The Department of the Navy implemented phases one and two of the Social Security Number Reduction Plan and is now implementing phase three. This DON-wide effort requires senior leadership's attention and cooperation, as well as compliance from all Sailors, Marines, civilians and support contractors.
Naval message DTG 171625Z Feb 12 "Department of the Navy Social Security Number Reduction Plan Phase Three" was released Feb. 17, 2012, and is summarized below.
All DON business processes must meet acceptable use criteria for continued SSN use, eliminate the SSN or transition to the Department of Defense identification number, which is also known as the Electronic Data Interchange Personal Identifier Number (EDIPI), as a substitute. Acceptable use criteria for collecting SSNs can be found at: www.doncio.navy.mil/ContentView.aspx?id=1833.
All letters, memorandums, spreadsheets, hard copy lists and electronic lists must meet the acceptable use criteria if they include SSNs. A formal review of documents that justify continued use of SSNs will be required in 2015. Commands are strongly encouraged to eliminate use of SSNs or transition to the DoD ID number now.
When changes to a process result in the elimination of the use of SSNs, applicable directives and instructions must be updated to reflect those changes.
Personally identifiable information (PII) must be limited to the minimum elements required to fulfill the purpose for which it is intended and must never include SSNs. For example, recall rosters should only contain names, addresses and telephone numbers.
Effective Oct. 1, 2012, using a fax machine to send information containing SSNs and other PII is prohibited. External customers such as service veterans, Air Force and Army personnel, family members and retirees may continue to fax documents containing the SSN to DON activities but shall be strongly encouraged to use an alternative method. Alternatives include mailing the information via the U.S. Postal Service and scanning. Scanned documents must be transmitted using a secure means such as encrypted emails or the Safe Access File Exchange (SAFE). Details regarding the use of SAFE can be found at: www.doncio.navy.mil/Products.aspx?ID=3544.
The use of network-attached multifunction devices (MFD) and scanners to scan documents containing an SSN and other PII is restricted to the following limitations and prohibitions effective Oct. 1, 2012. These restrictions do not apply to scanner/MFDs that are directly connected to a user's workstation.
Network-attached multifunction devices and scanner scanto-email functionality may be used only if the sender can verify that the intended recipients are authorized to access the scanned file and the MFD, or the scanner encrypts the email containing the scanned file.
Network-attached multifunction devices and scanner scanto-file or scan-to-network-share functionality may be used only if the sender can verify that all users are authorized to have access to the scanned file or network share location.
A fundamental shift will occur when DON business practices rely on the DoD ID number as the unique personal identifier instead of the SSN. While some processes will always require the use of an SSN as a result of certain laws, the substitution of the DoD ID number and other SSN reduction actions greatly improve the security of PII for all DON personnel.
To download a copy of the Department of the Navy Social Security Number Reduction Plan Phase Three naval message, go to www.doncio.navy.mil/PolicyView.aspx?ID=3757.
Steve Muck is the privacy lead for the Department of the Navy Chief Information Officer.