Privacy Threshold Analysis (PTA) (3rd artifacts in the categorization process) purpose is to identify whether the system processes, transmits or stores any Personal Identifiable Information (PII).
Examples of PII:
When the PTA is positive (This means the system processes, transmits or stores PII) then a Privacy Impact Analysis (PIA) is conducted. If PTA is negative, no PIA is conducted. PIA is the 4th artifact in the categorization process. -SP 800-122
Privacy Impact Analysis (PIA) purpose is to identify and understand any risks the system may pose to
the privacy, civil rights, and civil liberties of personally identifiable information. It also elaborates on how the PII should be handled/collected/maintained and protected.
In most cases PTA and PIA are the responsibilities of the privacy department, however a security analyst can also handle this process
Sample PTA and PIA
PIA’s are published on the department website