An analysis of how information is handled to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; to determine the risks and effects of creating, collecting, using, processing, storing, maintaining, disseminating, disclosing, and disposing of information in identifiable form in an electronic information system; and to examine and evaluate protections and alternate processes for handling information to mitigate potential privacy concerns. A privacy impact assessment is both an analysis and a formal document detailing the process and the outcome of the analysis.
Source(s):
NIST SP 800-37 Rev. 2
under privacy impact assessment
NIST SP 800-53 Rev. 5
under privacy impact assessment
from
OMB Circular A-130 (2016)
NIST SP 800-53B
under privacy impact assessment
from
OMB Circular A-130 (2016)
An analysis of how information is handled: (i) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; (ii) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and (iii) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.
Source(s):
NIST SP 800-18 Rev. 1
under Privacy Impact Assessment
from
OMB Memorandum 03-22
NIST SP 800-53 Rev. 4
under Privacy Impact Assessment
from
OMB Memorandum 03-22