Email this Article Email   

CHIPS Articles: Scanning Personally Identifiable Information

Scanning Personally Identifiable Information
By Steve Daughety - July-September 2013
The Department of the Navy (DON) continues to issue policy to improve its processes and better ensure that the personally identifiable information (PII) of its employees and the public is protected from compromise. One particular topic of concern is the process of electronic scanning. This is one of the areas recently addressed in the DON Chief Information Officer (CIO) policy message issued DTG 171625Z Feb 12, “Department of the Navy Social Security Number (SSN) Reduction Plan Phase III".

The following scanning restrictions went into effect Oct. 1, 2012. They do not apply to scanners or multifunctional devices (MFD) directly connected to a user's workstation.

  • Network-attached MFDs and scanners that employ a "scan to email" function may be used only if the sender can verify that the intended recipients are authorized to access the scanned file (i.e., have an official need to know). The MFD or scanner must also encrypt the email message containing the scanned file.
  • Network-attached MFDs and scanners that employ a "scan to file" or "scan to network share" function may be used only if the sender can verify that all users are authorized to have access to the scanned file or network share location. If the "scanned to" location access is unrestricted , as soon as a scanned file arrives at the "scanned to" location, the owner of the document must remove it and save it to a secure location.

When emailing a scanned document, the requirements for any email that contains PII apply. The email must be digitally signed and encrypted, and the body of the email must be marked "FOR OFFICIAL USE ONLY (FOUO) - PRIVACY SENSITIVE. Any misuse or unauthorized disclosure may result in both civil and criminal penalties," and all recipients must have an official need to know. Finally, the subject line of an email should never contain PII because only the body of an email is encrypted when sent.

Steve Daughety provides support to the DON Chief Information Officer privacy team.

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer