COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER

A GAO report on compliance with privacy protections found that only 6 of the 24 agencies surveyed “always” initiated PIAs early enough in the system development process to impact the design or outcome of the system.35 Only half of agencies claimed to be able to regularly hold staff accountable for failing to conduct a PIA in a timely manner, and one agency even claimed it could never hold staff ac. [...] 12 EPIC Comments to OMB April 1, 2024 PIA webpage that directly houses some PIAs in PDF form for some agency subcomponents, links directly to the PIA page for other subcomponents like the FBI, and links to the general privacy webpage for still others like the Bureau of Prisons.62 The FCC and many other agencies maintain similarly deficient PIA webpages. [...] The DHS is required to assess and mitigate the privacy risks of the information technology systems and technologies they use through a four-part cycle, beginning with conducting a Privacy Threshold Analysis (PTA).66 Depending on the results of the PTA, the DHS Privacy Office will reach a conclusion about whether the system or program requires additional privacy compliance documentation, like a Pri. [...] The Text of Section 208 Permits the OMB to Incorporate AI Impact Requirements Within its Privacy Impact Assessment Guidance Section 208 requires the OMB to issue guidance specifying the contents of Privacy Impact Assessments. [...] The OMB is directed to ensure that all Privacy Impact Assessments address a minimum set of questions about the information collection or technology listed above,20 and the guidance must “ensure that a Privacy Impact Assessment is commensurate with the size of the information system being assessed, the sensitivity of the information that is in an identifiable form in that system, and the risk of ha.