U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

privacy impact assessment (PIA)

Abbreviation(s) and Synonym(s):

Definition(s):

  An analysis of how information is handled to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; to determine the risks and effects of creating, collecting, using, processing, storing, maintaining, disseminating, disclosing, and disposing of information in identifiable form in an electronic information system; and to examine and evaluate protections and alternate processes for handling information to mitigate potential privacy concerns. A privacy impact assessment is both an analysis and a formal document detailing the process and the outcome of the analysis.
Source(s):
NIST SP 800-37 Rev. 2 under privacy impact assessment
NIST SP 800-53 Rev. 5 under privacy impact assessment from OMB Circular A-130 (2016)
NIST SP 800-53A Rev. 5 under privacy impact assessment from OMB Circular A-130 (2016)
NIST SP 800-53B under privacy impact assessment from OMB Circular A-130 (2016)

  “An analysis of how information is handled that ensures handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; determines the risks and effects of collecting, maintaining and disseminating information in identifiable form in an electronicinformation system; and examines and evaluates protections and alternative processes for handling information to mitigate potential privacy risks.”
Source(s):
NIST SP 800-122 under Privacy Impact Assessment (PIA) from OMB M-03-22

  An analysis of how information is handled 1) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; 2) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and 3) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.
Source(s):
CNSSI 4009-2015 from OMB Memorandum 03-22

  An analysis of how information is handled: (i) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; (ii) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and (iii) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.
Source(s):
NIST SP 800-18 Rev. 1 under Privacy Impact Assessment from OMB Memorandum 03-22

  An analysis of how information is handled: (i) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; (ii) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and (iii) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.
Source(s):
NIST SP 800-60 Vol. 1 Rev. 1 under Privacy Impact Assessment (PIA) from OMB Memorandum 03-22
NIST SP 800-60 Vol. 2 Rev. 1 under Privacy Impact Assessment (PIA) from OMB Memorandum 03-22