Contents 1 Section 301. Best Practices for PIAs 2 Section 302. Privacy Impact Assessment of Federal Government Employee Systems 3 Section 303. Privacy Impact Assessment of Technologies That May Erode Privacy 4 Section 304. Privacy Impact Assessment of Government Use of Commercial Information and other Information Services Containing Personal Information 5 Section 305. Role of OMB Chief Privacy Officer in Implementing the E-Government Act

Section 301. Best Practices for PIAs

Section 208(b)(3) of the E-Government Act of 2002 (44 U.S.C. 3501 note) is amended--

1. in subparagraph (B), by striking 'and' at the end;
2. in subparagraph (C), by striking the period and inserting '; and'; and
3. by adding at the end the following: '(D) develop best practices for agencies to follow in conducting privacy impact assessments.'

Section 302. Privacy Impact Assessment of Federal Government Employee Systems

Section 208 (b)(1)(A)(ii) of the E-Government Act of 2002 (44 U.S.C. 3501 note) is amended--

(II) by striking ', other than agencies, instrumentalities, or employees of the Federal Government.' at the end;

Section 303. Privacy Impact Assessment of Technologies That May Erode Privacy

Section 208 (b)(1)(A)(i) of the E-Government Act of 2002 (44 U.S.C. 3501 note) is amended by inserting "or that may erode privacy, such as surveillance technology" after "form".

Section 304. Privacy Impact Assessment of Government Use of Commercial Information and other Information Services Containing Personal Information

(a) In General — Section 208(b)(1)(A) of the E-Government Act of 2002 (44 U.S.C. 3501 note) is amended—

(1) in clause (i), by striking 'or' after the semicolon; (2) in clause (ii), by striking the period and inserting '; or'; and (3) by adding after clause (ii) the following:

'(iii) systematically using personally identifiable information purchased, or subscribed to for a fee, from a commercial data source. (iv) creating a data mining program as defined in SEC. 804. (b)(1) of PL 110-53’.'.

(b) Definition of Personally Identifiable Information.—Section 208 of the E-Government Act of 2002 (44 U.S.C. 3501 note) is amended by striking subsection (d) and inserting the following: '(d) DEFINITIONS.—For purposes of this section— (1) the term 'identifiable form' means any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means; and (2) the term 'personally identifiable information' means any information, or compilation of information, in electronic or digital form comprising information in identifiable form.'

Section 305. Role of OMB Chief Privacy Officer in Implementing the E-Government Act

Section 208 of the E-Government Act of 2002 (44 U.S.C. 3501 note) is amended by striking 'director' in:

1. both instances in subsection (b)(1)(D),
2. subsection (b)(2)(A),
3. both instances in subsection (b)(3),
4. subsection (b)(3)(C),
5. subsection (c)(1)(A), and
6. subsection (c)(2)

and inserting 'OMB Chief Privacy Officer' in all instances.