The Privacy Impact Assessment (PIA) is a decision tool used by DHS to identify and mitigate privacy risks that notifies the public:

• What Personally Identifiable Information (PII) DHS is collecting;
• Why the PII is being collected; and
• How the PII will be collected, used, accessed, shared, safeguarded and stored.

Privacy Impact Assessment (PIA) Inventory

All DHS PIAs can be found in the left navigation of this page, listed by DHS Program or by Component, e.g., CBP.

A PIA should accomplish three goals:

1. Ensure conformance with applicable legal, regulatory, and policy requirements for privacy;
2. Determine the risks and effects; and
3. Evaluate protections and alternative processes to mitigate potential privacy risks.

DHS conducts a PIA when:

• Developing or procuring any new technologies or systems that handle or collect PII.
• Creating a new program, system, technology, or information collection that may have privacy implications.
• Updating a system that results in new privacy risks.
• Issuing a new or updated rulemaking that entails the collection of PII.

Read our official guidance on the drafting of Privacy Impact Assessments, including document templates.