It is with great pleasure that I write my first CIO column for CHIPS magazine. I began serving as the DON CIO in late November, and my schedule has been full of activity. My first couple of months have been spent in fully understanding the functions and responsibilities of the position while establishing relationships with the Service Deputies, Assistant Secretaries of the Navy, operating commanders, functional area managers and echelon II command information officers.
Coming from the operational side of the house, I know from experience that the department's information technology (IT) infrastructure is strong and robust. We have more enterprise capability, the most secure enterprise network and a solid e-mail system. We also understand our cyber/IT workforce and have provided key input to congressional, federal, and DoD studies and plans on the current and future workforce. We know the kind of talent we need to build and maintain our network and have put enterprise processes in place to hire and train that talent.
We must continue our enterprise approach to IT and continue to build on our network capabilities, while improving effectiveness and realizing efficiencies in the way we do business. We will focus on actions that will make us more effective and efficient as an enterprise, including data center consolidation, network consolidation, and enterprise licensing to reduce the cost of the software applications we use. Recent direction from the Under Secretary of the Navy in a memo released on Dec. 3, 2010, spells out some immediate tasks related to our approach to IT and our information management (IM)/IT/cyberspace way forward.
As we apply an enterprise approach to DON IM/IT/cyberspace, we must examine all areas where enterprise processes can be applied for needed change. One of these areas is privacy. A strong and multifaceted enterprise privacy program will help ensure that commands/units consider privacy protections and controls when first making business decisions involving the collection, use, sharing, retention, disclosure, and destruction of personally identifiable information (PII). This isn't new and it needs to be part of our standard behavior. We need to look at how we deal with accountability in this area. Losing privacy information exposes us to risks similar to losing other government equipment and information.
This edition of CHIPS is dedicated to increasing awareness on the use of the Social Security number (SSN) across the DON enterprise. The SSN, when associated with a person's full name, is one of the key identifiers used to commit identity theft. A breach involving the SSN can result in financial or personal harm to an individual. It can also cause the accountable organization to suffer significant loss of reputation and public trust.
Safeguarding PII must be a priority at every level of the command/unit beginning with personnel who handle PII and leadership which must ensure that security controls, training and oversight are continually reinforced. A privacy program that reviews, justifies and strictly controls the use and handling of the SSN is a program that greatly diminishes the potential misuse and unauthorized disclosure of this unique personal identifier. The unauthorized disclosure of the SSN associated with a person's name may result in real consequences as commands hold personnel accountable for privacy violations. I still see too many forms requiring the full SSN when it is not required; we need to get better at this.
In this issue of CHIPS, you will find articles that describe the original purpose of the SSN and its expanded and widespread use today. There is an outline of the DON SSN Reduction Plan currently in progress and some lessons learned from DON activities that have taken steps to reduce and/or eliminate use of the SSN. I encourage you to visit the DON CIO website at www.doncio.navy.mil/privacy for more information about the DON Privacy Program.