At the Defense Information Systems Agency, we are committed to protecting the privacy of our customers and employees, especially as we modernize our information and employee management systems. We make privacy a priority by addressing it throughout the development of our systems and integrating protections into their lifecycle. A Privacy Impact Assessment is the primary tool we use to identify and address privacy concerns during system development. Through the PIA process, we also ensure compliance with laws and regulations that govern privacy for our customers and employees.

Section 208 of the E-Government Act of 2002 requires all government agencies to conduct, review and publish PIAs. In line with DOD guidance, we review how privacy considerations are handled when we acquire or develop new IT systems or begin collecting new electronic information that includes personally identifiable information. We conduct PIAs for all new or significantly modified IT systems or projects that collect, maintain, or share personal information about the public, federal personnel, contractors, or foreign nationals working at U.S. military facilities abroad.

We use PIAs to:

• Inform the public about the information we collect about them.
• Address the privacy impacts of our systems.
• Ensure we collect only the personal information we need to administer our programs.

PIAs also confirm that:

• We use personal information only for its intended purpose.
• We keep information accurate and up to date.
• We protect the data while we use it and hold it only for as long as necessary.

DOD and DISA Privacy Impact Assessment Guidance

• OMB Memoranda M-03-22 "OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002"
• DOD Instruction 5400.16, "DoD Privacy Impact Assessment (PIA) Guidance"
• DOD CIO Privacy Impact Assessment Web site

Completed DISA Privacy Impact Assessments

• Automated Spectrum Coordination System (ASCS)
• ACROPOLIS
• Automated Security Validation (ASV)
• Complex Tools - ServiceNow (CT-S)
• Corporate Management Information Systems (CMIS)
• Department of Defense Secure Access File Exchange (DoD SAFE)
• Department of Defense Network-Unclassified Domain Services (DoDNet-U-DS)
• Defense Enterprise Office Solution - U (DEOS-U)/DoD365-Joint Microsoft Sentinel
• Defense Collaboration Service (DCS)/Department of Defense Safe Access File Exchange (DOD SAFE)
• DISA Concierge AI
• DISA Financial Management Systems (DFMS)
• DISA Integrated Management and Execution System (DIMES)
• DOD Enterprise Identity, Credential, and Access Management (DoD E-CAM)
• DOD Network Unclassified Cloud (DoDNet-U Clould)
• Enterprise Privileged User Authentication Services (EPUAS) 
• Enterprise Mission Assurance Support Service (EMASS)
• Enterprise Voice over IP (ECVOIP)
• Electromagnetic Battle Management Joint Decision Support (EMBM-J DS)
• ESSI Lab Azure Cloud
• Financial Accounting Management Information System (FAMIS-WCF)
• Global Test Cloud Service (GTC)
• Hosting and Computer Center (HaCC) DocuSign (DS)
• HYPORI IL5 SAAS
• Integrated Workspace Management System (IWMS)
• JITC-FHU/GEX
• Joint Command and Control Global Information Grid Computing Node (JC2GCN)
• Joint Department of Defense 365 (DoD365) Joint (SharePoint On-Line, Exchange On-Line, and Office Automation)
• Joint Incident Management System (JIMS)
• Joint Operational Edge (JOE) Cloud
• Joint Planning Execution Services (JPES)
• Joint Spectrum Center (JSC)
• Open Sensor Platform (OSP)
• PACIFIC ENTERPRISE SERVICES – HAWAII (PES-HI)
• SIEM (Security Information Event Manager) SaaS(Software as a Service)
• Spectrum XXI Version 5 (SXXI v5) 
• TELECOM Services Information Technology Services (TSEAS) Inventory and Billing information (TIBI)