For each program, the DS/PIA asks a series of questions about procedures and activities as well as the application of current policy. Each question is related to one of the four privacy principles. Risk points are assigned based on responses that reveal potential privacy threats. Mitigation points are assigned based on responses that document the application of current policies and procedures that are designed to reduce privacy threats. An overall score indicates whether the program poses minimal, average, or excessive risk after the mitigation activities are taken into account.
The first three sections of each of the 20 DS/PIAs are the same, and include an introduction and user guide, including a glossary. The glossary is a crucial component to understanding the unique aspects of specialized terms. For example, the definition of DS/PIA explains that DS/PIAs typically cover privacy, confidentiality, security, and data use, not just "privacy," which has a more narrow definition, also provided in the glossary.
The next section of the DS/PIA, which is the DS/PIA Instrument (the assessment tool), is specific to each program. Each assessment is organized around the four Privacy Principles: 1) mission necessity, 2) openness, 3) respectful treatment of respondents, and 4) protection of confidentiality. The following section, the System Write-up, describes the IT system to which the program is linked and how the IT Security Office determined the risk level of the system. The final two sections, the Data Sensitivity Worksheet, and the Activity Sensitivity Worksheet, compute the sensitivity levels of the program, based on the answers provided in the assessment.
We hope that your review of our DS/PIAs yields a better understanding of our efforts to respect your privacy, protect your personal information and limit its use while ensuring that we produce the highest quality statistics for America. Should you have any questions or concerns about the contents of these DS/PIAs please contact us at DIR.Privacy.Office@census.gov.