The E-Government Act of 2002, Section 208, requires all agencies to assess the impact on privacy for systems that collect personally identifiable information (PII). Let our certified information privacy professionals (CIPP) help alleviate any compliance concerns.
Privacy Threshold Analysis (PTA)
PTA identifies whether a system, application or program collects or maintains PII or otherwise impacts privacy. A completed PTA shall dictate whether conducting a PIA or System of Records Notice (SORN) is required.
A PTA should be completed as early as possible during the design and development of, or any significant modification to, a project in which the organization knows it
will, or is unsure whether it will, create, collect, use, process, store, maintain, disseminate, disclose, or dispose of personally identifiable information.
Privacy Impact Assessments (PIA)
As a general matter, Federal agencies are required to conduct privacy impact assessments, absent an applicable exception, when they develop, procure, or use IT to create, collect, use, process, store, maintain, disseminate, disclose, or dispose of PII.
A PIA can help an organization to gain the public’s trust and confidence that privacy has been built into the design of a project, technology, or service. Trust is built on transparency, and a PIA is a disciplined process that promotes open communications, common understanding, and transparency.
CyberSuite Privacy Compliance
Recognizing that information systems may undergo changes throughout their life cycle, we will ensure changes to the system be evaluated with regard to their effect on individuals’ privacy.
- We will help define the scope of the information in the information technology, specifically the nature of the information and the sources from which it is obtained.
- CyberSuite can assist personnel on how to effectively conduct a PIA and how to properly document this assessment.
- We will ensure privacy protections are built into the system from the start – not after the fact – when they can be far more costly or could affect the viability of the project.
- CyberSuite will coordinate communications among the system manager/owner, other senior component privacy officials, and the Office of Privacy and Civil Liberties (OPCL), to make the PIA comprehensive and meaningful and to ensure appropriate and timely handling of privacy concerns.