Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding the Privacy Impact Assessment (PIA) Introduction The PIA is a checklist or tool to ensure that new or modified electronic collections of.

Published byDayna Shauna Byrd Modified over 8 years ago

Similar presentations

Presentation on theme: "Understanding the Privacy Impact Assessment (PIA) Introduction The PIA is a checklist or tool to ensure that new or modified electronic collections of."— Presentation transcript:

1 Understanding the Privacy Impact Assessment (PIA) Introduction The PIA is a checklist or tool to ensure that new or modified electronic collections of information on individuals: - Are evaluated for privacy risks. - Are designed with Privacy Act life cycle management requirements (collection, maintenance, use, safeguards and records scheduling). - Ensure that appropriate privacy protection measures are in place.

2 Understanding the Privacy Impact Assessment (PIA) When do you Complete a PIA?  At different stages of a project’s life cycle - each phase may have new privacy risks.  When collecting information from websites (eforms, surveys, etc)

3 Understanding the Privacy Impact Assessment (PIA) When Do You Submit Copies?  DOI IT Security Asset-Valuations  DOI IT Security Certification and Accredidations  OMB Exhibit 300s  Identify on websites collecting information from the public  Identify in Privacy Act system of records notice in the Federal Register  Identify in OMB Information Collection Clearance packages

4 Understanding the Privacy Impact Assessment (PIA) DOI Requirements  DOI’s PIA requirements extend to all systems that contain information on individuals (includes systems with information on BOTH employees and members of the public) (OMB’s provides option in (OMB - M-03-22)).  DOI requires that all systems perform a “preliminary review” for information on individuals - DON’T CONFUSE THIS WITH DOING A COMPLETE PIA

5 Understanding the Privacy Impact Assessment (PIA) DOI Requirements  The “preliminary review” is documentation to verify that we’ve looked at all systems to determine if they maintain information on individuals (keep it with the metadata).  Doing this “preliminary review” (completing The PIA template questions up to B.1.a.) will help you to determine if you need to continue on and complete the PIA.

6 Understanding the Privacy Impact Assessment (PIA) DOI Requirements  If you determine that there is no information on individuals in the system then there is no point in completing the rest of the PIA document.

7 Understanding the Privacy Impact Assessment (PIA) OMB’s Requirement for Exhibit 300s  OMB’s requirement for Exhibit 300s is narrower than DOI’s.  OMB only requires a PIA for systems that maintain information on individuals WHO ARE MEMBERS OF THE PUBLIC.

8 Understanding the Privacy Impact Assessment (PIA) OMB’s Requirement for Exhibit 300s  OMB has explained that General Support Systems would require a PIA when it “maintains” information on individuals (i.e., collects, stores, uses, disposes of the information).  In regard to networks, if these are just conduits of information and not “maintained” in regard to the above – a PIA is not required.

9 Understanding the Privacy Impact Assessment (PIA) OMB’s Requirement for Exhibit 300s  OMB is NOT interested in the DOI “preliminary reviews” or PIAs done for systems that maintain information on employees (optional)  Mark “No PIA” when there is found to be no information on individuals in the system (Remember – the “preliminary review” is NOT a PIA)

10 Understanding the Privacy Impact Assessment (PIA) References  OMB Memo of 9/26/03 (M-03-22) on implementing the Privacy Provisions of the E-Government Act  OCIO Directive of 10/18/02 on implementing PIAs  Privacy reference material on the DOI Privacy Program Webpage – www.doi.gov/ocio/privacy

Download ppt "Understanding the Privacy Impact Assessment (PIA) Introduction The PIA is a checklist or tool to ensure that new or modified electronic collections of."

Similar presentations

June 27, 2005 Preparing your Implementation Plan.

June 27, 2005 Preparing your Implementation Plan.
Procedural Safeguards

Procedural Safeguards
Privacy Impact Assessment Future Directions TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

Privacy Impact Assessment Future Directions TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Checking & Corrective Action

Checking & Corrective Action
Privacy Reporting and Investment Certification TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

Privacy Reporting and Investment Certification TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Planning for Certification in 2014. Plan your project In this presentation we present the tasks that must be completed in order to achieve certification.

Planning for Certification in Plan your project In this presentation we present the tasks that must be completed in order to achieve certification.
PAGE www.fedramp.gov Agency ATO Quick Guide 1 December 23, 2014 www.fedramp.gov.

PAGE Agency ATO Quick Guide 1 December 23,
NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.

NIH Security, FISMA and EPLC Lots of Updates! Where do we start? Kay Coupe NIH FISMA Program Coordinator Office of the Chief Information Officer Project.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Philip M. J. Graham Head of Information Communications Technology (ICT) 13 th July 2010.

Philip M. J. Graham Head of Information Communications Technology (ICT) 13 th July 2010.
Priority 1: Service Tools Mapping/ Information Sharing PROCESS FLOW CHART 8/05/2015.

Priority 1: Service Tools Mapping/ Information Sharing PROCESS FLOW CHART 8/05/2015.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
PAGE www.fedramp.gov Agency ATO Quick Guide 1 May 1, 2015 www.fedramp.gov.

PAGE Agency ATO Quick Guide 1 May 1,
QMS Documentation Click the mouse to advance slides and animations in this slide show…

QMS Documentation Click the mouse to advance slides and animations in this slide show…
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
Risk Management.

Risk Management.
DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Safeguarding Personally Identifiable Information (PII) Samuel P. Jenkins Director for Privacy Defense Privacy.

DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Safeguarding Personally Identifiable Information (PII) Samuel P. Jenkins Director for Privacy Defense Privacy.

Similar presentations

Ads by Google