Email this Article Email   

CHIPS Articles: To Err is Human

To Err is Human
Summary of the 2009-2010 Department of the Navy Personally Identifiable Information (PII) Breaches
By Steve Muck - January-March 2011
Human error is the cause of 80 percent of the DON's PII breaches. Not knowing or not following guidance, or just being careless can result in the unintended disclosure of privacy sensitive information and potentially adversely affect many personnel.

The Social Security number is the most frequently lost, stolen, or compromised PII data element. The SSN is involved in almost 70 percent of DON breaches. This sensitive identifier must be closely safeguarded or eliminated from use. SSNs are improperly disclosed by: sending SSNs in an e-mail or in attachments, creating recall rosters with SSNs, or posting names with associated SSNs to Web portals or shared drives.

In these examples, SSNs were either transmitted without encryption, not properly marked, or sent to recipients that did not have a need to know.

DOD DIRECTIVE 5400.11 DEFINITIONS

5400.11 Para E2.2: Personally Identifiable Information (PII)
Personal Information. “Information about an individual that identifies, links, relates, or is unique to, or describes him or her (e.g., a Social Security number; age; military rank; civilian grade; marital status; race; salary; home or office phone numbers; other demographic, biometric, personnel, medical, and financial information, etc.). Such information also is known as personally identifiable information (e.g., information which can be used to distinguish or trace an individual’s identity, such as his or her name; Social Security number; date and place of birth; mother’s maiden name; and biometric records, including any other personal information which is linked or linkable to a specified individual.)"

5400.11-R: PII Breach

"Actual or possible loss of control, unauthorized disclosure, or unauthorized access of personal information where persons other than authorized users gain access or potential access to such information for an other than authorized purposes where one or more individuals will be adversely affected."

TAGS: Privacy
Types of PII lost, stolen or compromised
Types of PII lost, stolen or compromised

PII breach causes
PII breach causes

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer