Protect Personally Identifiable
Information (PII) through process
improvement and automation with the
Privacy Impact Assessment Management
2920 O’Donnell St.
Baltimore, MD 21224
A Privacy Impact Assessment, or PIA, is an analysis of how
information in identifiable form is collected, stored, protected,
shared and managed...[to] ensure that system owners and
developers have consciously incorporated privacy protection
throughout the entire life cycle of a system.
PIA’s expose internal and external threats to the confidentiality of
Personally Identifiable Information (PII) in compliance with the EGovernment Act of 2002 (Pub. L 107-347) and applicable Office of
Management and Budget (OMB) guidance.
This analysis is required on many systems within Federal
Organizations and can result in a significant investment in time
during the preparation and review cycles.
A Privacy Impact Assessment Management System (PIAMS)
collects and stores multiple Privacy Impact Assessment (PIA)
questionnaires for system owners.
Types of PIA’s can include specialty questionnaires for
~ Social networking sites
~ Public internet sites
~ Generic data storage PIA
Manual process of filing and reviewing PIAs is replaced by a web
system to store the final deliverable and automate the PIA process.
Promotes workflow flexibility
An example would be allowing management approval on the “business” side as well
as the “privacy side”.
Multiple versions of each type of questionnaire
As the need for stored information changes, each questionnaire can be updated to
reflect those changes. Existing approved or signed PIAs will be linked to the version
of the questionnaire active at the time
Dynamic sub-questions based on answers.
For example, if the answer to a question is “yes” display one subset of questions; if
no, show a different subset.
Approved (or signed) PIAs stored in a read-only state
~ Minimizes the need for physical storage
~ Allows for statistical analysis and data-mining of PII elements
Microsoft .NET Framework, version 4.0 or 4.5
Database server running Microsoft SQL Server 2008
Web Server(s) running Windows Server® 2012 or Windows Server
Windows Internet Information Services (IIS) 8.0
Database Server running Microsoft SQL Server 2008
Key Benefits of PIAMS
• Eliminates the use of paper application submissions (Paper
• Increases the ability of tracking and centrally storing the PIA’s
(Transparency and Accessibility)
• The ability for electronic notifications for PIA renewal or missing
information sent to the system owners (Workflow Automation)
• Increases reporting for individual systems or enterprise wide
(Reporting and Metrics)
• Reduces man hours required to perform initial and subsequent
PIA’s (Sustained Operational Reduction)
Facilitates enhanced security of PII Data (Enhanced data security)
Proven Success Story
The Canton Group worked with IRS to automate and improve the
existing PIA processes leveraging state of the art web software.
The system created by The Canton Group provided the IRS with
new operational capability and allowed the IRS to have more
confidence in assigning security levels for systems as well as
massively decrease the labor hours required to gathering this
The implementation of this system has resulted in a sustained
reduction in man hours required to perform Privacy Impact
Assessments (PIAs) and improved the speed to perform PIAs by a
factor of 10.
• PIAMS improves operational effectiveness
• The Canton Group designed and developed PIAMS
• The IRS has a significant number of systems with PII and is
successfully using PIAMS
• PIAMS can be configured and customized to meet agency specific
• The Canton Group is a GSA Schedule 70 and 8a Stars 2 Prime
Contact Canton Group
For more information or to schedule a demonstration please
Chris Forhan, Director of Digital Strategy
Ed Peck, Senior Security Engineer CISSP
Or call 410-675-5708 x7117