The Privacy Compliance Documentation (PTA and PIA)

The privacy compliance documentation (Privacy Threshold Analysis (PTA) and Privacy Impact Assessments (PIA) embody the collaboration of program, technical, legal, security, and privacy teams across the agency. PIAs are appropriately published to the public facing website in order to foster transparency and individual participation regarding how GPO uses personally identifiable information (PII) to fulfill its mission. The GPO Privacy Office is currently in the process of implementing this for GPO.

Privacy Threshold Analysis (PTA)
The PTA is an administrative form created by the Privacy Office to efficiently and effectively identify the use of PII across agency business units. The PTA focuses on three areas of inquiry:

• Business data and business processes within each business unit.
• Potential connections with individuals including the use of PII – any use of social security numbers must be specifically identified.

The business units privacy Point of Contact (POC) should ensure that its respective PTA is completed and sent to the Privacy Office. If SSNs are to be used, the PTA specifically identifies the justification and authority for using SSNs. Upon receipt of the PTA, the Privacy Office determines the applicability of other privacy compliance requirements including the PIA. The PTA is complete when the Privacy Office validates it and sends the final copy back to the identified point of contact. The GPO Privacy Office has completed the initial PTAs for GPO.