An analysis of how information is handled to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; to determine the risks and effects of creating, collecting, using, processing, storing, maintaining, disseminating, disclosing, and disposing of information in identifiable form in an electronic information system; and to examine and evaluate protections and alternate processes for handling information to mitigate potential privacy concerns. A privacy impact assessment is both an analysis and a formal document detailing the process and the outcome of the analysis.
Sources:
NIST SP 800-37 Rev. 2
under privacy impact assessment
from
OMB Circular A-130 (2016)
NIST SP 800-53 Rev. 5
under privacy impact assessment
from
OMB Circular A-130 (2016)
NIST SP 800-53A Rev. 5
under privacy impact assessment
from
OMB Circular A-130 (2016)
NIST SP 800-53B
under privacy impact assessment
from
OMB Circular A-130 (2016)
“An analysis of how information is handled that ensures handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; determines the risks and effects of collecting, maintaining and disseminating information in identifiable form in an electronicinformation system; and examines and evaluates protections and alternative processes for handling information to mitigate potential privacy risks.”
Sources:
NIST SP 800-122
under Privacy Impact Assessment (PIA)
from
OMB M-03-22
An analysis of how information is handled 1) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; 2) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and 3) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.
Sources:
CNSSI 4009-2015
from
OMB Memorandum 03-22
An analysis of how information is handled: (i) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; (ii) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and (iii) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.
Sources:
NIST SP 800-18 Rev. 1
under Privacy Impact Assessment
from
OMB Memorandum 03-22
An analysis of how information is handled:
(i) to ensure handling conforms to applicable legal, regulatory,
and policy requirements regarding privacy;
(ii) to determine the risks and effects of collecting, maintaining,
and disseminating information in identifiable form in an
electronic information system; and
(iii) to examine and evaluate protections and alternative processes
for handling information to mitigate potential privacy risks.
Sources:
NIST SP 800-60 Vol. 1 Rev. 1
under Privacy Impact Assessment (PIA)
from
OMB Memorandum 03-22
NIST SP 800-60 Vol. 2 Rev. 1
under Privacy Impact Assessment (PIA)
from
OMB Memorandum 03-22