What Is Privacy Assessment Law?

Privacy Assessment Law

The Privacy Impact Assessment (PIA) is a method of privacy risk identification. It is an analysis of how personally identifiable information is collected, used, shared, and maintained by an organization’s system. Within the area of privacy assessment law, companies perform PIAs to verify and document that they are in compliance with state or federal privacy regulations for protecting personally identifiable information. The impact assessment identifies the risks of collecting and sharing personally identifiable information.

The E-Government Act of 2002 is a privacy impact assessment law establishing that federal agencies must conduct PIAs for their electronic information systems. The assessment process provides documentation of any security issues and how they will be addressed.

Though not legally required, companies may perform PIAs to demonstrate their data protection capabilities, especially when new procedures are being implemented. Companies doing business in Europe may perform a privacy impact assessment as part of compliance with the EU’s General Data Protection Regulation.