Data Security Evaluations: A Comprehensive Examination of Personal Information Management Practices and Risks

The National Archives and Records Administration (NARA) is committed to ensuring the privacy and security of personal information (PII) in its systems. To demonstrate this commitment, NARA conducts regular Privacy Impact Assessments (PIA) for all new or substantially changed technology that collects, maintains, or disseminates PII, as mandated by the E-Government Act of 2002.

NARA's PIAs cover a wide range of social media applications and systems. These include Crowd Hall, EventBrite, External Blogs, Facebook, Flickr, FourSquare, Instagram, Pinterest, Tumblr, Twitter, YouTube, and ZeeMaps, as well as systems like Access to Archival Databases (AAD), Archives Document Review and Redaction System (ADRRES) and Unclassified Redaction and Tracking System (URTS), Archives and Record Center Information System (ARCIS), Archives Investigative Management System (AIMS), Austin Automation System (AAC) and NPRC Registry Files, Case Analysis Tracking System, Case Management and Reporting System (CMRS), Classified Interim System, Digital Capture System (DCU), Electronic Customer Relationship Management, eDocs Upgrade, Electronic Records Archives, ERA 2.0, Google Apps for Government (Cloud Email), History Hub, Inspector General Case Management & Tracking System (IGCMTS), Integrated Siebel Platform, Internal Collaboration Network, Insider Threat Program Support System, IRS/DHS Index System, Learning Management System, LL Reference Topic Log, Microfiche Reader Modernization Project, National Archives Catalog, NARANet, Online Ordering System (ENOS), OpsPlanner Version 3.3, Order Fulfillment and Accounting System (OFAS), Physical Access Control System, Performance Measurement and Reporting System (PMRS), Presidential Electronic Records Library (PERL), Presidential Libraries Museum Collections Management Database - TMS® (The Museum System), Presidential Libraries Visitor Services System, Researcher Registration System (RRS), Security Clearance Tracking System (SCTS), and Zoom.

The following systems also have PIA coverage at NARA: Archival Electronic Records Inspection and Control (AERIC), AERIC Title 13, AERIC TS, and AERIC TS/SCI.

PIAs at NARA are conducted to analyse how PII is collected, stored, protected, shared, and managed throughout the entire life cycle of a system. Existing PIAs are reviewed on an annual basis and updated as needed if the system or data in the system has changed.

NARA has designated Gary M. Stern as the Senior Agency Official for Privacy. For more information regarding the PIAs or any specific system, please contact Gary M. Stern at 301-837-1750 or [email protected]. For additional information about a specific system or technology, please contact the agency or department that manages it.

NARA's commitment to privacy protection is evident in its regular PIAs, ensuring that the personal information entrusted to them is handled with care and respect. The PIAs will be completed by August 31 of each year, and any updates will appear on this page.