Why are PIAs required? - 18F/DOI-Digital-Services-PIA-UX GitHub Wiki

The PIA is an analysis of how information is handled, or specifically it is an assessment of how PII is collected, used, maintained and disseminated. The PIA is an important tool used to identify, evaluate and analyze potential privacy risks associated with the development or use of information systems or applications. The objective of the PIA is to assist DOI Information System Owners and program managers to identify and address information privacy when planning, developing, implementing, and operating agency information management systems that maintain information on individuals, and consider privacy implications throughout the development life cycle of a system in order to mitigate any impact on individual privacy. The PIA also facilitates government transparency as it informs the public on what information DOI is collecting or maintaining, why the information is collected, how the information is used, how the information is accessed and stored, and how the information is safeguarded.

The PIA process helps to identify sensitive systems to ensure that appropriate information assurance measures are in place, such as encrypted storage media, secured transmission, special handling instructions, and access controls. In addition to a completed PIA, the security plan or business rules should include specific access controls and disclosure restrictions for protection of privacy information and implementing Privacy Act requirements when applicable. Identifying sensitive information and awareness of the proper ways of handling that sensitive information are major steps in ensuring that information is protected.

The goals accomplished in completing a PIA include:

  • Making informed policy and system design or procurement decisions. These decisions must be based on an understanding of privacy risk and of options available for mitigating that risk;
  • Accountability for privacy issues;
  • Analyzing both technical and legal compliance with applicable privacy laws and regulations, as well as accepted privacy policy; and
  • Providing documentation on the flow of personal information and information requirements within DOI systems.

The PIA process requires collaboration between the Information System Owner, Program Manager, Information System Security Officer, the Bureau/Office Records Officer, the Bureau/Office Privacy Officer, and the Departmental Privacy Office to ensure potential privacy risks are addressed and appropriate privacy protections are implemented. PIAs must be updated when changes are made to systems that may raise new privacy risks, when there is a change in information handling practices or information collection or at a minimum at least every three years.

#1.1 Personally Identifiable Information Personally identifiable information (PII) is information in a program, system, collection, or technology that permits the identity of an individual to be directly or indirectly inferred, including any other information which is linked or linkable to that individual, regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department.

Any information or collection of information that connects to an individual is PII. Examples of PII include but are not limited to: name, alias, username, home mailing address, personal telephone number, personal email address, social security number (SSN), date of birth, place of birth, nationality, passport number, tribal enrollment number, bank account number, credit card number, vehicle license number, internet protocol addresses, biometric identifiers (fingerprints), photographic facial images, work or educational history, and any information that may be linked with other information to identify an individual.

PII may be much broader than “private” information, which is information that an individual would prefer not to be known to the public due to its personal or intimate nature. PII identifies a person or can be used in conjunction with other information to identify a person, regardless of whether a person would want it disclosed. For example, a license plate number is personally identifiable information because it indirectly identifies an individual, but it is not deemed “private” because it is visible to the public. PIAs require an analysis of privacy risks associated with agency collection and use of privacy protected information or PII, whether or not it is “private information” considered sensitive by individuals.

#1.2 PIAs and the Privacy Act The Privacy Act of 1974 requires agencies to publish Systems of Records Notices (SORNs) in the Federal Register that describe the categories of records on individuals that they collect, use, maintain, and disseminate. Generally, the requirements to conduct a PIA are broader than the requirements for SORNs. The PIA requirement is triggered by the collection or maintenance of information within an electronic system, while the SORN requirement is triggered by the collection or maintenance of information on individuals that is actually retrieved from any paper or electronic system by a personal identifier. Any time a change or update to information technology raises new privacy risks, an updated PIA must be completed to analyze these new risks - even if the collection of information remains the same. The SORN covering the system must also be reviewed and updated if necessary to ensure completeness and accuracy.