Compliance Spot Checks Key to Successful Privacy Program
By DON CIO Privacy Team - Published, January 1, 2010
ALNAV 070/07 Department of the Navy Personally Identifiable Information (PII) Training Policy states that, "Commanders/Commanding Officers/Officers in Charge will ensure that supervisors conduct a spot check of their assigned area of responsibility, focusing on those areas that deal with PII on a regular basis (e.g., human resources, personnel support, medical, etc.)." The ALNAV also states that the compliance spot check is a semi-annual requirement and should be considered an auditable record maintained by the command Privacy Act Coordinator or other designated official.
Countless lessons learned from commands and activities have demonstrated that employing PII spot checks and aggressive corrective action where weaknesses have been identified are key to a successful privacy program.
Some valuable tips regarding PII spot checks:
- PII compliance spot checks are a supervisor responsibility.
- The PII Compliance Spot Check Form should be used as a guide and is meant to be tailored to the specific needs of each command or activity.
- Accountability of each form must be maintained for a period of three years.
- PII compliance spot checks and actions taken to correct weaknesses, when used correctly, reduce the likelihood of future PII breaches.
View the PII Compliance Spot Check Form.