The Privacy Impact Assessment (PIA) is a decision tool used by DHS to identify and mitigate privacy risks that notifies the public:
- What Personally Identifiable Information (PII) DHS is collecting;
- Why the PII is being collected; and
- How the PII will be collected, used, accessed, shared, safeguarded and stored.
All DHS PIAs are listed (left) by DHS Program or by Component, e.g., CBP.
A PIA should accomplish three goals:
- Ensure conformance with applicable legal, regulatory, and policy requirements for privacy;
- Determine the risks and effects; and
- Evaluate protections and alternative processes to mitigate potential privacy risks.
DHS conducts a PIA when:
- Developing or procuring any new technologies or systems that handle or collect PII.
- Creating a new program, system, technology, or information collection that may have privacy implications.
- Updating a system that results in new privacy risks.
- Issuing a new or updated rulemaking that entails the collection of PII.