Privacy Impact Assessments

A privacy impact assessment (PIA) comprises both an analysis of the Commission’s practices relating to privacy and information technology, and a formal document detailing the process and the outcomes of that analysis. A PIA is not a one-time activity limited to a particular milestone or stage of the information system or PII life cycle, but a living document. Each PIA is updated as needed and re-posted throughout the life cycle of the information system and/or PII that it describes, including any changes to the information technology, changes to the Commission’s practices, or other factors that might alter the privacy risks associated with the public’s use of such information technology.

The Commission has issued the following PIAs: