Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · CFR · Title 1 — General Provisions · Part 603 — Privacy Act Regulations · § 603.18

§ 603.18. Privacy Impact Assessments.

339 words·~2 min read·/us/cfr/t1/s§ 603.18·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

(a)Consistent with the requirements of the E-Government Act and OMB Memorandum M-03-22, the NCPC shall conduct a PIA before:
(1)Developing or procuring IT systems or projects that collect, maintain, or disseminate IIF; or
(2)Installing a new collection of information that will be collected, maintained, or disseminated using IT and includes IIF for 10 or more persons (excluding agencies, instrumentalities or employees of the federal government).
(b)The PIA shall be prepared through the coordinated effort of the NCPC's privacy Officers (SAOP, PAO), Division Directors, CIO, and IT staff.
(c)As a general rule, the level of detail and content of a PIA shall be commensurate with the nature of the information to be collected and the size and complexity of the IT system involved. Specifically, a PIA shall analyze and describe:
(1)The information to be collected;
(2)The reason the information is being collected;
(3)The intended use for the information;
(4)The identity of those with whom the information will be shared;
(5)The opportunities Individuals have to decline to provide the information or to consent to particular uses and how to consent;
(6)The manner in which the information will be secured; and
(7)The extent to which the system of records is being created under the Privacy Act.
(d)In addition to the information specified in paragraphs (b)(1)-(7) of this section, the PIA must also identify the choices NCPC made regarding an IT system or collection of information as result of preparing the PIA.
(e)The CCB shall verify that a PIA has been prepared prior to approving a request to develop or procure information technology that collects, maintains, or disseminates Information in Identifiable Form.
(f)The SAOP shall approve and sign the NCPC's PIA. If the SAOP is the Contracting Officer for the IT system that necessitated preparation of the PIA, the Executive Director shall approve and sign the PIA.
(g)Following approval of the PIA, the NCPC shall post the PIA document on the NCPC Web site located at www.ncpc.gov.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.