Adam Shostack is the founder and President of Shostack & Associates and focuses on providing clients with expert security analysis and solutions that work to improve their organizational security. As an information security expert, Adam Shostack has extensive experience with threat modeling and analysing security processes.
According to the Federal Trade Commission (FTC), “A Privacy Impact Assessment, or PIA, is an analysis of how personally identifiable information is collected, used, shared, and maintained.”
What is the purpose of a PIA?
The purpose of a privacy impact assessment is to demonstrate that program managers and system owners have incorporated robust and effective privacy protections throughout the development life cycle of a system or program. This analysis allow organizations to communicate how personally identifiable information is handled, as well as how the organization addresses privacy concerns and safeguards information.
Adam Shostack believes the best way to protect your personally identifying information is by respectfully refusing to hand it out. Individuals must carefully consider the information they share about themselves. Organizations should threat model to only collect what they need and to protect your sensitive personal data. Your personally identifiable information must be handled and maintained with care and accessed only a strict need-to-know basis.