Chief Information Officer

U.S. Department of Defense

Privacy Impact Assessments

The availability of information, from personal to public, is easier today due to the increased use of technology. Technology, such as computers, internet access, and electronic information products, also increases the risk to the protection of such information, especially personally identifiable information (PII). The Department of Defense recognizes that the protection of PII is important throughout the life cycle of the information. The vehicle for addressing PII privacy issues in an information system or electronic collection is the Privacy Impact Assessment (PIA).

Department of Defense guidance for assessing the risk to PII requires the completion of DD Form 2930, Privacy Impact Assessment (PIA) when developing or procuring information systems or electronic collections that collect, maintain, use or disseminate PII on the general public, Federal personnel, contractors, and foreign nationals employed at U.S. military facilities internationally. This expands the government-wide requirements for conducting, reviewing and publishing PIAs for information systems containing PII on the general public as established under Section 208 of the E-Government Act of 2002. The goal of the PIA process is to identify privacy risks and privacy protections that will be integrated during the development life cycle of the information system or electronic collection.

DoD Instruction 5400.16, "DoD Privacy Impact Assessment (PIA) Guidance"

DoD Form 2930 Privacy Impact Assessment

DoD Form 2930A Adapted Privacy Impact Assessment

DoD Component Privacy Impact Assessments

Defense Privacy and Civil Liberties Office

For additional information, click here