Email this Article Email   

CHIPS Articles: Hold Your Breaches

Hold Your Breaches
Improper Printer Mapping
By Steve Daughety - July-September 2014
The following is a recently reported breach of personally identifiable information (PII) involving the improper mapping of a printer resulting in PII being exposed to those without a need to know. Incidents such as this will be reported in each edition of CHIPS to increase PII awareness. Names have been changed or omitted, but details are factual and based on reports sent to the Department of the Navy Chief Information Privacy Office.

The Incident

A base community service office employee attempted to print a document containing over 600 names, full Social Security numbers (SSNs), and other employee information. The print job was attempted three times without apparent success. The document was not marked with the required “FOUO-Privacy Sensitive” warning. It was later determined that the employee’s work station was mapped to a printer in a different community service building. As a result, the PII was exposed to at least four different staff members. The breach was reported to the local privacy official, the office director, and the sender of the document. The privacy official reported the breach to the DON CIO Privacy Office.

Actions Taken

The document was immediately retrieved and shredded. The work station was remapped to the correct printer. A memorandum was created containing the details of the incident and actions taken to assist in documenting and providing lessons learned to the command.

Lessons Learned

Human errors can and will occur.

  • When printing documents containing PII, a best practice is to ensure that your work station is mapped to the correct printer.
  • If a document doesn’t print, check the mapping before attempting additional print jobs.
  • Continue to remind office personnel during training sessions, all hands meetings, in plans of the day/week, etc., of the importance of properly handling and safeguarding PII.
  • Mark documents containing PII per SECNAVINST 5211.5 series.
  • Verify that any collection of Social Security numbers has been validated and officially justified.

Because of the actions taken to mitigate the breach, the time and expense of notifying over 600 individuals in writing was avoided.

Additional privacy resources can be found on the DON CIO website at www.doncio.navy.mil/privacy.

Steve Daughety is the privacy lead for the Department of the Navy Chief Information Officer.

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer