Privacy and Civil Liberties Impact Assessments

Section 208 of the E-Government Act of 2002 created the requirement to conduct Privacy and Civil Impact Assessments (PCLIAs) for systems that process personal identifiable information (PII). A PCLIA is required for new systems, those systems undergoing modification or enhancement, and Paperwork Reduction Act electronic collections of information. OMB Memorandum 03-22, dated September 26, 2003, contains guidance for conducting PCLIAs as well as procedures for processing and posting completed assessments.  

What is a PCLIA?

A decision tool used by Treasury to identify and mitigate privacy risks that notifies the public:

  • What PII Treasury is collecting:
  • Why the PII is being collected and
  • How the PII will be collected, used, accessed, shared, safeguarded and stored.

 A PCLIA should accomplish three goals:

  • Ensure conformance with applicable legal, regulatory, and policy requirements for privacy;
  • Determine the risks and effects and
  • Evaluate protections and alternative processes to mitigate potential privacy risks 

Treasury conducts a PCLIA when:

  • Developing or procuring any new technologies or systems that handle or collect PII.
  • Creating a new program, system, technology, or information collection that may have privacy implications.

  • Updating a system that results in new privacy risks.

  • Issuing a new or updated rulemaking that entails the collection of PII. 

 Treasury Department-wide PCLIAs: 

Treasury Bureau PCLIAs: