Consistent with the objectives of the E-Government Act and in the spirit of our privacy principle of Openness, the Census Bureau is releasing to the public our Privacy Impact Assessments (PIAs). Privacy Impact Assessments are required by the E-Government Act of 2002 whenever a federal agency is "developing or procuring information technology . . . or initiating a new collection of information . . . in an identifiable form . . . ."
In addition to being required by the E-Government Act of 2002, Privacy Impact Assessments are required by Office of Management and Budget (OMB) Circular No. A-11 and OMB Exhibit 300, "Capital Asset Plan and Business Case," which tie together privacy considerations and executive agency funding requests.
Though the assessments refer specifically to "privacy," the Census Bureau assessments also typically cover confidentiality, access to data, and use of data. A Privacy Impact Assessment is conducted on every program that contains Personally Identifiable Information (PII), Identifiable Business Information (IBI), or both. Identifiable information is information that actually identifies people or businesses. Examples include direct references such as name, address, social security number, employer identification number, or other identifying number or code such as telephone number, email address. It also includes any information used separately or in combination to reference other data elements that are used for identification such as gender, race, date of birth, or geographic indicator. The Census Bureau takes very seriously its role as data steward - assuring that we can effectively collect and our customers can use high quality data about the Nation's people and economy while fully meeting ethical and legal obligations to respondents to respect privacy and protect confidentiality. At the Census Bureau, Privacy Impact Assessments are one of many tools and processes that help us achieve our mission to collect and disseminate data products and the legal and ethical obligations to protect privacy and confidentiality.
The purpose of a Privacy Impact Assessment is to ensure there is no collection, storage, access, use or dissemination of identifiable personal information (and for some organizations business information) that is not both needed and permitted.