a process for examining the risks and ramifications of collecting, maintaining, and disseminating information in identifiable form in an electronic information system, and for identifying and evaluating protections and alternative processes to mitigate the impact to privacy of collecting information in identifiable form. Consistent with September 26, 2003, OMB guidance (M-03-22) implementing the privacy provisions of the e -Government Act, agencies must conduct privacy impact assessments for all new or significantly altered IT investments administering information in identifiable form collected from or about members of the public. Agencies may choose whether to conduct privacy impact assessments for IT investments administering information in identifiable form collected from or about agency employees.
Source(s):
NIST SP 800-65 [Withdrawn] under Privacy impact assessment

  An analysis of how information is handled to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; to determine the risks and effects of creating, collecting, using, processing, storing, maintaining, disseminating, disclosing, and disposing of information in identifiable form in an electronic information system; and to examine and evaluate protections and alternate processes for handling information to mitigate potential privacy concerns. A privacy impact assessment is both an analysis and a formal document detailing the process and the outcome of the analysis.
Source(s):
NIST SP 800-37 Rev. 2 under privacy impact assessment
NIST SP 800-53 Rev. 5 under privacy impact assessment from OMB Circular A-130 (2016)
NIST SP 800-53B under privacy impact assessment from OMB Circular A-130 (2016)

  “An analysis of how information is handled that ensures handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; determines the risks and effects of collecting, maintaining and disseminating information in identifiable form in an electronicinformation system; and examines and evaluates protections and alternative processes for handling information to mitigate potential privacy risks.”
Source(s):
NIST SP 800-122 under Privacy Impact Assessment (PIA) from OMB M-03-22

  An analysis of how information is handled 1) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; 2) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and 3) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.
Source(s):
CNSSI 4009-2015 from OMB Memorandum 03-22

  An analysis of how information is handled: (i) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; (ii) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and (iii) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.
Source(s):
NIST SP 800-18 Rev. 1 under Privacy Impact Assessment from OMB Memorandum 03-22
NIST SP 800-53 Rev. 4 under Privacy Impact Assessment from OMB Memorandum 03-22

  An analysis of how information is handled: (i) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; (ii) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and (iii) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.
Source(s):
NIST SP 800-60 Vol. 1 Rev. 1 under Privacy Impact Assessment (PIA) from OMB Memorandum 03-22
NIST SP 800-60 Vol. 2 Rev. 1 under Privacy Impact Assessment (PIA) from OMB Memorandum 03-22