A process for examining the risks and ramifications of collecting, maintaining, and disseminating information in identifiable form in an electronic information system, and for identifying and evaluating protections and alternative processes to mitigate the impact to privacy of collecting information in identifiable form. An analysis of how information is handled: (i) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; (ii) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and (iii) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.
Retrieved from NIST SP 800-65 under Privacy impact assessment, NIST SP 800-53 Rev. 4 under Privacy Impact Assessment and NIST SP 800-18 Rev. 1 under Privacy Impact Assessment. (2018). https://csrc.nist.gov/glossary/term/Privacy-Impact-Assessments