Home Information Sharing & Analysis Prevention & Protection Preparedness & Response Research Commerce & Trade Travel Security Immigration
About the Department Open for Business Press Room
Current National Threat Level is elevated

The threat level in the airline sector is High or Orange. Read more.

Page Tools

Share icon Share this page Email icon Email Updates Feed icon Subscribe to Feeds

Homeland Security Components

Privacy Office Official Guidances

The Department of Homeland Security Privacy Office works to achieve the mission of the Department while minimizing the impact on individual privacy.  The following Official Guidances have been implemented to ensure the safeguarding of personal information:

  • Privacy Threshold Analysis (PTA), effective May 2008;
  • Privacy Impact Assessments (PIAs) Guidance, effective May 2007;
  • System of Records Notices (SORNs) Guidance, effective April 2008;
  • Privacy Act Statements ((e)(3) statements) Guidance, effective April 2008;
  • Privacy Technology Implementation Guide (PTIG), effective August 2007; and
  • Privacy Incident Handling Guidance (PIHG), effective September 2007. 

Privacy Threshold Analysis (PTA)

A Privacy Threshold Analysis (PTA) is required for every system at the Department.  The PTA form is used to determine whether a Privacy Impact Assessment (PIA) is required under the E-Government Act of 2002 and the Homeland Security Act of 2002.  The PTA is used in the Capital Planning and Investment Control (CPIC) process, for Certification and Accreditations (C&A), and to assist in determining the Federal Information Processing Standards (FIPS) level of a system. 

For a Word version of the template, please e-mail pia@dhs.gov

Privacy Impact Assessments (PIAs)

The Privacy Office released Official Guidance to use in drafting Privacy Impact Assessments, effective May 2007.

Once a PIA has been approved by the Chief Privacy Officer, it is published on the Department Privacy Impact Assessment Web page. 

For a Word version of the template, please e-mail pia@dhs.gov

Systems of Record Notices (SORNs)

A system of records notice (SORN) is a published notification about personally identifiable information (by name or assigned identifier such as a symbol or number) within a group of any records under the control of any agency. The Privacy Act requires each agency to publish notice of its systems of records in the Federal Register. 

SORNs that the Department have published in the Federal Register can be found on the Department System of Records Notices Web page.

For a Word version of the template, please e-mail pia@dhs.gov

Privacy Act Statements ((e)(3) Statements)

Pursuant to 5 U.S.C. §552a (e) (3) agencies are required to provide what is commonly referred to as a Privacy Act Statement to all persons asked to provide personal information about themselves, which will go into a system of records. The following guidance is provided by the DHS Privacy Office on how to write a Privacy Act Statement.

Privacy Technology Implementation Guide (PTIG)

The Privacy Office has developed a general guide for technology managers and developers to integrate privacy protections into operational IT systems. The Privacy Technology Implementation Guide (PTIG) combines elements of privacy protection from disparate privacy compliance requirements, as well as a administrative policies and procedures into a single document, contextualized for managers and developers of operational systems.

The PTIG is designed to allow each Component the flexibility to adapt privacy considerations to the way that Component does business while retaining a common Departmental approach. The result is a guide that provides early awareness of privacy issues and the aspects of systems that can be managed and developed to address privacy issues and streamline the process of complying with existing privacy protection requirements.

Privacy Incident Handling Guidance (PIHG)

The Department of Homeland Security has a duty to safeguard personally identifiable information (PII) in its possession and to prevent the breach of PII in order to maintain the public's trust. The Privacy Incident Handling Guidance (PIHG) serves this purpose by informing Department organizations, employees, senior officials, and contractors of their obligation to protect PII and by establishing procedures delineating how they must respond to the potential loss or compromise of PII.

Download Plug-in

Some of the links on this page require a plug-in to view them. Links to the plug-ins are available below.

Click Here to Download Adobe Acrobat Reader Adobe Acrobat (PDF)

This page was last reviewed/modified on April 17, 2009.