The process that helps organizations identify privacy risks and effects of collecting and maintaining personally identifiable information (PII) to evaluate alternative methods of handling information for risk mitigation.