Privacy Threshold Analysis (PTA) And Privacy Impact Assessment (PIA) Q1-2022

Privacy Threshold Analysis (PTA) (3rd artifacts in the categorization process) purpose is to identify whether the system processes, transmits or stores any Personal Identifiable Information (PII).

Examples of PII:

  • Name
  • Address
  • telephone number
  • Social Security numbers
  • Passport numbers
  • Driver’s license numbers
  • Biometric information
  • DNA information
  • Bank account numbers

When the PTA is positive (This means the system processes, transmits or stores PII) then a Privacy Impact Analysis (PIA) is conducted. If PTA is negative, no PIA is conducted. PIA is the 4th artifact in the categorization process. -SP 800-122

Privacy Impact Analysis (PIA) purpose is to identify and understand any risks the system may pose to

the privacy, civil rights, and civil liberties of personally identifiable information. It also elaborates on how the PII should be handled/collected/maintained and protected.

In most cases PTA and PIA are the responsibilities of the privacy department, however a security analyst can also handle this process

Sample PTA and PIA
PIA’s are published on the department website

error: Content is protected !!