PRIVACY IMPACT ASSESSMENTS

The Defense Information Systems Agency (DISA) recognizes the importance of protecting the privacy of its customers and employees, especially as it modernizes its information management systems and employee information systems. Privacy issues must be addressed when systems are developed and privacy protections must be integrated into the development life cycle of these automated systems. The vehicle for addressing privacy issues in a system under development is the Privacy Impact Assessment (PIA). The PIA process also provides a means to assure compliance with applicable laws and regulations governing customer and employee privacy.

Section 208 of the E-Government Act of 2002 establishes Government-wide requirements for conducting, reviewing, and publishing PIA. DOD guidance directs all DOD components to conduct reviews of how privacy issues are considered when purchasing or creating new Information Technology (IT) systems or when initiating new electronic collections of information in personally identifiable form. A PIA addresses privacy factors for all new or significantly altered Information Technology (IT systems or projects that collect, maintain, or disseminate personal information from or about members of the public, Federal personnel contractors, or Foreign Nationals employed at U.S. military facilities internationally).

We do PIAs to ensure that:

  • The public is aware of the information we collect about them
  • Any impact these systems have on personal privacy is adequately addressed
  • We collect only enough personal information to administer our programs, and no more

In addition, PIAs confirm that we use the information for the purpose intended; that the information remains timely and accurate; and, that it is protected while we have it and that we hold it only for as long as we need it.

DOD AND DISA PRIVACY IMPACT ASSESMENT GUIDANCE

COMPLETED DISA PRIVACY IMPACT ASSESMENT