Twelve PII Lessons Learned
Published, June 13, 2019
Individually, each tip provides a means to reinforce or improve a key aspect of safeguarding PII. Collectively, implementation of these 12 tips will result in a stronger and more effective command privacy program.
- Support and involvement from leadership is key. The Under Secretary of the Navy memo, "Safeguarding Personally Identifiable Information," underscores the importance of protecting PII and details the actions employed to eradicate the loss and compromise of PII. Commanders at all levels must champion the need for comprehensive privacy programs and take the initiative to implement appropriate steps ensuring the proper access, use, disclosure, disruption, modification, and destruction of PII.
- A command-wide PII compliance spot check program with correction of identified deficiencies is the bulwark of an effective privacy program. Spot checks to ensure the proper protection, storage, and use of PII when performed regularly and with the support of leadership can reduce the incidence of PII breaches and help educate personnel on their responsibility to safeguard PII. PII compliance spot checks are a supervisory responsibility which must be performed twice a year with completed spot check forms maintained for three years. To assist in this effort, commands may modify the DON Compliance Spot Checklist for their use.
- Eliminate or reduce the use, display and storage of all PII, especially sensitive PII, such as Social Security numbers. While many of the Department's business processes require the legitimate use of PII, including SSNs, there are many more cases where PII should not be used, maintained or collected. Convenience is not a valid reason for the unnecessary and unauthorized use of PII.
- Ensure all email containing PII is digitally signed and encrypted. Failure to encrypt email with PII is the most common breach reported in the DON. When email containing PII is sent outside the .mil domain, use of Safe Access File Exchange (SAFE) is authorized.
- Mark all documents containing PII with the FOUO Privacy Sensitive warning. Documents containing PII should be marked “FOR OFFICIAL USE ONLY (FOUO) – PRIVACY SENSITIVE. Any misuse or unauthorized disclosure may result in both civil and criminal penalties.” As simple as this is, it is an effective tool in preventing accidental transmission and disclosure of PII to individuals without a need to know.
- Ensure shared drive access permissions are established and routinely checked. Shared drives, SharePoint sites and web portals are useful tools to store and share information. However, each command’s shared drive must be properly managed to ensure personnel understand that indiscriminate posting of PII is not authorized. When there is a need to post PII to a shared drive or portal, access to those files must be restricted to those with a need to know and routinely monitored for compliance. Problems often occur when network maintenance causes the removal of access controls.
- Special care must be taken when moving, closing or consolidating offices that handle PII. Moving or closing offices present challenges in the safeguarding of PII. A move plan must include privacy considerations that prevent losses or compromise of PII, ensure the proper destruction of PII and transfer of still relevant PII to appropriate personnel.
- Safeguard against insider threat. Insider threat is the most difficult breach to detect and prevent. While it represents a small number of DON breaches, it can lead to the clandestine compromise of large amounts of data in short periods of time. Managers must be vigilant and aware of the potential for this kind of misconduct. Problems have occurred when disgruntled or fired employees continue to have network access when the situation warrants an immediate suspension or revocation.
- Paper documents and hard drive disposal methods must be clearly defined and widely known. Problem areas include dumping paper documents containing PII in trash receptacles, improperly disposing of paper in recycling containers and using shredders that do not adequately reduce documents to an unrecognizable form. DON policy requires that all computer hard drives be physically destroyed at the end of service life. This includes hard drives from copiers and printers. see Hard Drive Disposal Resources, “No PII Placards for Use on Dumpsters and Recycle Bins”, “Label for CDs Containing PII,” and “Labels for Electronic Devices Containing Hard Drives” can assist in the proper handling of PII.
- A command records management program with a records disposal schedule is an effective tool for reducing PII breaches. An effective records management program removes the unnecessary collection of PII when it is no longer needed. This is an underused program that pays big dividends in safeguarding PII.
- Use of the Privacy Act Data Cover Sheet. A best practice is to attach a Privacy Act Data Cover Sheet, DD Form 2923, to hard copy documents containing PII when carried, mailed, stored, faxed, and when working at your desk. See Privacy Tip, “Use the Privacy Act Data Cover Sheet to Safeguard PII.”
- Campaign continuously to increase PII awareness. The importance of regular training demonstrating the proper handling and safeguarding of PII cannot be overstated. Training staff and creating awareness (e.g., through the use of PII posters, the PII Desk Top Guide, and the DON PII User’s Guide) of the potential harms associated with improperly handling PII are significant factors in reducing PII breaches. The message must be championed by leadership and all those who safeguard privacy information.