To Err is Human: Human Error is Main Cause of PII Breaches
By Steve Muck - Published, February 7, 2011
Human error is the cause of 80 percent of the DON's PII breaches. Not knowing or not following guidance, or just being careless can result in the unintended disclosure of privacy sensitive information and potentially adversely affect many personnel.
The Social Security number is the most frequently lost, stolen or compromised PII data element. The SSN is involved in almost 70 percent of DON breaches. This sensitive identifier must be closely safeguarded or eliminated from use. SSNs are improperly disclosed by: sending SSNs in an email or in attachments,
creating recall rosters with SSNs, or posting names with associated SSNs to web portals or shared drives.
In these examples, SSNs were either transmitted without encryption, not properly marked or sent to recipients that did not have a need to know.
DOD DIRECTIVE 5400.11 DEFINITIONS
5400.11 Para E2.2: Personally Identifiable Information (PII) Personal Information. "Information about an individual that identifies, links, relates, or is unique to, or describes him or her (e.g., a Social Security number; age; military rank; civilian grade; marital status; race; salary; home or office phone numbers; other demographic, biometric, personnel, medical, and financial information, etc.). Such information also is known as personally identifiable information (e.g., information which can be used to distinguish or trace an individual's identity, such as his or her name; Social Security number; date and place of birth; mother's maiden name; and biometric records, including any other personal information which is linked or linkable to a specified individual.)"
5400.11-R: PII Breach
"Actual or possible loss of control, unauthorized disclosure, or unauthorized access of personal information where persons other than authorized users gain access or potential access to such information for an other than authorized purposes where one or more individuals will be adversely affected."
Steve Muck is the DON CIO privacy team lead.