"Section 208 of the E-Government Act of 2002 requires all Federal government agencies to conduct Privacy Impact Assessments (PIA) for all new or substantially changed technology that collects, maintains, or disseminates personally identifiable information. The Chief Privacy Officer of the Department of Homeland Security is required by Section 222 of the Homeland Security Act to ensure that the technology used by the Department sustains privacy protections. The Privacy Impact Assessment is one mechanism through which the Chief Privacy Officer fulfills this statutory mandate. In addition, the Chief Privacy Officer is required to conduct PIAs for proposed rule-makings of the Department. The Chief Privacy Officer approves PIAs conducted by the Department's offices and programs. In 2004, the Department of Homeland Security Privacy Office issued Privacy Impact Assessments Made Simple. This amended guidance, Privacy Impact Assessment Guidance 2006, supersedes PIAs Made Simple and any previously issued Guidance. This Guidance reflects the requirements of both Section 208 of the E-Government Act of 2002 and Section 222 of the Homeland Security Act of 2002. The Chief Privacy Officer requires that all new PIAs follow this guidance."
U.S. Department of Homeland Security: http://www.dhs.gov