National Archives Privacy Program Resources

Privacy Impact Assessments

Federal law recognizes the ever-increasing amount of information stored in government IT systems and the speed with which computers can process and transfer data. Section 208 of the E-Government Act of 2002 requires all Federal government agencies to conduct Privacy Impact Assessments (PIA) for all new or substantially changed technology that collects, maintains or disseminates personally identifiable information.

What is a PIA?

A PIA is an analysis of how personally identifiable information (PII) is collected, stored, protected, shared and managed. The purpose of a PIA is to demonstrate that system owners and developers have consciously incorporated privacy protections throughout the entire life cycle of a system. Existing PIA's are reviewed on an annual basis, and updated as needed if the system or data in the system has changed. PIA reviews will be completed by August 31 of each year, and any updates will appear on this page.

What is PII?

PII includes any information about an individual maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history and information which can be used to distinguish or trace an individual's identity, such as their name, social security number, date and place of birth, mother's maiden name, biometric records, etc., including any other personal information which is linked or linkable to an individual.

Who can I contact for additional information?

The Archivist of the United States has designated Gary M. Stern, General Counsel, as the Senior Agency Official for Privacy at the National Archives and Records Administration (NARA). Mr. Stern can be reached at 301-837-1750 or by e-mail at

NARA's Privacy Impact Assessments

Privacy Impact Assessments for Social Media Applications