A Privacy Impact Assessment (PIA) is an analysis of how Information in an Identifiable Form (IIF) is handled. Conducting PIAs for relevant electronic systems is required under the E-Government Act of 2002 (E-Gov Act) and accompanying OMB guidance published on September 26, 2003. PIAs are intended to ensure that the handling of IIF conforms to applicable legal, regulatory and policy requirements regarding privacy, helps determine the risks and effects of collecting, maintaining and disseminating IIF in an electronic system, and examines and evaluates protections and alternative processes for handling IIF to mitigate potential privacy risks.
IIF includes information that directly identifies an individual or FHFA intends to use to identify specific individuals in conjunction with other data elements. The FHFA uses PIAs to identify and address information privacy when planning, developing, and implementing information technology systems that collect and maintain IIF. The goals in completing a PIA are to:
- Make informed policy and system design or procurement decisions regarding the collection of IIF;
- Ensure accountability for privacy issues;
- Analyze both technical and legal compliance with applicable privacy laws and regulations; and
- Provide documentation on the flow of personal information and information requirements within FHFA systems.
FHFA Privacy Impact Assessments
| Federally Shared Services Privacy Impact Assessments (PIA) | Date |
|---|---|
| ConcurGov PIA | August 2022 |
| E-Verify Program PIA | June 2019 |
| GSA Personal Identity Verification System - USAAccess (HSPD-12) PIA | January 2023 |
| HRIS PIA | April 2020 |
| Office of Government Ethics Integrity PIA | June 2024 |
| Office of Personnel Management's Electronic Official Personnel Folder PIA | October 2020 |
| Office of Personnel Management's USA Staffing PIA | July 2021 |
| Oracle e-Business Suite PIA | December 2018 |
FHFA Office of Inspector General PIAs can be found here.