Skip to main content
Find a Lawyer

Code of Federal Regulations Title 1. General Provisions § 1.603.18 Privacy Impact Assessments

Current as of January 02, 2025 | Updated by Findlaw Staff

(a) Consistent with the requirements of the E–Government Act and OMB Memorandum M–03–22, the NCPC shall conduct a PIA before:

(1) Developing or procuring IT systems or projects that collect, maintain, or disseminate IIF;  or

(2) Installing a new collection of information that will be collected, maintained, or disseminated using IT and includes IIF for 10 or more persons (excluding agencies, instrumentalities or employees of the federal government).

(b) The PIA shall be prepared through the coordinated effort of the NCPC's privacy Officers (SAOP, PAO), Division Directors, CIO, and IT staff.

(c) As a general rule, the level of detail and content of a PIA shall be commensurate with the nature of the information to be collected and the size and complexity of the IT system involved. Specifically, a PIA shall analyze and describe:

(1) The information to be collected;

(2) The reason the information is being collected;

(3) The intended use for the information;

(4) The identity of those with whom the information will be shared;

(5) The opportunities Individuals have to decline to provide the information or to consent to particular uses and how to consent;

(6) The manner in which the information will be secured;  and

(7) The extent to which the system of records is being created under the Privacy Act.

(d) In addition to the information specified in paragraphs (b)(1)-(7) of this section, the PIA must also identify the choices NCPC made regarding an IT system or collection of information as result of preparing the PIA.

(e) The CCB shall verify that a PIA has been prepared prior to approving a request to develop or procure information technology that collects, maintains, or disseminates Information in Identifiable Form.

(f) The SAOP shall approve and sign the NCPC's PIA. If the SAOP is the Contracting Officer for the IT system that necessitated preparation of the PIA, the Executive Director shall approve and sign the PIA.

(g) Following approval of the PIA, the NCPC shall post the PIA document on the NCPC Web site located at www.ncpc.gov.

Previous Part of Code Next Part of Code
Back to Chapter List

Cite this article: FindLaw.com - Code of Federal Regulations Title 1. General Provisions § 1.603.18 Privacy Impact Assessments - last updated January 02, 2025 | https://codes.findlaw.com/cfr/title-1-general-provisions/cfr-sect-1-603-18/

FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature before relying on it for your legal needs.

Was this helpful?

Welcome to FindLaw's Cases & Codes

A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw’s Learn About the Law.

Go to Learn About the Law

Latest Blog Posts

For Legal Professionals

Learn About The Law

Get help with your legal needs

FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.

Go to Learn About the Law

Need to Find an Attorney?

Search our directory by legal issue

Enter information in one or both fields (Required)

Copied to clipboard