Data Protection and Privacy Policy

Why Do We Conduct DS/PIAs?

The federal government has a long history of responding to public concern about the information it collects and how it is handled as expressed in legislation such as the Freedom of Information Act, the Privacy Act, and the Computer Matching Act. The most recent federal law meant to prescribe ethical standards relating to the collection, processing, and maintaining of identified data about respondents is the E-Government Act of 2002 (Public Law 107-347, 44 U.S.C., Ch 36).

One purpose of the E-Government Act is to ensure that no collection, storage, access, use, or dissemination of identifiable respondent information occurs that is not needed or permitted. The Act applies to both identifiable data about both people and businesses. The tool required by the Act to accomplish these ends is the PIA. PIAs are agency reviews of how collected information is handled by the agency. The reviews are program analyses that determine whether the data collected are protected in a manner consistent with Federal standards for privacy and security.

While the E-Government Act speaks to information collection, the Executive Branch concurrently developed its additional PIA requirements linked to responsibilities of the Office of Management and Budget (OMB) for funding information technology. OMB Circular A-11 and OMB Exhibit 300, "Capital Asset Plan and Business Case," require PIAs to be prepared for and approved by OMB for every new information technology funding request.