Email this Article Email   

CHIPS Articles: Posting Official Department of the Navy Information on Personal Unofficial Websites

Posting Official Department of the Navy Information on Personal Unofficial Websites
By Steve Muck and Steve Daughety - January-March 2014
The following is a recently reported breach of personally identifiable information (PII) involving the posting of PII on a personal website by a well-intentioned service member. Incidents such as this will be reported in each edition of CHIPS to increase PII awareness. Names have been changed or omitted, but details are factual and based on reports sent to the Department of the Navy Chief Information Officer Privacy Office.

The Incident

A service member in an effort to provide a useful resource to other Sailors, created a personal website containing various Navy instructions, guides, and other information. In addition, a spreadsheet with more than 2,000 full Social Security numbers (SSNs), test scores, and education information was posted.

Actions Taken

Once discovered, the website was immediately taken down. A breach report was submitted for the potential compromise of personal information because of the high risk that disclosure of names and associated SSNs presents. Written notifications were sent to the individuals affected.

Lessons Learned

The following apply to the posting of PII and other official information to websites:

  • Official information including PII should only be posted to DON approved websites. Officially approved sites have gone through a certification and accreditation process which includes security and privacy safeguards.
  • When PII is posted to a DON approved website, access must be restricted to only those with an official need to know and marked with the "FOUO - Privacy Sensitive" statement.
  • Duplicating lists of PII for convenience is not a valid reason to collect it.
  • The collection of PII must be authorized and serve an official purpose.

Breach notifications cost not only scarce resources (e.g., time and money), but have the potential to negatively affect morale and trust in an organization.

More DON Privacy Resources can be found at www.doncio.navy.mil/privacy.

Steve Muck is the privacy lead for the Department of the Navy Chief Information Officer.

Steve Daughety provides support to the Department of the Navy Chief Information Officer Privacy Team.

TAGS: Privacy, RM
DON CIO Seal
DON CIO Seal
Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer