A privacy impact assessment is an analysis and self-audit of an organization to look for privacy risks, ensure compliance with legal requirements, and consider alternative methods of mitigating any potential privacy risks discovered.