A PIA is both a process and a document. It is a process that focuses upon identifying and assessing risks related
to privacy of data handled by a specific IT system or database. A PIA is also a document in which the results of the assessment are communicated to stakeholders. Some PIA’s are released to the public in full while others are redacted to remove sensitive / non-public information.
Answer the following questions regarding PIA’s.
1. What is privacy? Is it a right? An expectation? Discuss differing definitions, e.g. the average person definition vs. a legal definition, and how these differences impact risk assessments for privacy protections (or the lack thereof).
2. What are some important best practices for protecting privacy for information collected, stored, used, and transferred by the US federal government? Identify and discuss three or more best practice recommendations for reducing risk by improving or ensuring the privacy of information processed by or stored in an organization’s IT systems and databases.
3. Explain why federal government agencies and departments required to complete PIA’s. Must a PIA be completed for every federal IT system? Why or why not?
4. Name and briefly describe 3 benefits to citizens which result from the use of PIA’s. (Considering citizen’s needs for privacy and the protection of the privacy of individuals whose information is collected, processed, transmitted, and stored in federal government IT systems and databases.)