Understanding the Privacy Impact Assessment PIA - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

Understanding the Privacy Impact Assessment PIA

Description:

Are evaluated for privacy risks. - Are designed with Privacy Act life cycle ... Identify in Privacy Act system of records notice in the Federal Register ... – PowerPoint PPT presentation

Number of Views:326
Avg rating:3.0/5.0
Slides: 11
Provided by: marilyn49
Category:

less

Transcript and Presenter's Notes

Title: Understanding the Privacy Impact Assessment PIA


1
Understanding the Privacy Impact Assessment (PIA)
  • Introduction
  • The PIA is a checklist or tool to ensure that
    new or modified electronic collections of
    information on individuals
  • - Are evaluated for privacy risks.
  • - Are designed with Privacy Act life
    cycle management requirements (collection,
    maintenance, use, safeguards and records
    scheduling).
  • - Ensure that appropriate privacy
    protection measures are in place.

2
Understanding the Privacy Impact Assessment (PIA)
  • When do you Complete a PIA?
  • At different stages of a projects life cycle
    -each phase may have new privacy risks.
  • When collecting information from websites
    (eforms, surveys, etc)

3
Understanding the Privacy Impact Assessment (PIA)
  • When Do You Submit Copies?
  • DOI IT Security Asset-Valuations
  • DOI IT Security Certification and Accredidations
  • OMB Exhibit 300s
  • Identify on websites collecting information from
    the public
  • Identify in Privacy Act system of records notice
    in the Federal Register
  • Identify in OMB Information Collection Clearance
    packages

4
Understanding the Privacy Impact Assessment (PIA)
  • DOI Requirements
  • DOIs PIA requirements extend to all systems that
    contain information on individuals (includes
    systems with information on BOTH employees and
    members of the public)
  • (OMBs provides option in (OMB - M-03-22)).
  • DOI requires that all systems perform a
    preliminary review for information on
    individuals - DONT CONFUSE THIS WITH DOING A
    COMPLETE PIA

5
Understanding the Privacy Impact Assessment (PIA)
  • DOI Requirements
  • The preliminary review is documentation to
    verify that weve looked at all systems to
    determine if they maintain information on
    individuals (keep it with the metadata).
  • Doing this preliminary review (completing The
    PIA template questions up to B.1.a.) will help
    you to determine if you need to continue on and
    complete the PIA.

6
Understanding the Privacy Impact Assessment (PIA)
  • DOI Requirements
  • If you determine that there is no information on
    individuals in the system then there is no point
    in completing the rest of the PIA document.

7
Understanding the Privacy Impact Assessment (PIA)
  • OMBs Requirement for
  • Exhibit 300s
  • OMBs requirement for Exhibit 300s is narrower
    than DOIs.
  • OMB only requires a PIA for systems that maintain
    information on individuals WHO ARE MEMBERS OF THE
    PUBLIC.

8
Understanding the Privacy Impact Assessment (PIA)
  • OMBs Requirement for
  • Exhibit 300s
  • OMB has explained that General Support Systems
    would require a PIA when it maintains
    information on individuals (i.e., collects,
    stores, uses, disposes of the information).
  • In regard to networks, if these are just conduits
    of information and not maintained in regard to
    the above a PIA is not required.

9
Understanding the Privacy Impact Assessment (PIA)
  • OMBs Requirement for
  • Exhibit 300s
  • OMB is NOT interested in the DOI preliminary
    reviews or PIAs done for systems that maintain
    information on employees (optional)
  • Mark No PIA when there is found to be no
    information on individuals in the system
    (Remember the preliminary review is NOT a
    PIA)

10
Understanding the Privacy Impact Assessment (PIA)
  • References
  • OMB Memo of 9/26/03 (M-03-22) on implementing the
    Privacy Provisions of the E-Government Act
  • OCIO Directive of 10/18/02 on implementing PIAs
  • Privacy reference material on the DOI Privacy
    Program Webpage
  • www.doi.gov/ocio/privacy
Write a Comment
User Comments (0)
About PowerShow.com