Safeguarding PII on the Command Shared Drive

Published, September 1, 2008

Privacy TipRecent personally identifiable information (PII) breach reports highlight the need to conduct searches of shared drives throughout the Department to protect employees’ personal information and reduce the risk of identity theft. PII is found most often in documents related to awards, medals, legal issues, medical records and financial data.

ALNAV 070/07: DON Personally Identifiable Information Annual Training Policy, requires commands to conduct a semi-annual compliance spot check targeting those offices that handle PII on a regular basis (e.g., human resources, personnel support, financial, medical and legal). The checklist should be used as a guide.

Item 19 on the checklist requires a search and spot check of 25 percent of files likely to contain PII on a command’s shared drive. This Privacy Tip of the Month provides suggestions and lessons learned to assist in searching a shared drive and properly safeguarding any PII discovered during this search.

As an example, each member of a command could:

  • Conduct a full text search of all shared drive files and folders (e.g., Microsoft Office documents and Adobe Acrobat PDF documents) using his or her last name as the key word search criteria. (Note: Search results for Adobe Acrobat PDF documents will only be returned based on a search of the subject line (i.e., not a full text search).
  • Subject lines of the search results could then be visually scanned and documents opened that one would expect to contain PII. PII is information linked to an individual that could result in identity theft (e.g., SSNs, and financial, medical and/or legal information, etc.).
  • Documents that actually contain PII could then be password protected. See below for process.
  • Location(s) of the document(s) in question should be noted for easy retrieval in the future.
  • Command Privacy Act coordinators should consult with their records management personnel regarding retention and destruction rules for the specific documents in question IAW the Records Management Manual (SECNAV M-5210.1, November 2007 (Rev)).
  • Based on this information, determination can then be made as to the best way to protect and store documents that need to be retained and when and how to dispose of those documents no longer required.
In any case, deleting/redacting unnecessary PII where possible and reducing the amount of PII collected in the future should be everyone’s goal.

Below are the steps to password protect documents that contain PII.

To password protect a Microsoft Office document:
  • Open and save the document to the desired location.
  • Click on "Tools" in the tool bar at the top of the screen.
  • Click on "Options" in the drop down menu.
  • Click on the "Security" tab.
  • Type in your password and click on "OK."
  • Confirm your password and click on "OK."
To password protect an Adobe .PDF document:
  • Open and save the document to the desired location.
  • Click on "Document" on the tool bar.
  • Select "Security" and then click on "Secure this document…"
  • Click on "Restrict opening and editing using passwords…"
  • Check the box "Require a password to open the document."
  • Select a password and type it in the "Document Open Password:" box.
  • Click on "OK" and confirm the password.
  • Click on "OK."
  • You must now save the document for the password restriction to take effect.

TAGS: Cybersecurity, Privacy

Related News
Related CHIPS Magazine