The Defense Information Systems Agency (DISA) recognizes the importance of protecting the privacy of its customers and employees, especially as it modernizes its information management systems and employee information systems. Privacy issues must be addressed when systems are developed and privacy protections must be integrated into the development life cycle of these automated systems. The vehicle for addressing privacy issues in a system under development is the Privacy Impact Assessment (PIA). The PIA process also provides a means to assure compliance with applicable laws and regulations governing customer and employee privacy.

Section 208 of the E-Government Act of 2002 establishes Government-wide requirements for conducting, reviewing, and publishing PIA. DOD guidance directs all DOD components to conduct reviews of how privacy issues are considered when purchasing or creating new Information Technology (IT) systems or when initiating new electronic collections of information in personally identifiable form. A PIA addresses privacy factors for all new or significantly altered Information Technology (IT systems or projects that collect, maintain, or disseminate personal information from or about members of the public, Federal personnel contractors, or Foreign Nationals employed at U.S. military facilities internationally).

We do PIAs to ensure that:

• The public is aware of the information we collect about them
• Any impact these systems have on personal privacy is adequately addressed
• We collect only enough personal information to administer our programs, and no more

In addition, PIAs confirm that we use the information for the purpose intended; that the information remains timely and accurate; and, that it is protected while we have it and that we hold it only for as long as we need it.

DOD AND DISA PRIVACY IMPACT ASSESMENT GUIDANCE

• OMB Memoranda M-03-22 "OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002"
• DoD Instruction 5400.16, "DoD Privacy Impact Assessment (PIA) Guidance"
• DoD CIO Privacy Impact Assessment Web site
• DISA Approved Format for a Privacy Impact Assessment

COMPLETED DISA PRIVACY IMPACT ASSESMENT

• Account Tracking and Automation Tool (ATAT)
• ACROPOLIS
  
• Budget Execution Reporting Tool (BERT)
• C2 Software Factory (C2SF)
• Cloud Based Internet Isolation (CBII)
• Comply to Connect Enterprise Reporting Manager (C2C ERM)
• Computerized Maintenance Management System (CMMS)
• Consolidated Database Architecture (CDBA)
• Contract Support System (CSS)
• Defense Enterprise Directory Services (DEDS)
• Defense Collaboration Service (DCS)/Department of Defense Safe Access File Exchange (DOD SAFE)
• Department of Defense Privacy Information Management System (DPIMS)
• Digital Policy Management System (DPMS)
• DISA Data Cataloging Governance (DISA-DC)
• DISA Financial Management Systems (DFMS)
• DISA Service Platform (DSP)
• DISA Storefront (DSF)
• DoD Automated Time Attendance and Production System (DoD ATAAPS)
• DoD Enterprise Portal Services (DEPS)
• DoD Mobility Classified Capability-TS (DMCC-TS)
• DoD Mobility Unclassified Capability (DMUC)
• DoD Mobility NIPR Lab
• DoD Network Unclassified Domain System (DoDNet)
• DoD Public Key Infrastructure (PKI)
• Endpoint Security Solutions E-Policy Orchestrator Infrastructure (ESS EPO Infrastructure)
• Enterprise Application and Services Forest (EASF)
• Enterprise Mission Assurance Support Service (EMASS)
• Enterprise Systems Management
• Financial Accounting and Budget System (FABS)
• Financial Accounting Management Information System (FAMIS-WCF)
• Global Content Delivery Service (GCDS)
• Global Federated User Domain (GFUD)
• Identity, Credential, and Access Management (ICAM)
• Integrated Defense Enterprise Acquisition System (IDEAS)
• Integrated Workspace Management System (IWMS)
• Intranet Services (IS)
• Joint Command and Control Global Information Grid Computing Node (JC2GCN)
• Joint Interoperability Test Command - Fort Huachuca
• Joint Interoperability Test Command - Fort Huachuca/Joint Analysis Net-Centric Evaluation Testing Toolkit (JANETT)
• Joint Interoperability Test Command - Fort Huachuca/TEST AND EVALUATION DASHBOARD
• Joint Management System (JMN)
• Joint Management System (JMS)
• Joint Regional Security Stack (JRSS)
• Joint Satellite Communications Management Enterprise (JSME)
  
• Network Change and Configuration Management - Replacement (NCCM-R)
• Open Source Corporate Management Information System (OS-CMIS)
• Operational Support System -Network Management System (OSS-NMS)
• Operational Support System - System Integration Environment (OSS-SIE)
• SATCOM Ordering Management and Situational Awareness Tools (SOMSAT)
• SD DevSecOps
• SHARKFRENZY
• SharkShadow
• Tactical Data Link (TDL) Configuration Management Tool (TCMT)
• TELECOM Services Information Technology Services (TSEAS) Inventory and Billing information (TIBI)
• Thunderdome
• United States Message Text Format Configuration Management - Web Application
• WHS Identity Synchronization Service (IdSS)
• World Wide Online System (WWOLS)