Privacy Impact Assessments

Federal law recognizes the ever-increasing amount of information stored in government IT systems and the speed with which computers can process and transfer data. Section 208 of the E-Government Act of 2002 requires all Federal government agencies to conduct Privacy Impact Assessments (PIA) for all new or substantially changed technology that collects, maintains or disseminates personally identifiable information.

What is a PIA?

A PIA is an analysis of how personally identifiable information (PII) is collected, stored, protected, shared and managed. The purpose of a PIA is to demonstrate that system owners and developers have consciously incorporated privacy protections throughout the entire life cycle of a system. Existing PIA's are reviewed on an annual basis, and updated as needed if the system or data in the system has changed. PIA reviews will be completed by August 31 of each year, and any updates will appear on this page.

What is PII?

PII includes any information about an individual maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and information which can be used to distinguish or trace an individual's identity, such as their name, social security number, date and place of birth, mother's maiden name, biometric records, etc., including any other personal information which is linked or linkable to an individual.

Who can I contact for additional information?

The Archivist of the United States has designated Gary M. Stern, General Counsel, as the Senior Agency Official for Privacy at the National Archives and Records Administration (NARA). Mr. Stern can be reached at 301-837-1750 or by e-mail at [email protected].

NARA's Privacy Impact Assessments

• Access to Archival Databases (AAD)
• Archival Electronic Records Inspection and Control (AERIC)
  Please note that this PIA covers four separate systems listed on NARA's Information Technology Inventory: AERIC, AERIC Title 13, AERIC TS, and AERIC TS/SCI.
• Archives Document Review and Redaction System (ADRRES) and Unclassified Redaction and Tracking System (URTS)
• Archives and Record Center Information System (ARCIS)
• Archives Investigative Management System (AIMS)
• Austin Automation System (AAC)
  • NPRC Registry Files
• Case Analysis Tracking System
• Case Management and Reporting System (CMRS)
• Classified Interim System
• Digital Capture System (DCU)
• Electronic Customer Relationship Management
• eDocs Upgrade
• Electronic Records Archives
• ERA 2.0 
• Google Apps for Government (Cloud Email)
• History Hub 
• Inspector General Case Management & Tracking System (IGCMTS)
• Integrated Siebel Platform
• Internal Collaboration Network
• Insider Threat Program Support System
• IRS/DHS Index System
• Learning Management System
• LL Reference Topic Log
• Microfiche Reader Modernization Project
• National Archives Catalog 
• NARANet
• Online Ordering System (ENOS)
• OpsPlanner Version 3.3
• Order Fulfillment and Accounting System (OFAS)
• Physical Access Control System 
• Performance Measurement and Reporting System (PMRS)
• Presidential Electronic Records Library (PERL)
• Presidential Libraries Museum Collections Management Database – TMS® (The Museum System)
• Presidential Libraries Visitor Services System
• Researcher Registration System (RRS)
• Security Clearance Tracking System (SCTS)
• Zoom

Privacy Impact Assessments for Social Media Applications

• Crowd Hall
• EventBrite
• External Blogs
• Facebook
• Flickr
• FourSquare
• Instagram
• Pinterest
• Tumblr
• Twitter
• YouTube
• ZeeMaps