U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

Guide to Conducting Privacy Impact Assessments for State, Local, and Tribal Justice Entities

NCJ Number
Date Published
February 2009
60 pages

This document provides practitioners a framework with which to examine the privacy implications of their information systems and information sharing collaborations.


In addition to an overview of the Privacy Impact Assessment (PIA) process, this guide contains a template that leads policy developers through a series of appropriate PIA questions that evaluate the process through which personally identifiable information is collected, stored, protected, shared, and managed. Results from the analysis performed during the PIA process can be used to design and implement privacy policies which address the vulnerabilities identified. Stages of the assessment examined include: educating and raising awareness on the importance of having privacy, civil rights, and civil liberties protections within the agency; assessing agency privacy risks by evaluating the process through which an agency collects, stores, protects, shares, and manages information; developing the privacy policy to articulate the policy position of an organization on how it handles information the agency seeks or receives and uses in the normal course of business; performing a policy evaluation to determine whether the privacy policy adequately addresses current standards and privacy protection recommendations; implementing and training personnel and authorized users on the established rules and procedures; and conducting an annual review to make appropriate changes in response to applicable laws, technology, and public expectations.