Overview of Privacy Impact Assessments (PIA) and Privacy Threshold Assessments (PTA)

Overview of Privacy Impact Assessments (PIA) and Privacy Threshold Assessments (PTA)

  • PiA and PTA: Tools used by the Department of Homeland Security to assess compliance with privacy regulations.

  • Rebecca R. Jacobs: Senior Director of Privacy Compliance at DHS, associated with the PTA.

Purpose of the PTA

  • Helps to determine whether a Privacy Impact Assessment is required when handling Personal Identifiable Information (PII).

  • Complete the PTA form to assess potential privacy impacts on data gathering.

  • If an organization lacks a privacy office, submit the PTA directly to the DHS Privacy Office.

Understanding the PTA Document Structure

  • Title: Includes system descriptions and operational specifics.

  • CBP Example: Customs and Border Protection's dual mission of national security and economic facilitation.

  • Impact on Economy: CBP significantly contributes to federal revenue and impacts international commerce security.

Priority Trade Issues (PTI)

  • Definition: Areas identified by CBP that pose significant risks to revenue and economic safety.

  • Current PTIs:

    • Intellectual property rights

    • Textiles and apparel

    • Import safety

    • Trade agreements

    • Antidumping and countervailing duties (ADCVD).

  • Duty Collection: Vital for maintaining competitive industries in the US, under the Tariff Act of 1930.

Completing the PTA Template

  • Templates provide a consistent format for documenting privacy-related initiatives.

  • Common sections include:

    • Project name: Should reflect specific system or initiative (e.g., JATTA system).

    • Component name: May include subcomponents relevant to the project.

    • Office program: Lists organizational offices such as Veterans Affairs.

  • FSMA: Refers to Federal Information Systems Management Act, influencing the Risk Management Framework (RMF) cycle.

Project Documentation Tasks

  • Document Collection: Gather information from system owners or project managers as needed.

  • Important fields include:

    • Project manager and their contact information.

    • System security officer details.

    • Privacy officer information for document review.

  • Ensure accurate documentation of PII sources and types collected during projects.

    • Examples: employee onboarding may involve collecting driver’s licenses and SSNs.

Conclusion of PTA Process

  • Once all information is collected, the PTA should be reviewed, finalized, and submitted to ensure compliance with privacy standards.