Section 208 of the E-Government Act of 2002 created the requirement to conduct Privacy and Civil Impact Assessments (PCLIAs) for systems that process personal identifiable information (PII). A PCLIA is required for new systems, those systems undergoing modification or enhancement, and Paperwork Reduction Act electronic collections of information. OMB Memorandum 03-22, dated September 26, 2003, contains guidance for conducting PCLIAs as well as procedures for processing and posting completed assessments.
What is a PCLIA?
A decision tool used by Treasury to identify and mitigate privacy risks that notifies the public:
- What PII Treasury is collecting:
- Why the PII is being collected and
- How the PII will be collected, used, accessed, shared, safeguarded and stored.
A PCLIA should accomplish three goals:
- Ensure conformance with applicable legal, regulatory, and policy requirements for privacy;
- Determine the risks and effects and
- Evaluate protections and alternative processes to mitigate potential privacy risks
Treasury conducts a PCLIA when:
Developing or procuring any new technologies or systems that handle or collect PII.
Creating a new program, system, technology, or information collection that may have privacy implications.
Updating a system that results in new privacy risks.
Issuing a new or updated rulemaking that entails the collection of PII.
Treasury Department-wide PCLIAs:
Treasury Bureau PCLIAs:
- Alcohol and Tobacco Tax and Trade Bureau
- Bureau of Engraving and Printing
- Departmental Offices
- Financial Crimes Enforcement Network
- Bureau of Fiscal Service
- Internal Revenue Service
- Office of Inspector General
- Office of the Comptroller of the Currency
- Treasury Inspector General for Tax Administration
- U.S. Mint