General Information

Section 208 of the E-Government Act of 2002 helps to ensure that agencies put in place sufficient protections for the privacy of personal information in implementing a citizen-centered electronic government. It requires agencies to conduct Privacy Impact Assessments (PIAs) for information technology (IT) systems or projects that collect, maintain or disseminate information in identifiable form from or about members of the public or when initiating a new electronic collection of information in identifiable form for 10 or more persons (excluding agencies, instrumentalities, or employees of the federal government).

Among other things, the PIA process requires agencies to review what information is collected, why the information is collected, how the information will be used by the agency, with whom the information will be shared, and how the information is handled and secured when using IT to collect new information or when developing or buying new IT systems to handle collections of personally identifiable information. PIAs conducted for "major information systems," as defined in OMB Circular A-130 (Section 6.u.) and OMB Circular A-11 (section 300-4 (2003)), reflect more extensive analysis of the consequences of collection and flow of information, the alternatives to the collection and handling as designed, the appropriate measures to reduce risks identified for each alternative, and the rationale for the final design choice or business process.

In general, agencies are required to make PIAs publicly available through publication in the Federal Register or through posting on agency websites.

Objectives

The objectives of a PIA include:

1. Provide a tool to make informed policy and system design or procurement decisions based on an understanding of privacy risks and options available for mitigating these risks.
2. Ensure that system and program managers are accountable for the proper handling of privacy issues.
3. Establish a consistent format and structured process for analyzing both technical and legal compliance with applicable privacy laws and regulations, as well as accepted privacy policy.
4. Provide basic documentation on the flow of personal information within systems for use and review by policy, program, and management staff; systems analysts; and security specialists.
5. Provide the public with assurances that their personal information is protected.

Privacy Impact Assessments

The following are official Privacy Impact Assessments (PIAs) of significant initiatives at the U.S. Department of Education. PIAs are available in .pdf format:

Federal Student Aid

1. PDF [82k] Student Aid on the Web - September 5, 2003
2. PDF [77k] Student Aid Internet Gateway (SAIG) Enrollment - December 6, 2004
3. PDF [76k] National Student Loan Data System (NSLDS) - November 16, 2007
4. PDF [66k] Common Origination and Disbursement (COD) - January 3, 2005
5. PDF [61k] Financial Management System - January 26, 2005
6. PDF [50k] Common Services for Borrowers (CSB) - June 23, 2006
7. PDF [100k] Virtual Data Center (VDC) - August 1, 2007.
8. PDF [113k] Office of the Student Loan Ombudsman Records System - September 28, 2007

Office of the Chief Financial Officer

1. PDF [46k] Travel Manager System - January 4, 2005
2. PDF [63k] Grants Administration and Payment System (GAPS) - January 4, 2005
3. PDF [120k] Education's Central Automated Processing System (EDCAPS) - August 10, 2007

Office for Civil Rights

1. PDF [106k] Case and Activity Management System (CAMS) - August 10, 2007

Office of Communications and Outreach

1. PDF [182 k] Privacy Impact Assessment for the Presidential Scholars Program - November 2006

Office of Elementary and Secondary Education

1. PDF [108k] Migrant Student Information Exchange (MSIX) - May 24, 2006

1. PDF [100k] Data Analysis System - November 16, 2007

Office of Management

1. PDF [106k] FOIAXpress - August 27, 2007
2. PDF [109k] EDSTAR System - September 2007

Office of Postsecondary Education

1. PDF [71k] Jacob K. Javits Fellowship System - September 28, 2007

Office of the Secretary

1. PDF [116k] Secretary's Communications Control System - April 21, 2008

Office of Special Education and Rehabilitative Services

1. PDF [67k] Case Service Report - April 14, 2008