U.S. Postal Service's Privacy Impact Assessments (PIA)
The U.S. Postal Service voluntarily complies with the E-Government Act of 2002. The Act requires an agency to conduct a Privacy Impact Assessment (PIA) when developing or buying an information technology (IT) system that contains personal information about members of the public. Privacy Impact Assessments serve to ensure privacy protections are addressed for these systems. The other two components of the Act include enhancements to online privacy policies, and providing such policies in a machine-readable form, such as P3P.
The Postal Service’s PIAs are known as Business Impact Assessments (BIA)s. The BIA addresses all privacy and security requirements, including ensuring privacy compliance, determining the sensitivity and criticality of the system, and developing the appropriate security plan. The BIA has long been postal policy, and is required for all IT systems, including those containing customer or employee information.
Below are the USPS templates for BIAs and a list of the current BIAs available upon request.