Privacy and Civil Liberties Impact Assessments

Section 208 of the E-Government Act of 2002 created the requirement to conduct Privacy and Civil Liberties Impact Assessments (PCLIAs) for systems that process personally identifiable information (PII). A PCLIA is required for new systems, those systems undergoing modification or enhancement, and Paperwork Reduction Act electronic collections of information. OMB Memorandum 03-22, dated September 26, 2003, contains guidance for conducting PCLIAs as well as procedures for processing and posting completed assessments.  

What is a PCLIA?

A decision tool used by Treasury to identify and mitigate privacy risks that notifies the public:

  • What PII Treasury is collecting;
  • Why the PII is being collected; and
  • How the PII will be collected, used, accessed, shared, safeguarded and stored.

 A PCLIA should accomplish three goals:

  • Ensure conformance with applicable legal, regulatory, and policy requirements for privacy;
  • Determine the risks and effects; and
  • Evaluate protections and alternative processes to mitigate potential privacy risks

Treasury conducts a PCLIA when:

  • Developing or procuring any new technologies or systems that handle or collect PII;
     
  • Creating a new program, system, technology, or information collection that may have privacy implications;
     
  • Updating a system that results in new privacy risks; and
     
  • Issuing a new or updated rulemaking that entails the collection of PII.
     

 Treasury Department-wide PCLIAs: 

Treasury Bureau PCLIAs: