A Privacy Impact Assessment, or PIA, is an analysis of how personally identifiable information is collected, used, shared, and maintained. The purpose of a PIA is to demonstrate that program managers and system owners consciously incorporated privacy protections throughout the development life cycle of a system or program. PIAs are required by the E-Government Act of 2002, which was enacted by Congress in order to improve the management and promotion of Federal electronic government services and processes. PIAs allow us to communicate more clearly with the public about how we handle information, including how we address privacy concerns and safeguard information.
DoD Privacy Impact Assessment Guidance
DoD Instruction 5400.16, "DoD Privacy Impact Assessment (PIA) Guidance" (14 Sep 2017) establishes policy and assigns responsibilities for completion and approval of privacy impact assessments to analyze and ensure personally identifiable information in electronic form is collected, stored, protected, used, shared and managed in a manner that protects privacy. The DoD forms for reporting PIAs are:
PIAs for DoD Components
DoD Component Privacy Impact Assessment data is reported to DoD's Privacy, Civil Liberties, and Transparency Division, which tracks and reports it.
NDU's baseline PIA is currently under review by the Washington Headquarters Service (WHS), Executive Services Directorate (ESD), Records, Privacy, and Declassification Division (RPDD), and will be posted on this NDU web page once approved.