Apr 17

Related Policy

Related News

Related Resources

Related Industry News

PII Best Practice: Proper Disposal of PII

By DON CIO Privacy Team - Published, June 3, 2011

Some personally identifiable information (PII) if lost, stolen or compromised has the potential to cause harm to an individual because it may result in identity fraud. There are other PII elements that present little to no such risk.

The list below is intended to provide guidance regarding what PII can be thrown away and what PII should be disposed of by shredding or by placing in a burn bag. This list may be referred to daily, but is most useful when shutting down or moving an office, during which time personnel would be disposing of a large amount of material.

DO NOT Throw Out (Sensitive PII that may cause harm to an individual if lost/compromised):

  • Financial information: bank account, credit card, and/or bank routing number
  • Medical data: diagnoses, treatment, medical history
  • SSN (full or last four digits)
  • Personnel ratings and pay pool information
  • Place and date of birth
  • Mother's maiden name
  • Passport number
  • Security clearance info
Examples of what NOT to throw out
  • Voided or returned bank checks
  • Defense travel forms
  • Personal resumes
  • Recall rosters
OK to Throw Out (Non-Sensitive PII, which will not cause harm to an individual if lost/compromised):
  • Badge number
  • Electronic Data Interchange Personal Identifier (EDIPI)
  • Job title
  • Pay grade
  • Office phone number
  • Office address
  • Office email address
  • Lineal numbers
  • Full name without other PII
Examples of what is OK to throw out
  • DoD phone book
  • Business cards
  • Envelopes and letters with business mailing address
  • Business calendar
Best Practice: Shred materials with cross-cut shredder or place in burn bag.

TAGS: Privacy