US flag signifying that this is a United States Federal Government website   Official website of the Department of Homeland Security

Homeland Security

Privacy Impact Assessments

Inventory of Privacy Impact Assessments

What is a Privacy Impact Assessment (PIA)?

A decision tool used by DHS to identify and mitigate privacy risks that notifies the public:

  • What Personally Identifiable Information (PII) DHS is collecting;
  • Why the PII is being collected; and
  • How the PII will be collected, used, accessed, shared, safeguarded and stored.

A PIA should accomplish three goals:

  1. Ensure conformance with applicable legal, regulatory, and policy requirements for privacy;
  2. Determine the risks and effects; and
  3. Evaluate protections and alternative processes to mitigate potential privacy risks.

DHS conducts a PIA when:

  • Developing or procuring any new technologies or systems that handle or collect PII.
  • Creating a new program, system, technology, or information collection that may have privacy implications.
  • Updating a system that results in new privacy risks.
  • Issuing a new or updated rulemaking that entails the collection of PII.

Read our official guidance on the drafting of Privacy Impact Assessments, including document templates.

 

Last Published Date: March 20, 2015
Back to Top