Email this Article Email   

CHIPS Articles: Hold Your Breaches, July-September 2012

Hold Your Breaches, July-September 2012
A Landfill is No Place for PII
By Steve Muck - July-September 2012
The following is a recently reported personally identifiable information (PII) data breach. Names have been changed or omitted, but details are factual and based on reports sent to the Department of the Navy Chief Information Officer Privacy Office.

A command Physical Readiness Test (PRT) office was in the process of moving to a new location. Office personnel boxed approximately 30 PRT records and associated documents and left them on the floor in a locked office. During the night, a cleaning crew inadvertently threw away the files. The files, spanning a more than two-year period, contained personally identifiable information including full names and Social Security numbers. Documentation also included letters of correction for personnel who failed the Physical Readiness Test. However, the specific names of the affected personnel are unknown.

The privacy officer was notified of the PII loss the following business day. At that time, command leadership was notified and an investigation commenced with the submission of an initial PII breach report via the chain of command. Command representatives also searched through trash at the landfill where base refuse is taken for disposal, but were unable to locate the missing records.

Lessons Learned:

A physical move of office equipment and records should be carefully planned. A move plan or checklist should delineate the steps required to securely transport and maintain accountability of documents and electronic files containing PII. This command learned the hard way about improper preparation.

Boxes containing PII should be properly labeled and, when possible, kept off the floor and away from trash receptacles.

It is the government’s responsibility to secure PII so that personnel who do not have a need to know do not have access to personally identifiable information.

Steve Muck is the privacy lead for the Department of the Navy Chief Information Officer.

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer