A Privacy Impact Assessment (PIA) is an analysis of how Information in an Identifiable Form (IIF) is handled. Conducting PIAs for relevant electronic systems is required under the E-Government Act of 2002 (E-Gov Act) and accompanying OMB guidance published on September 26, 2003. PIAs are intended to ensure that the handling of IIF conforms to applicable legal, regulatory and policy requirements regarding privacy, helps determine the risks and effects of collecting, maintaining and disseminating IIF in an electronic system, and examines and evaluates protections and alternative processes for handling IIF to mitigate potential privacy risks.
IIF includes information that directly identifies an individual or FHFA intends to use to identify specific individuals in conjunction with other data elements. The FHFA uses PIAs to identify and address information privacy when planning, developing, and implementing information technology systems that collect and maintain IIF. The goals in completing a PIA are to:
- Make informed policy and system design or procurement decisions regarding the collection of IIF;
- Ensure accountability for privacy issues;
- Analyze both technical and legal compliance with applicable privacy laws and regulations; and
- Provide documentation on the flow of personal information and information requirements within FHFA systems.
FHFA Privacy Impact Assessments
FHFA Office of Inspector General PIAs can be found here.