Privacy Impact Assessments
The National Science Foundation (NSF) recognizes the importance of protecting the privacy of personally identifiable information in Information Technology (IT) systems. NSF’s goal is to ensure personal information in electronic form is only acquired and maintained when necessary, and that the supporting IT that is being developed and used protects and preserves the privacy of the public.
The Privacy Provisions (Section 208) of the E-Government Act of 2002 establish Government-wide requirements for conducting, reviewing, and publishing Privacy Impact Assessments (PIA). These assessments explain how NSF addresses privacy issues when developing new or altering IT systems or projects that collect, maintain, or disseminate information in identifiable form from or about members of the public. Privacy issues are considered for all systems and collections that involve information in identifiable form.
In September 2003, the Office of Management and Budget (OMB) issued guidance to agencies implementing the privacy provisions of the E-Government Act. That guidance can be found at http://www.whitehouse.gov/omb/memoranda/m03-22.html. NSF has adopted the requirements prescribed in the OMB guidance for its Privacy Impact Assessments.
A list of NSF Privacy Impact Assessments and Privacy Act System of Records Notices is provided below: