CHAPTER 3, PART 2
PRIVACY IMPACT ASSESSMENT
The USDA is responsible for ensuring the privacy, confidentiality, integrity, and availability of customer and employee information. The USDA recognizes that its customers and employees have some reasonable expectation of privacy about themselves. This includes an expectation that USDA will protect personal, financial, and employment information from unauthorized disclosure. Customers and employees also have the right to expect that USDA will collect, maintain, use, and disseminate identifiable personal information and data only as authorized by law and as necessary to carry out agency responsibilities. Customer and employee information is protected by the following:
a Privacy Act of 1974, as Amended (5 USC 552a);
b Computer Security Act of 1987, Public Law 100-235, ss 3 (1) and (2), codified at 15 U.S.C. 272, 278 g–3, 278 g-4 and 278 h which establishes minimum security practices for Federal computer systems;
c OMB Circular A-130, Management of Federal Information Resources, which provides instructions to Federal agencies on how to comply with air information practices and security requirements for operating information systems;
d Freedom of Information Act, as Amended (5 USC 552), which provides for the disclosure of information maintained by Federal agencies to the public while allowing limited protections for privacy; and
e The E-Government Act of 2002, 44 U.S.C. 3531 et seq.
Improvements in computer technology make it possible to store and retrieve vast amounts of data of all kinds quickly and efficiently. This ability has raised concerns about the impact of large computerized information systems on the privacy of individual subjects of data. Public concerns about highly integrated information systems that the government operates make it imperative to commit to a positive and aggressive approach to protecting individual privacy. The Office of the Chief Information Officer (OCIO) implements the Privacy Impact Assessment (PIA), required in the E-Government Act of 2002, section 208, in order to ensure that the systems USDA develops protect individual privacy. The PIA incorporates privacy into the development life cycle so that all system development initiatives can appropriately consider privacy issues from the earliest stages of design.
The PIA is a process used to evaluate the impact that information systems have on an individual. The PIA process is designed to guide agency system developers and operators in assessing privacy through the early stages of development. Privacy training, gathering data from a project on privacy issues, identifying and resolving the privacy risks, and approval by the Cyber Security (CS) Privacy Officer are also parts of this process.