The purpose of a Privacy Impact Assessment is to ensure there is no collection, storage, access, use or dissemination of identifiable personal information (and for some organizations business information) that is not both needed and permitted.
In censuses and surveys, the U.S. Census Bureau collects Personally Identifiable Information (PII) and Business Identifiable Information (BII). Examples include names, addresses, social security numbers, employer identification numbers, telephone numbers, or email addresses. It also includes any information used separately or in combination for identification such as gender, race, date of birth, or geographic indicator.
The E-Government Act of 2002 requires a federal agency to issue a Privacy Impact Assessment when the agency is “developing or procuring information technology ... or initiating a new collection of information ... in an identifiable form ...." Similar requirements are cited in Office of Management and Budget (OMB) Circular No. A-11 and OMB Exhibit 300, "Capital Asset Plan and Business Case," which tie together privacy considerations and executive agency funding requests.
The Census Bureau produces a Privacy Impact Assessment on every system that contains PII or BII. Our assessments also cover confidentiality, access to data, and use of data.
The Privacy Compliance Branch, under the Policy Coordination Office, manages the PIA program and coordinates with the CEN System Information System Security Officer (ISSO) as the primary PIA point of contact for the Privacy Compliance Branch.