and showcase a genuine commitment to safeguarding your customers' and users' personal information.
  • Using the PIRAT at the beginning of a project and consistently throughout the project lifecycle demonstrates best practice risk management, improves controls and contributes to your privacy by design approach.

What will it deliver? 

 A customised report that contains:

  • An instant risk score (PIRAT score) 
  • Summary of risks and consequences for impacted individuals
  • List of remediation steps required to recover or protect the individual from further harm or risk.

The report can be downloaded as a PDF or printed to include in related risk reports, data inventories or Privacy Impact Assessment (PIA). 

How is the risk calculated? 

Data breach experts at ID Support NSW have developed a comprehensive calculator to determine your PIRAT score. This calculator uses an Identity Recovery Index (IRI) algorithm, which analyses over 3,650 personal data fields classified into 140 categories. Each category is assigned an objective risk value ranging from 0.05 to 7 determined by the information's usage, its attractiveness to cybercriminals, and its potential for recycling to pass identity checks like the Document Verification Service (DVS). The risk value further stratifies based on the breach's cause, assessing the likelihood of information abuse, the extent of personal harm and risk, and the complexity of the remedial and protective measures required to prevent, stop, block, or minimise further harm and misuse.

Start your assessment

Assess the data you handle against common risks and threats to understand the potential harm to individuals in the event of a data breach. 

Start your assessment

Disclaimer

The information and features provided on this page serve as general awareness and education resources. We have made every effort to create a reliable tool. However, please be aware that no application or piece of software can ensure absolute security. Consult with security experts for professional advice, as needed, where appropriate.

The Personal Information Risk Assessment Tool aims to promote improved risk practices and increase awareness regarding the risks associated with collecting, using, and disclosing personal and sensitive information. By using the tool, users acknowledge and release the creators and operators of the Personal Information Risk Assessment Tool from any associated risks.

Top of page