Email this Article Email   

CHIPS Articles: Hold Your Breaches, January-March 2008

Hold Your Breaches, January-March 2008
By Steve Muck - January-March 2008
All DON personnel should continue to increase their level of awareness about properly safeguarding personally identifiable information (PII). To learn more about properly safeguarding PII, go to http://privacy.navy.mil.

PII and Virtual Workspaces

The synopsis shown below of a recently reported loss or breach of PII, highlights common mishandling mistakes made by individuals within the Department of the Navy.

Incidents such as this will be reported continually in CHIPS magazine to increase PII awareness. Names have been changed, but details are factual and based on reports sent to the DON Privacy Office.

On Oct. 17, 2007, a recall roster was discovered posted to a virtual workspace portal on the Navy Marine Corps Intranet. The roster contained the names, home addresses, home phone numbers and cell phone numbers of command and contractor personnel. The portal was accessible to NMCI users only, but no other access restrictions were in place. The roster was immediately removed from the portal and the affected individuals were notified.

Lessons Learned

IT system owners and Web site managers must implement strict business rules that allow access to PII posted to a Web site or virtual workspace only to those with a "need to know." Commands should periodically spot check their Web sites for unrestricted PII.

Spot checks are now required twice yearly as required in ALNAV 070/07, DTG 042232Z of Oct. 4, 2007, "Department of the Navy Personally Identifiable Information Annual Training Policy."

A sample spot check form can be found on the DON Privacy Office Web site at http://privacy.navy.mil, along with other tools and information for protecting privacy.

Steve Muck is the DON CIO critical infrastructure protection and privacy team lead. Our apologies to Mr. Muck; his last name was misspelled as "Mauck" in the October-December 2007 edition of the "Hold Your Breaches" article.

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer