[5] A PIA is typically designed to accomplish three main goals: A privacy impact report seeks to identify and record the essential components of any proposed system containing significant amounts of personal information and to establish how the privacy risks associated with that system can be managed.
[8] A PIA will sometimes go beyond an assessment of a "system" and consider critical "downstream" effects on people who are affected in some way by the proposal.
Similarly, at around this time came the Environmental Impact Assessments (EIA), a reaction to the social push from the sixties Green movements.
[13][14] The E-Government Act of 2002, Section 208, establishes the requirement for agencies to conduct privacy impact assessments (PIAs) for electronic information systems and collections.
Aside from new IT systems and projects, the PIA approach has value for structured, periodic reviews or audits of an organization's privacy arrangements.