General Information
Section 208 of the E-Government Act of 2002 helps to ensure that agencies put in place sufficient protections for the privacy of personal information in implementing a citizen-centered electronic government. It requires agencies to conduct Privacy Impact Assessments (PIAs) for information technology (IT) systems or projects that collect, maintain or disseminate information in identifiable form from or about members of the public or when initiating a new electronic collection of information in identifiable form for 10 or more persons (excluding agencies, instrumentalities, or employees of the federal government).
Among other things, the PIA process requires agencies to review what information is collected, why the information is collected, how the information will be used by the agency, with whom the information will be shared, and how the information is handled and secured when using IT to collect new information or when developing or buying new IT systems to handle collections of personally identifiable information. PIAs conducted for "major information systems," as defined in OMB Circular A-130 (Section 6.u.) and OMB Circular A-11 (section 300-4 (2003)), reflect more extensive analysis of the consequences of collection and flow of information, the alternatives to the collection and handling as designed, the appropriate measures to reduce risks identified for each alternative, and the rationale for the final design choice or business process.
In general, agencies are required to make PIAs publicly available through publication in the Federal Register or through posting on agency websites.
Objectives
The objectives of a PIA include:
- Provide a tool to make informed policy and system design or procurement decisions based on an understanding of privacy risks and options available for mitigating these risks.
- Ensure that system and program managers are accountable for the proper handling of privacy issues.
- Establish a consistent format and structured process for analyzing both technical and legal compliance with applicable privacy laws and regulations, as well as accepted privacy policy.
- Provide basic documentation on the flow of personal information within systems for use and review by policy, program, and management staff; systems analysts; and security specialists.
- Provide the public with assurances that their personal information is protected.
Privacy Impact Assessments
The following are official Privacy Impact Assessments (PIAs) of significant initiatives at the U.S. Department of Education. PIAs are available in .pdf format:
Federal Student Aid
- PDF [60K] Student Aid on the Web (SAOTW) - September 5, 2003
- PDF [66k] Common Origination and Disbursement (COD) - February 3, 2005
- PDF [67k] Electronic Campus-Based System (eCBS) - August 30, 2005
- PDF [47k] Enterprise Management Support System (EMSS) - April 3, 2006
- PDF [60k] Common Services for Borrowers (CSB) - June 23, 2006
- PDF [94K] Ombudsman Case Tracking System (OCTSv3.0) - July 19, 2006
- PDF [100k] Virtual Data Center (VDC) - August 1, 2007.
- PDF [54K] Financial Management System (FMS) - October 18, 2007
- PDF [62K] Electronic Cohort Default Rate Appeals System (eCDR) - December 7, 2007
- PDF [64K] National Student Loan Data System (NSLDS) - November 16, 2007
- PDF [50K] Postsecondary Education Participate System (PEPS) - March 17, 2008
- PDF [57K] Student Aid Internet Gateway (SAIG) - May 1, 2008
- PDF[58K] Conditional Disability Discharge Tracking System (CDDTS) - June 10, 2008
- PDF [60K] Debt Management and Collections System (DMCS) - June 10, 2008
- PDF [66K] Direct Loan Consolidation System (DLCS) - June 10, 2008
- PDF [66K] Direct Loan Servicing System (DLSS) - June 10, 2008
- PDF [111k] FAFSA on the Web - July 7, 2008
- MSWord [335k] ZOOMERANG - January 23, 2009
Office of the Chief Financial Officer
- PDF [46k] Travel Manager System - January 4, 2005
- PDF [63k] Grants Administration and Payment System (GAPS) - January 4, 2005
- PDF [120k] Education's Central Automated Processing System (EDCAPS) - August 10, 2007
Office of the Chief Information Officer
- PDF [46k] Educate - September 3, 2008
Office for Civil Rights
- PDF [106k] Case and Activity Management System (CAMS) - August 10, 2007
Office of Communications and Outreach
Office of Elementary and Secondary Education
- PDF [108k] Migrant Student Information Exchange (MSIX) - May 24, 2006
- PDF [100k] Data Analysis System - November 16, 2007
- PDF [90k] IES Predoctoral and Postdoctoral Fellows Survey - August 2008
- PDF [55k] OIG LAN - August 6, 2008
Office of Management
- PDF [106k] FOIAXpress - August 27, 2007
- PDF [109k] EDSTAR System - September 2007
- MSWord [244k] EDPUBS - December 12, 2008
Office of Postsecondary Education
- PDF [71k] Jacob K. Javits Fellowship System - September 28, 2007
- PDF [55k] TRIO Programs Annual Report (APR) System - May 20, 2008
Office of the Secretary
- PDF [116k] Secretary's Communications Control System - April 21, 2008
Office of Special Education and Rehabilitative Services
- PDF [67k] Case Service Report - April 14, 2008
|
|
|||||||||||