Privacy Impact Assessments

Privacy Impact Assessments (PIAs) are required by the E-Government Act of 2002 whenever a federal agency is "developing or procuring information technology ... or initiating a new collection of information ... in an identifiable form ..." The purpose of a Privacy Impact Assessment is to ensure there is no collection, storage, access, use or dissemination of identifiable personal information (and for some organizations, business information) that is not both needed and permitted.

Guidance

E-Government Act of 2002 ... (PDF, 220 KB)

We do PIAs to ensure that:

-- The public is aware of the information we collect about them

-- Any impact these systems have on personal privacy is adequately addressed

-- We collect only enough personal information to administer our programs, and no more

In addition, PIAs confirm that we use the information for the purpose intended; that the information remains timely and accurate; and, that it is protected while we have it and that we hold it only for as long as we need it.

OMB PIA Guidance

DoDI 5400.16, Dod Privacy Impact Accessment (PIA) Guidance, 12 Feb 09 ... (PDF, 380 KB)

Other Sites

Privacy Impact Assessments

AFI 33-332 para 5.1.1. The E-Government Act of 2002 establishes business processes to “provide enhanced access to Government information and services in a manner consistent with laws regarding protection of personal privacy, national security, records retention, and access for persons with disabilities, and other relevant laws.” The Act inserted the Privacy Impact Assessment (PIA) into the government IT lifecycle. PIAs are required for all IT systems that collect, maintain, or disseminate information in identifiable form or that make substantial changes to existing information technology that manages information in identifiable form. PIA implementation for DoD IT investments is defined in DoDI 5400.16.
Click Here to access current Air Force Pia list