Right now I think privacy impact assessments are not necessarily a standard thing. They push an agency through a line of questioning that helps them think about how to meet this balance of privacy violations and privacy protections.
However, that process isn't necessarily clear, I don't think, to employees. I think it's there for guidance at a high level, but it's not there for understanding at the ground level.