This document provides practitioners a framework with which to examine the privacy implications of their information systems and information sharing collaborations.
In addition to an overview of the Privacy Impact Assessment (PIA) process, this guide contains a template that leads policy developers through a series of appropriate PIA questions that evaluate the process through which personally identifiable information is collected, stored, protected, shared, and managed. Results from the analysis performed during the PIA process can be used to design and implement privacy policies which address the vulnerabilities identified. Stages of the assessment examined include: educating and raising awareness on the importance of having privacy, civil rights, and civil liberties protections within the agency; assessing agency privacy risks by evaluating the process through which an agency collects, stores, protects, shares, and manages information; developing the privacy policy to articulate the policy position of an organization on how it handles information the agency seeks or receives and uses in the normal course of business; performing a policy evaluation to determine whether the privacy policy adequately addresses current standards and privacy protection recommendations; implementing and training personnel and authorized users on the established rules and procedures; and conducting an annual review to make appropriate changes in response to applicable laws, technology, and public expectations.