Identity Management

News: 27   Policy: 23   Resources: 50   CIO Blog: 0   All: 100
Sort by Date | Title


Policy

DoD Privacy Impact Assessment Guidance

DoD Instruction 5400.16 - September 14, 2017

This instruction establishes policy and assigns responsibilities for completion and approval of privacy impact assessments to analyze and ensure personally identifiable information in electronic form is collected, stored, protected, used, shared and managed in a manner that protects privacy.

Processing of Electronic Storage Media for Disposal

DTG 281759Z AUG 12 - August 28, 2012

The purpose of this coordinated Department of the Navy Chief Information Officer, DON Deputy CIO (Navy), DON Deputy CIO (Marine Corps), and DON Information Security Program Authority message is to update policy for the disposal and mandatory physical destruction of electronic storage media.

Reduction of SSN Use Within DoD

DoD Instruction 1000.30 - August 1, 2012

The purpose of this Department of Defense instruction is to establish policy and assign responsibilities for Social Security Number (SSN) use reduction in the DoD. It establishes a DoD SSN use reduction plan and incorporates and cancels Directive-Type Memorandum 07-015. The Department of the Navy SSN Reduction Plan, incorporates the requirements of this instruction.

Updated Plan to Remove Social Security Numbers from DoD Identification Cards

Under Secretary of Defense Memo - November 5, 2010

This memo cancels the Jan. 28, 2009, memo, "Business Practice Changes to Allow the Removal of Social Security Numbers from DoD Identification (ID) Cards," which established a timeline for truncation and removal of the visible Social Security numbers (SSN) on all ID cards. The memo addresses concerns raised by DoD stakeholders about potential adverse impacts that may occur if the SSN is truncated or removed as ...

DON Electronic Signature Policy

SECNAVINST 5239.21 - August 27, 2010

This policy establishes electronic signature policy for the Department of the Navy consistent with Federal and Department of Defense legislation and policies. This policy is not a mandate to replace handwritten signatures with electronic signatures but rather is a policy to adopt electronic signatures as the preferred means of conducting business transactions within the DON.

Safeguarding Personally Identifiable Information (PII)

NAVADMIN 125/10 - April 8, 2010

The Under Secretary of the Navy issued the memo "Safeguarding Personally Identifiable Information" in February 2010 emphasizing the importance he places on personal privacy and the safe management of Department of the Navy's personally identifiable information (PII). His intention was to make eradicating further PII breaches a Departmental priority. As a result, the Vice Chief of Naval Operations release

Safeguarding Personally Identifiable Information

MARADMIN 162/10 - March 18, 2010

The Under Secretary of the Navy issued the memo "Safeguarding Personally Identifiable Information" in February 2010 emphasizing the importance he places on personal privacy and the safe management of the Department of the Navy's personally identifiable information (PII). His intention was to make eradicating further PII breaches a Departmental priority. As a result, MajGen George Allen, DON Deputy CIO (M

DON Privacy Impact Assessment Guidance

DTG 181430Z MAY 09 - May 18, 2009

This Naval message implements the Department of Defense Privacy Impact Assessment (PIA) guidance of Feb. 12, 2009, for the Department of the Navy. The following is highlighted: The guidance expands PIA coverage from just members of the public to include Federal personnel, Federal contractors, and Foreign Nationals employed at U.S. military facilities abroad. PIAs are required for legacy systems and electronic ...

DON Policy Updates for Use of NIPRNET Public Key Infrastructure Software Certificates

DTG 031859Z DEC 08 - December 3, 2008

This Naval message details policy changes that have been made as a result of an impact assessment and data call conducted by the DON CIO to understand where software certificates are used in the Department's unclassified environments.

Safeguarding Personally Identifiable Information from Unauthorized Disclosure

DTG 232026Z JUL 07 - July 23, 2007

This Naval message defines personally identifiable information (PII) and emphasizes the importance of its proper handling following more than 100 incidents of PII loss during the past 18 months.

Safeguarding Personally Identifiable Information

DTG 171952Z APR 07 - April 17, 2007

This Naval message establishes interim policy for the handling of personally identifiable information when stored on government furnished laptop computers, other mobile computing devices and removable storage media (e.g., removable hard drives, thumb drives, blackberries, personal digital assistants, compact discs and DVDs).

Recall Rosters

CNO Memo - September 7, 2006

This memo provides guidance regarding the use of recall rosters for the management of personnel and addresses what personal information may be included.

DoD-Wide Digital Signature Interoperability

DoD CIO Memo - May 5, 2006

This memo provides direction to incorporate standard digital signature profiles into all applications, systems or processes that use digital signatures. This implementation will lead industry toward interoperable digital signature implementations.

DoD Implementation Guide for Transitional PIV II SP 800-73 v1

DoD Guide - March 1, 2006

This guide specifies technical details for implementing interagency PIV I and PIV II National Institute of Standards and Technology Special Publication 800-73v1 requirements in the DoD CAC environment. It documents how the DoD common access card and middleware are implemented with PIV.

National Industrial Security Program Operating Manual

DoD 5220.22-M - February 28, 2006

This manual prescribes requirements, restrictions, and other safeguards that are necessary to prevent unauthorized disclosure of classified information and to control authorized disclosure of classified information.

DON Privacy Program

SECNAVINST 5211.5E - December 28, 2005

SECNAVINST 5211.5E implements the Privacy Act of 1974 per the Department of Defense Privacy Program Directive and Regulation ensuring that all DON military members and civilian/contractor employees are made fully aware of their rights and responsibilities with regards to privacy. The program attempts to balance the government’s need to maintain information with the obligation to protect individuals against unwarranted ...

DON Information Assurance Manual

SECNAV M-5239.1 - November 1, 2005

This manual implements the policy set forth in SECNAVINST 5239.3B: Department of the Navy Information Assurance Policy and is issued under the authority of SECNAVINST 5430.7N: Assignment of Responsibilities and Authorities in the Office of the Secretary of the Navy. It is intended to serve as a high-level introduction to information assurance and IA principles. It discusses common IA controls and associated requirements ...

DON Privacy Impact Assessment Format Guidance

DON Guidance - October 27, 2004

This summary provides the Department of the Navy format for system assessors to use when conducting a Privacy Impact Assessment.

DON Public Key Infrastructure Implementation Guidance

DTG 061525Z OCT 04 - October 8, 2004

This Naval message provides amplifying public key infrastructure implementation guidance.

Privacy Act Program Update

CNO Memo - February 10, 2003

This memo directs Navy activities to be proactive with regards to complying with the Privacy Act of 1974 and SECNAVINST 5211.5 series, DON Privacy Program. The memo provides Privacy Act coordinators good general guidance and addresses areas that are still important today, i.e., protecting personally identifiable information, reducing the

DoD Health Information Privacy Regulation

DoD Instruction 6025.18-R - January 24, 2003

This Department of Defense Regulation prescribes the uses and disclosures of protected health information. It is based on the requirements of the Health Insurance Portability and Accountability Act, Public Law 104-191. It covers much of the same information as the Privacy Act of 1974. This regulation was effective April 14, 2003, and is mandatory for use by all DoD Components.

Instructions on Complying with President's Memorandum of May 14, 1998: "Privacy and Personal Information in Federal Records"

OMB M-99-05 - January 7, 1999

This memorandum provides instructions to agencies on how to comply with the President's Memorandum of May 14, 1998, on "Privacy and Personal Information in Federal Records." In his memo, the president directed Federal agencies to review their current information practices and ensure that they are being conducted in accordance with privacy law and policy. The president also directed the Office of Mangaement and Budget to ...

Privacy Act of 1974

5 U.S.C. 552a - September 1, 1974

The Privacy Act of 1974, 5 U.S.C. § 552a, establishes a code of fair information practices that governs the collection, maintenance, use and dissemination of personally identifiable information about individuals that is maintained in systems of records by federal agencies. A system of records is a group of records under the control of an agency from which information is retrieved by the name of the individual or by some ...

News

Privacy Tips

by DON CIO Privacy Team - October 31, 2017

Privacy Tips are meant to increase awareness about privacy issues that impact the Department of the Navy by highlighting a specific topic. Feedback or suggestions for future topics are welcomed.

PII Breach Articles from CHIPS Magazine

November 3, 2016

The following is a list of CHIPS Magazine articles about personally identifiable information (PII) breaches based on factual reports sent to the DON CIO Privacy Office. Incidents such as these will be reported in each subsequent issue of CHIPS Magazine.

DoD to Cease Issuance of Software PKI Certificates to FVEY Partner Nations

May 30, 2012

The Department of Defense Chief Information Officer has announced a decision to cease the issuance of software Public Key Infrastructure (PKI) certificates to its "Five Eyes" (FVEY) partner nations (Australia, New Zealand, Canada and the United Kingdom). A memo released on May 8, 2012, states that starting May 31, 2012, the FVEY partner nations that interact with the DoD on the Nonsecure Internet Protocol Router Network ...

DON to Migrate to Use of Stronger Cryptographic Algorithms

July 7, 2011

The Department of the Navy Chief Information Officer released guidance directing the Department's migration to the use of a stronger cryptographic hash algorithm in data security authentication procedures such as CAC logon and digital signatures.

Steps For Military Personnel to Take to Defend Against ID Theft

by DON Privacy Team - April 12, 2011

Identity theft is a constant and evolving threat for all citizens and can be of particular concern for those on military deployment and their families. It is a serious crime that occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes.

Rules for Handling PII by DON Contractor Support Personnel

by the DON Privacy Team - March 10, 2011

The following Privacy Tip provides existing policy guidance and best business practices for contract support personnel who handle personally identifiable information. Office of the Secretary of Defense Memo dated June 05, 2009, "Safeguarding Against and Responding to the Breach of Personally Identifiable Information (PII)" and SECNAV INST 5211.5E: "SECNAV Privacy Program" apply.

SSNs to be Removed from Government ID Cards

by the DON CIO Privacy Team - February 15, 2011

This Privacy Tip provides answers to frequently asked questions regarding upcoming changes to the Department of Defense identification cards. The questions and answers below were reproduced from a recent DoD memo. Changes include the removal of both the sponsor and dependent Social Security number (SSN), the addition of a DoD benefits number for DoD beneficiaries, and the removal of the SSN in the card bar codes. The DoD ...

DON SSN Reduction Plan

by Steve Muck - January 21, 2011

The Social Security number (SSN) has evolved beyond its intended purpose to become the identifier of choice for many of the business processes within the Department of the Navy. While use of the SSN has become the enabler to identify and authenticate individuals, it is one of the key elements used for identity theft and fraud. Widespread use of the SSN has reached unacceptable levels and requires a department-wide effort ...

Unique DoD ID Replaces SSN

by Steve Muck - January 21, 2011

A memo from the Under Secretary of Defense issued Nov. 23, 2010, (DTM 13798-10, "Social Security Numbers (SSN) Exposed on Public Facing and Open Government Websites"), addresses concerns about the potential for adverse consequences if the Social Security number (SSN) is truncated or removed as previously planned.

Elements of a Good Privacy Program (Part Two)

by DON CIO Privacy Team - November 4, 2010

This is part two of Elements of a Good Privacy Program and serves as a best practices guide to help Department of the Navy commands/units implement and sustain privacy awareness and better safeguard personally identifiable information within their control.

DoD Memo on PIV-I Credentials Released

October 29, 2010

The Department of Defense Deputy Chief Information Officer recently published a memo for Department-wide distribution on DoD acceptance and use of qualified Personal Identity Verification-Interoperable (PIV-I) credentials for access to DoD logical and physical resources.

Elements of a Good Privacy Program

by DON CIO Privacy Team - October 12, 2010

This Privacy Tip will be published in two parts and serves as a best practices guide to help Department of the Navy commands/units implement and sustain privacy awareness and better safeguard personally identifiable information within their control.

DON Electronic Signature Policy Released

August 30, 2010

The Department of the Navy Chief Information Officer has signed out SECNAVINST 5239.21: "Department of the Navy Electronic Signature Policy," making electronic signatures the preferred means of conducting business transactions within the Department.

The Use of Recall Rosters

by DON CIO Privacy Team - August 1, 2010

While recall rosters serve a useful and valid purpose, safeguards must be in place to ensure that the personally identifiable information they contain is properly maintained and protected to prevent inadvertent disclosure. This privacy tip provides specific safeguards all Department of the Navy personnel should use when creating and sharing recall rosters.

Top 10 PII Lessons Learned

by DON CIO Privacy Team - July 15, 2010

When a Department of the Navy activity reports a personally identifiable information breach, it must include lessons learned in an after-action report. Lessons learned are an important feedback mechanism and are used to shape future DON privacy policy. The following information is a compilation of the most frequently reported lessons learned.

DON Current and Future PKI and PKE Activities

by James Mauck - May 18, 2010

The Secretary of Defense has embraced public key cryptography as a critical component of defense-in-depth and contributor to the overall Department of Defense information assurance (IA) strategy for protecting its information and networks. DoD Instruction 8520.2, "Public Key Infrastructure (PKI) and Public Key Enabling (PKE)" establishes the requirements for PK-enabling all email, private web servers and networks.

Identity Management Operations to Improve Cybersecurity

by Sonya Smith - February 26, 2010

The December 2008 report written by the Center for Strategic and International Studies (CSIS) Commission on Cybersecurity for the 44th Presidency, "Securing Cyberspace for the 44th Presidency," began with one central finding: "The United States must treat cybersecurity as one of the most important security challenges it faces."

Compliance Spot Checks Key to Successful Privacy Program

by DON CIO Privacy Team - January 1, 2010

ALNAV 070/07 Department of the Navy Personally Identifiable Information (PII) Training Policy states that, "Commanders/Commanding Officers/Officers in Charge will ensure that supervisors conduct a spot check of their assigned area of responsibility, focusing on those areas that deal with PII on a regular basis (e.g., human resources, personnel support, medical, etc.)." The ALNAV also states that the compliance spot check ...

Theft of Storage Media Containing PII

by Steve Muck - November 29, 2009

The following is a recently reported compromise of personally identifiable information (PII) involving the theft of storage media containing personal information. Names have been changed or removed, but details are factual and based on reports sent to the Department of the Navy Chief Information Officer Privacy Office.

Copier/Printer May Present Information Security Risks

by DON CIO Privacy Team - October 6, 2009

Two recent personally identifiable information (PII) breach incidents involving the turn in of reproductive office equipment highlight the fact that many people do not know that copiers and printers present information security challenges.

Improper Disposal of HR Documents

by Steve Muck - August 19, 2009

The following is a recently reported compromise of personally identifiable information (PII) involving the improper disposal of human resources documents. Names have been changed or removed, but details are factual and based on reports sent to the DON CIO Privacy Office.

Protect Your Personal Information: It's Valuable

by DON CIO Privacy Team - June 1, 2009

Why should you protect your personal information? To an identity thief, it can provide instant access to your financial accounts, your credit record and your other personal assets. If you think that no one would be interested in your personal information, think again.

Defending Cell Phones and PDAs Against Attack

by DON CIO Privacy Team - May 1, 2009

As cell phones and personal digital assistants (PDAs) become more technologically advanced, attackers are finding new ways to target victims. By using text messaging or email, an attacker could lure you to a malicious site or convince you to install malicious code on your portable device.

Reducing the Use of SSNs is Key to Securing PII

by DON CIO Privacy Team - March 6, 2009

If the Department of the Navy eliminated the use of Social Security numbers (SSN) from email, forms, documents and electronic information technology systems, 80 percent of the personally identifiable information (PII) breaches reported in 2008 would never have occurred. The March Privacy Tip of the Month explores the relationship between SSNs and identity theft. It also provides approaches to reducing the display, ...

Insider Threat

by Steve Muck - February 20, 2009

The following is a reported loss or breach of personally identifiable information (PII) involving a Department of the Navy information system with lessons learned from the event. Names have been changed or removed, but details are factual and based on reports sent to the DON Privacy Office.

Reduce PII Loss by Proper Disposal/Sanitization of Unclass Equipment

by DON CIO Privacy Team - February 1, 2009

During the past year, the Department of the Navy has experienced problems relating to turning in excess information technology and office equipment that contain personally identifiable information (PII).

What You Should Know About Identity Theft

December 1, 2008

During the past year, the Department of the Navy has experienced a few documented cases of identity theft linked to the loss of government privacy information. This Privacy Tip focuses on how thieves steal identities and what they do with that personal information, as well as general information about identity theft.

Resources

Privacy Impact Assessment Resources

by DON CIO Privacy Team - September 14, 2017

The following resources are provided to assist with the privacy impact assessment submission process.

Inventory of DON Systems With Completed Privacy Impact Assessments

August 1, 2017

Section 208 of the E-Government Act of 2002 establishes government-wide requirements for conducting, reviewing and publishing Privacy Impact Assessments (PIA). The PIA directs agencies to conduct reviews of how privacy issues are considered when creating or purchasing new information technology (IT) systems or when initiating new electronic collections of information in identifiable form. A PIA addresses privacy factor

Privacy Training and Compliance Resources

by DON CIO Privacy Team - May 12, 2017

The following resources are provided to support the Department of the Navy's annual privacy training and semi-annual compliance spot-check requirements. Note: The GENADMIN (DTG 181905Z DEC 08) training requirement supercedes the ALNAV 070/07 training requirement. The compliance spot check requirements of the ALNAV remain in effect.

Take the DON Privacy Quiz!

May 12, 2017

The DON Privacy Quiz highlights basic personally identifiable information (PII) knowledge and policy information that all DON personnel should be familiar. It is recommended that command/unit privacy officials use this quiz (attached below) as a training aid that can be specifically tailored to local use. Please provide feedback on how to make this a better tool by submitting your comments to the DON CIO Privacy Team via ...

SSN Reduction Plan Resources

March 16, 2017

The following resources are provided to help implement the Department of the Navy's Social Security Number Reduction Plan.

Privacy Briefs

by DON CIO Privacy Team - December 15, 2016

The following privacy presentations are provided for reference and use in developing future presentations and briefings.

Personally Identifiable Information Posters

November 2, 2015

The Department of the Navy Chief Information Officer has created press-quality posters to help communicate the importance of protecting and properly handling personally identifiable information (PII).

2014 PII Brief

by DON CIO Privacy Team - March 24, 2014

The personally identifiable information (PII) brief attached below was presented at the Department of the Navy IT Conference, West Coast 2014 and is provided as a reference and for use in developing other PII presentations.

Privacy Act System of Records Notices

April 8, 2013

The Privacy Act allows executive branch agencies to collect, maintain and disseminate information on individuals affiliated with that agency. The Department of the Navy does not maintain information about individuals who have never been affiliated with the Department. The DON's inventory of Privacy Act System of Records Notices (SORNs) identifies under "exemptions claimed for this system" those systems that are exempt ...

2012 Social Security Number Reduction Brief

by DON CIO Privacy Team - December 7, 2012

The Social Secruity Number Reduction brief attached below was presented at the 2012 Department of the Navy IT Conference and is provided as a reference and for use in developing other personally identifiable information presentations.

Privacy Frequently Asked Questions

by DON CIO Privacy Team - October 26, 2012

The following is a list of topics with questions that are frequently asked of the Department of the Navy Chief Information Officer Privacy Team. Responses have been provided and, in many cases, there are added references to the guidance that is cited. Please provide the Privacy Team additional questions so they may be added to the list.

Justification For The Use Of The SSN

by DON CIO Privacy Team - October 5, 2012

Phase II of the Department of the Navy Social Security Number (SSN) Reduction Plan addressed a review of information technology systems that collect the SSN. The purpose of the review was to assess whether continued collection was required, whether collection could cease (i.e., elimination of the SSN), or whether the SSN could be substituted with another unique identifier (i.e., the DoD ID number).

Privacy Resources for Military Members and Their Families

by DON CIO Privacy Team - May 1, 2012

Service members and their families face many life altering events that most people never experience, such as frequent moves, extended deployments and multiple family separations. Each of these events can potentially expose the service member to an increased risk of identity theft and/or fraud. The following links provide information on what to do if you find yourself in a situation where your personal information has ...

Publically Accessible Website Privacy Resources (including Official DON Social Networking Sites)

by DON CIO Privacy Team - April 10, 2012

The World Wide Web is specifically designed to be open and accessible to a global audience. While this global accessibility makes the web a powerful public information tool and enhances productivity in the conduct of daily business, it also presents a potential risk to Department of the Navy personnel, assets and operations if inappropriate information is published on DON websites. Threats to the security of Navy and ...

How to Find Your DoD ID Number

by DON CIO Privacy Team - March 15, 2012

The Department of Defense identification number, formerly referred to as the Electronic Data Interchange Personal Identifier (EDIPI), is a unique 10-digit number that is associated with personnel and their Common Access Card (CAC). The DoD ID is assigned to each person registered in the Defense Enrollment and Eligibility Reporting System (DEERS). This includes government civilians, active duty military, dependents, ...

Unique Investment Identifiers for FY2013

March 15, 2012

The table below provides FY2013 Unique Investment Identifiers (UIIs), formerly Unique Project Identifiers (UPIs), for Department of the Navy information technology systems. The UII is required when completing a Privacy Impact Assessment (PIA).

Safeguarding PII

February 14, 2012

The following is a list of the latest policy, guidance and resources related to the safeguarding of personally identifiable information.

Recommended Facebook Privacy Settings

by CHINFO - September 1, 2011

The Department of the Navy Chief of Information has created a guide detailing recommended Facebook privacy settings and how to achieve them. The guide provides step-by-step instructions to help Facebook users create a balance between safeguarding their privacy and enjoying the benefits of social networking online.

SSN Reduction Frequently Asked Questions

March 3, 2011

On Nov. 5, 2010, the Under Secretary of Defense for Personnel & Readiness (USD(P&R)) signed a memorandum announcing the removal of printed Social Security numbers on all Department of Defense identification cards. By the end of May 2011 and beyond, all DoD ID cards issued will display a new number, called the DoD identification number (also known as the EDI-PI). In addition to the DoD ID number, individuals entitled to ...

How and When to Write a Privacy Act Statement

by DON CIO Privacy Team - November 10, 2010

When is a Privacy Act Statement required? If your organization requests that an individual furnish personal information (name, date of birth, Social Security number, etc.) for a system of records, regardless of the method used to collect the information (e.g., forms, personal or telephonic interview, etc.), then a Privacy Act Statement (PAS) is required. If the information requested will not be included in a system ...

Labels for Electronic Devices Containing Hard Drives

November 5, 2010

Department of the Navy electronic storage media processing, copying or storing classified and/or controlled unclassified information (CUI) is subject to the requirements of DTG 221633Z AUG 10: "Processing of Magnetic Hard Drive Storage Media for Disposal" and shall be safeguarded commensurate with the level of information stored until destroyed.

Privacy Act Resources

by DON CIO Privacy Team - October 19, 2010

The following resources are intended to supplement SECNAVINST 5211.5E: "DON Privacy Program" and should prove useful to Privacy Act coordinators. Please submit suggestions for additions to this list to the Ask an Expert section of the website. Select the topic: "Privacy Act."

Fair Information Practices

by DON CIO Privacy Team - October 15, 2010

The Privacy Act of 1974 is largely based on a set of internationally recognized principles for protecting the privacy and security of personal information known as the Fair Information Practices. A U.S. government advisory committee first proposed the practices in 1973 to address what it termed a poor level of protection afforded to privacy under contemporary law. The Organization for Economic Cooperation and Development ...

Guidelines for Establishing a New Privacy Act System of Records Notice

by DON CIO Privacy Team - September 24, 2010

All Privacy Act system of records notice (SORN) actions are transmitted electronically to the Chief of Naval Operations, Department of Defense and the Federal Register, because this method is both time and cost effective. Since DoD uses special software to transmit the text to the Federal Register, please do not indent, underline, bold, double-space or center the text. All new systems require a "Narrative Statement on ...

Identifying Privacy Act Systems of Records You May Be Using

by DON CIO Privacy Team - September 24, 2010

A Privacy Act (PA) system of records notice is the authority that allows you to collect, maintain and disseminate information that is retrieved by an individual's name and personal identifier. Because many activities maintain similar types of records, we have written generic or "umbrella" PA systems of records notices to cover activities that require collection of those types of records.

How to Obtain Military Personnel, Health, and Award Records

by DON CIO Privacy Team - September 17, 2010

The following processes are provided for active duty military members, former military members, family members, and other individuals wishing to obtain copies of military personnel records.

Privacy Act Exemptions

by DON CIO Privacy Team - September 17, 2010

The attachment is a copy of the Code of Federal Regulations, Title 32, Volume 5, Revised as of July 1, 2008 (32 CFR 701.128), "Privacy Act Exemptions for Specific Navy Record Systems."

Sample Checklist for Conducting Privacy Act Assessment/Staff Visits

by DON CIO Privacy Team - September 17, 2010

The following checklist is provided for use by Privacy Act coordinators and should be tailored to a command's specific needs.

DoD Privacy Program Resources

by DON CIO Privacy Team - September 15, 2010

The Defense Privacy Program homepage provides resources related to the Privacy Program, Privacy Impact Assessments and the Freedom of Information Act.

How to Make a Privacy Act Request

by DON CIO Privacy Team - September 15, 2010

To make a Privacy Act (PA) request, label the request itself and the envelope: "PRIVACY ACT REQUEST." Identify the specific PA system of records notices you wish to have searched. (See index of PA System of Records Notices and submit your request according to the requirements set forth under "Record Access Procedures.") PA requests must be signed, so we cannot accept email requests.

Instructions for Using WinZip to Encrypt Files

by DON CIO Privacy Team - September 15, 2010

The attachment below provides step-by-step instructions to encrypt files using WinZip.

Other Privacy Act Resources

by DON CIO Privacy Team - September 15, 2010

The following additional resources are provided:

Overview of the Privacy Act of 1974 (2012 Edition)

by DON CIO Privacy Team - September 15, 2010

The "Overview of the Privacy Act of 1974," prepared by the Department of Justice's Office of Privacy and Civil Liberties (OPCL), is a discussion of the Privacy Act's disclosure prohibition, its access and amendment provisions, and its agency recordkeeping requirements.

PEO EIS Portal Procedures for Safeguarding PII

September 15, 2010

Best Practices for use with Command Shared Drives and Web Portals The attachment below is the Program Executive Officer, Enterprise Information Systems (PEO EIS) Portal Procedures for Safeguarding Personally Identifiable Information (PII) and should be used as a best practice. The Department of the Navy has experienced numerous breaches across the enterprise in which PII was improperly posted to shared drives and web ...

Privacy Act Desk Reference Guide

by DON CIO Privacy Team - September 15, 2010

What is the Privacy Act? The Privacy Act (PA) pertains to records the Department of the Navy is maintaining about you. More than 150 types of PA System of Records Notices (SORNs) have been identified that allow the DON to collect, maintain, use and disseminate information about individuals affiliated with the Department. View a complete list of approved systems.

Privacy-Related OMB Memoranda

by DON CIO Privacy Team - September 15, 2010

The following list of Office of Management and Budget memoranda pertains to privacy and is provided to assist personnel as they conduct their daily privacy-related functions.

Disclosure Accounting Form (OPNAV 5211/9 (MAR 1992))

September 13, 2010

Disclosure accounting allows an individual to determine what agencies or persons have been provided information from the system of records about them, enables Department of the Navy activities to advise prior recipients of the system of records of any subsequent amendments or statements of dispute concerning the system of records, and provides an audit trail of the DON's compliance with the Privacy Act of 1974.

General Purpose Privacy Act Statement (OPNAV FORM 5211/12)

September 13, 2010

When an individual is requested to furnish personally identifiable information for possible inclusion in a system of records, a Privacy Act Statement (PAS) must be provided to the individual, regardless of the method used to collect the information (e.g., forms, personal, telephonic interview, IT system, etc). If the information requested will not be included in a system of records, a PAS is not required.

DON SSN Reduction Review Form SECNAV 5213/1 (Jul 2010)

by DON CIO Privacy Team - September 3, 2010

Naval message DTG 192101Z Jul 10: "DON Social Security Number Reduction Plan for Forms Phase One" requires the use of SECNAV 5213/1 to review and justify the continued collection of Social Security numbers on all Department of the Navy forms.

Acceptable Use Criteria for Systems Collecting SSNs

by DON CIO Privacy Team - July 12, 2010

The following is a list of 12 acceptable use criteria for systems requesting the use of Social Security numbers.

Privacy Recommended Reading List

by DON CIO Privacy Team - June 23, 2009

Welcome to the Department of the Navy Chief Information Officer Privacy Team recommended reading list. This list will be periodically updated.

2012 Identity Theft Brief

by DON CIO Privacy Team - June 19, 2009

The identity theft brief attached below was presented at the 2012 Department of the Navy IM/IT Conference and is provided as a reference and for use in developing other PII presentations.

2012 Privacy Impact Assessment (PIA) Brief

by DON CIO Privacy Team - June 19, 2009

The Privacy Impact Assessment (PIA) brief attached below was presented during the 2012 Department of the Navy IM/IT Conference and is provided as a reference and for use in developing other PIA presentations.

Privacy Impact Assessment Signature Routing Guidance

by DON CIO Privacy Team - May 29, 2009

The following provides the proper routing for Navy and Marine Corps Privacy Impact Assessments (PIAs). The last two signature blocks on the DoD PIA Template (DD FORM 2930 NOV 2008) are reserved for (1) the DON Privacy Act Program Manager (DNS-36) or USMC Privacy Act/FOIA Officer and (2) the DON CIO.

OMB Information Collection Number

March 2, 2009

An Office of Management and Budget (OMB) Information Collection Number is required when collecting information from 10 or more members of the public in a 12-month period and is used in completing the Privacy Impact Assessment (PIA) Template.

Privacy Impact Assessment Template "Gouge"

February 20, 2009

This document attempts to address the common issues encountered as a privacy impact assessment moves its way through the review and approval process. Consider this a "living" document and help us improve its content and usefullness.

Privacy Impact Assessment Template Risk Mitigation Question Responses

February 20, 2009

This document provides examples of possible responses to the privacy impact assessment (PIA) template questions that deal with the risks associated with the electronic collection of personally identifiable information and the ways to mitigate those risks.

PII Breach Reporting Resources

January 21, 2009

The following breach-related resources are provided to aid in reporting the loss or suspected loss of personally identifiable information (PII).

Privacy Information and Resources

December 19, 2008

In addition to the privacy resources and information available on the DON CIO website, the following list of websites provide further information on privacy and identity theft prevention.

Potential Consequences for Failing to Safeguard PII

July 22, 2008

The DON Table of Potential Consequences and Penalties for the Mishandling/Improper Safeguarding of PII was developed with legal assistance from the Department of the Navy’s Office of Civilian Human Resources and its Workforce Relations and Compensation Division, the Office of the Judge Advocate General, and the Office of the DON CIO.