Privacy Impact Assessment
What is a Privacy Impact Assessment?
Privacy Impact Assessments (PIA) analyze how a unit collects, uses, shares, and maintains identifiable information on behalf of Penn State.
A PIA will help your unit:
- Conform with applicable legal, regulatory, and policy requirements for privacy
- Determine the risks and effects of collecting, using, sharing and maintaining identifiable information
- Evaluate protections and alternative processes to mitigate potential privacy risks
When do I need a Privacy Impact Assessment?
The University Privacy Office conducts a Privacy Impact Assessment when a unit:
- Initiates a new project or creates a new program, system or technology that may have privacy implications
- Develops or procures any new technologies that or systems that collect, maintain, or disseminate identifiable information
What should I do if I'm not sure I need a Privacy Impact Assessment?
Please let our decision tool guide you through the process. It’s a quick, six-question tool designed to help you decide whether a PIA is necessary.