Privacy Impact Assessments

A Privacy Impact Assessment is an analysis of how information is handled: (i) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy, (ii) to determine the risks and effects of collecting, maintaining and disseminating information in identifiable form in an electronic information system, and (iii) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.

Privacy Impact Assessments
  • Section 208 of the E-Government Act of 2002  requires federal agencies to ensure sufficient protections for the privacy of personal information. Section 208 of the E-Government Act of 2002 also establishes Government-wide requirements for reviewing, and disseminating PII by requiring a PIA of all Information Technology (IT) systems.
  • The Department of Defense (DoD) Chief Information Officer issued an update to DoD Privacy Impact Assessment (PIA) Guidance  DoD Instruction NUMBER 5400.16, dated February 12, 2009, directing that PIAs be performed on systems that contain PII on Federal personnel, DoD contractors and, in some cases, Foreign Nationals.
  • WHS is required to publish a DoD Privacy Impact Assessment (PIA) (Section 1 and 2) for WHS Information Technology (IT) systems. PIAs ensure individuals’ PII is collected in electronic form only when necessary. See the list under “PIAs for WHS Systems” for WHS systems.

For additional information on the DoD PIA Program, visit DoD CIO PIA.