DON PIA Guidance
DON CIO Memo - Publish Date: 11/19/13
The purpose of this memo is to modify guidance regarding the submission of Department of the Navy Privacy Impact Assessments.
Subj: DEPARTMENT OF THE NAVY PRIVACY IMPACT ASSESSMENT GUIDANCE
Ref: (a) DON CIO WASHINGTON DC 181430Z MAY 09, Department ofthe Navy Privacy
Impact Assessment (PIA) Guidance
The purpose of this memorandum is to modify guidance regarding the submission of Department of the Navy (DON) Privacy Impact Assessments (PIAs). Current DON guidance requires either an approved PIA or a plan of action and milestones (POAM) be submitted as part of the certification and accreditation (C&A) process. Effective March 1, 2014, a POAM is no longer an option. Therefore, paragraph 3 of reference (a) is replaced in total with the following: "PIAs will be reviewed in conjunction with the Department of Defense (DoD) C&A process. An approved PIA signed by the DON Chief Information Officer (CIO) will be submitted with the C&A package and must have a signature approval date within six months of C&A package submission." All other guidance in reference (a) remains in effect.
DON commands and privacy officials must coordinate draft PIAs with the DON CIO with enough lead time to ensure PIA approval by C&A package submission.
The DON CIO point of contact for this effort is Mr. Steve Daughety, 703-697-0045 or email@example.com.
Terry A. Halvorsen
Department of the Navy Chief Information Officer