The Privacy Compliance Documentation (PTA and PIA)

The privacy compliance documentation (Privacy Threshold Analysis (PTA) and Privacy Impact Assessments (PIA) embody the collaboration of program, technical, legal, security, and privacy teams across the agency. PIAs are appropriately published to the public facing website in order to foster transparency and individual participation regarding how GPO uses personally identifiable information (PII) to fulfill its mission. The GPO Privacy Office is currently in the process of implementing this for GPO.

Privacy Impact Assessment (PIA)
The PIA is required for all projects that use uses personally identifiable information (PII) at GPO. The PIA is an assessment document required by the E-Government Act of 2002 and in support of the Department’s privacy protection requirements under Homeland Security Act of 2002, as amended. The PIA must be completed, finalized, and approved by the Privacy Officer before PII is loaded or used. The PIA focuses on the following areas of inquiry:

• Information Collection
• Information Use
• Information Retention
• Information Sharing (internal and external)
• Notice
• Individual Access, Redress, and Correction
• Security
• Technology

The Privacy program manager should ensure that the PIA drafting process begins with the business units POC immediately after the validation of the PTA processing PII. PIAs are drafted through an iterative process involving the Business Unit Privacy Point of Contact (POC), the Privacy Office, GPO stakeholders and any other application and systems representatives. The PIA is complete when the Privacy Officer signs it. As a general matter, and by the discretions of the GPO Privacy Office finalized PIAs are generally published on the Privacy Office's website. The GPO Privacy Office has completed the initial PIAs for GPO.