Footnote 2: OMB defines IIF as information in a system or on-line collection that directly identifies an individual (e.g., name, address, Social Security number (SSN) or other identifying code, telephone number, e-mail address, etc.) or by which an agency intends to identify specific individuals in conjunction with other data elements.
Footnote 3: A PIA is an analysis of how information is handled to: (1) ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; (2) determine the risks and effects of collecting, maintaining, and disseminating IIF; and (3) examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks. A PIA is required by the E-Government Act of 2002 (as implemented by OMB Memorandum M-03-22) to ensure privacy protections, and Privacy Act requirements are considered when developing or procuring new or modified information technology that contains IIF.
Footnote 8: OMB Circular A-130, Appendix I, requires agencies to conduct reviews of the following topics, at the indicated frequency: Section (m) Contract, Recordkeeping Practices, Privacy Act Training, Violations, and System of Records Notices every 2 years; Routine Use Disclosures and Exemption of System of Records reviews every 4 years; and Matching Programs annually.