Breaches of personally Identifiable information (PII) happen all too frequently throughout the Department of the Navy (DON). When an individual’s PII is improperly protected, transported, or emailed without proper safeguards, it places their PII at risk of compromise and open to potential abuse by identity thieves. The most common cause of PII breaches is due to human error by sending emails that are not digitally signed and encrypted. DON policy is to digitally sign and encrypt all email containing information that is For Official Use Only (FOUO), which includes PII.
There is a simple and effective measure all DON personnel can take to help reduce the incidence of DON PII breaches: Set up your Outlook to put “Sign” and “Encrypt” buttons on the default message tab next to the email send button. The steps to put these buttons on your email can be found at this link: http://www.doncio.navy.mil/ContentView.aspx?id=5565. This will be a visual reminder each time you send an email to think about whether or not your email should be digitally signed and encrypted.
Additional protection for those who work with PII on a regular basis can be to automatically digitally sign and encrypt each outgoing email. A PII Desk Top Card, posted to the privacy section of the DON CIO website, provides a step by step procedure to set encryption and digital signature as the default for outgoing emails. You can download the card, shown in Figures 1 and 2, from here.
There are many instances when the electronic transfer of PII is not feasible or appropriate for email. A safe and authorized alternative to digitally signed and encrypted email is the U.S. Army Aviation and Missile Research Development and Engineering Center's (AMRDEC) Safe Access File Exchange (SAFE) web application. It can be used by Common Access Card (CAC) holders and those without a CAC, making it the right option when sending PII to individuals without a .mil email address. The SAFE website (https://safe.amrdec.army.mil/safe/) provides easy to follow instructions that walk users step-by-step through the SAFE process. The DON CIO website has more information about SAFE at this link: http://www.doncio.navy.mil/ContentView.aspx?id=4098.
By adjusting your email with one of the above easy processes, or by using SAFE to transfer documents containing PII, you will greatly reduce the incidence of DON PII breaches and continue to protect the PII of our workforce.