Department of Defense
INSTRUCTION
NUMBER 5400.16
July 14, 2015
Incorporating Change 1, August 11, 2017
DoD CIO
SUBJECT: DoD Privacy Impact Assessment (PIA) Guidance
References: See Enclosure 1
1. PURPOSE. This instruction:
a. In accordance with the authority in DoD Directive (DoDD) 5144.02 (Reference (a)),
reissues DoD Instruction 5400.16 (Reference (b)) to establish policy and assign responsibilities
for completion and approval of PIAs.
b. Provides procedures for the completion and approval of PIAs in DoD to meet the statutory
requirement as stated in section 208 of Public Law 107-347 (Reference (c)) to analyze and
ensure personally identifiable information (PII) in electronic form is collected, stored, protected,
used, shared, and managed in a manner that protects privacy. These procedures also support
Office of Management and Budget (OMB) Memorandum M-03-22 (Reference (d)).
2. APPLICABILITY. This instruction applies to OSD, the Military Departments, the Office of
the Chairman of the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, the
Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD
Field Activities, and all other organizational entities within the DoD (referred to collectively in
this instruction as the “DoD Components”).
3. POLICY. It is DoD policy that PIAs are will be:
a. Completed on DoD Information Technology (IT) and electronic collections that collect,
maintain, use, or disseminate PII to:
(1) Ensure PII handling conforms to applicable legal, regulatory, and policy
requirements regarding privacy.
(2) Determine the need, privacy risks, and effects of collecting, maintaining, using, and
disseminating PII in electronic form.
