Privacy Impact Assessment (PIA)

An analysis of how information is handled: 1) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; 2) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and 3) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.
SOURCE: SP 800-53; SP 800-18; SP 800-122; CNSSI-4009; OMB Memorandum 03-22