SECNAVINST 5211.5F - May 20, 2019
SECNAV INST 5211.5F implements the Privacy Act of 1974 per DoD Instruction 5400.11, DoD Privacy and Civil Liberties Programs. This instruction establishes policy, assigns responsibilities, and prescribes procedures for administering the DON privacy program.
DON OCIO Memo - February 12, 2019
The purpose of this memo is to establish DON policy in the event of a known or suspected loss of DON personally identifiable information. It applies to all DON personnel in the Secretariat, Navy, and Marine Corps including military members, civilian personnel, and DON contractors.
Effective September 28, 2017 - May 25, 2018
The Department of Defense reporting process is to be used when there is a known or suspected loss of DoD personally identifiable information (PII). It includes new and existing requirements issued by the Office of Management and Budget (OMB) Memorandum M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information (Jan. 3, 2017). This DoD breach response plan shall guide Department actions in ...
DoD Instruction 5400.16 - September 14, 2017
This instruction establishes policy and assigns responsibilities for completion and approval of privacy impact assessments to analyze and ensure personally identifiable information in electronic form is collected, stored, protected, used, shared and managed in a manner that protects privacy.
NAVADMIN 102/17 and MARADMIN 534/16 - May 5, 2017
New Department of the Navy Social Security Number (SSN) Reduction Plan states "Effective April 1, 2017, the Navy and Marine Corps, IAW changes to DOD policy, will not use SSNs in the urinalysis or drug testing process."
DTG 151450Z MAR 17 - March 17, 2017
It is DON Policy to reduce or eliminate the use of Social Security numbers (SSN) in DON business processes wherever possible. The SSN is one of the personal identifiers most often used in commission of identity theft. The DON has made great strides in reducing SSN use, but more remains to be done. This guidance updates the DON plan begun in 2009 to reduce the collection, use, display, and maintenance of SSNs in the DON's ...
OMB Memo - July 1, 2016
This memo updates a longstanding Office of Management and Budget policy, first implemented in 2006, to maximize federal agency use of a government-wide solution for acquiring identity protection services when needed.
Federal Register: Vol. 81, No. 94 - May 16, 2016
DoD, GSA, and NASA are issuing a final rule amending the Federal Acquisition Regulation to add a new subpart and contract clause for the basic safeguarding of contractor information systems that process, store or transmit Federal contract information. The clause does not relieve the contractor of any other specific safeguarding requirement specified by Federal agencies and departments as it relates to covered contractor ...
DON CIO Memo - April 19, 2016
The purpose of this memo is to announce revisions of OPNAV Forms 5211/13 and 5211/14 for reporting the known or suspected loss of PII. These revisions do not change current DON policy for PII breach reporting.
DoD Memo - August 2, 2015
The purpose of this memo is to help Components (i.e., the Department of the Navy) toward optimal decision-making regarding PII breach risk and notification determinations.
DCMO Memo for Secretaries of the Military Departments - January 28, 2015
This memorandum reminds all DoD Components of their responsibility to apply the requirements of The Privacy Act of 1974, Section 552a of Title 5, to government contractors and their employees working on contracts for the design, development, or operation of DoD systems of records.
Personnel and Readiness Memo - November 26, 2014
This memo states that starting on March 1, 2015, the services are authorized to use the DoD ID number in place of the service member's Social Security number (SSN) as the primary means of sample identification during the collection of urinalysis specimens. Until a complete transition to the DoD ID number occurs, samples will be accepted at the drug testing laboratories with either the SSN or DoD ID number as the ...
Deputy Secretary of Defense Memo - August 14, 2014
The unauthorized disclosure of classified information or controlled unclassified information (CUI) poses a significant threat to our nation's security and to DoD operations and missions. This memo states that safeguarding our classified information and CUI must be the cornerstone of everything we do on all of our information systems, and in every workplace.
Revised April 2, 2014 - April 2, 2014
This document addresses the Contractor’s requirements under The Privacy Act of 1974 (Privacy Act), The Freedom of Information Act (FOIA), and The Health Insurance Privacy and Accountability Act (HIPAA) as set forth in applicable statutes, implementing regulations and DoD issuances.
DON CIO Memo - December 12, 2013
This memo states, that effective Feb. 1, 2014, all new and open Department of the Navy Freedom of Information Act (FOIA) requests will be processed through the FOIAonline tracking and management tool.
DON CIO Memo - November 19, 2013
The purpose of this memo is to modify guidance regarding the submission of Department of the Navy Privacy Impact Assessments.
Executive Order 13636 - February 12, 2013
This executive order establishes the United States' policy to enhance the security and resilience of the Nation's critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties. Such goals are achieved through a partnership with the owners and operators of critical ...
DTG 081745Z NOV 12 - November 8, 2012
This message states, that effective immediately, the use of fax machines to send information containing SSN and other PII by DON personnel is prohibited except under the following circumstances:
When another more secure means of transmitting PII is not practical.
When a process outside of DON control requires faxing to activities such as the Defense Finance and Accounting Service (DFAS), Tricare, Defense Manpower ...
NIST Special Publication, February 1, 2011 - August 31, 2012
Special Publication 800-88 recommends a number of methods for sanitizing electronic data on hard drives and other electronic media. Media sanitization is the process of removing data from a hard drive, CD-ROM or other electronic media, generally at the end of the data’s life cycle.
DTG 281759Z AUG 12 - August 28, 2012
The purpose of this coordinated Department of the Navy Chief Information Officer, DON Deputy CIO (Navy), DON Deputy CIO (Marine Corps), and DON Information Security Program Authority message is to update policy for the disposal and mandatory physical destruction of electronic storage media.
DoD Instruction 1000.30 - August 1, 2012
The purpose of this Department of Defense instruction is to establish policy and assign responsibilities for Social Security Number (SSN) use reduction in the DoD. It establishes a DoD SSN use reduction plan and incorporates and cancels Directive-Type Memorandum 07-015. The Department of the Navy SSN Reduction Plan, incorporates the requirements of this instruction.
DoD Instruction 1000.29 - May 25, 2012
This instruction establishes policy and assigns responsibilities for the implementation of the Department of Defense Civil Liberties Program, delegates authorities for the effective administration of the DoD Civil Liberties Program and authorizes the Defense Civil Liberties Board.
Instruction Number 1000.29 - May 17, 2012
This instruction establishes policy and assigns responsibilities for the implementation of the Department of Defense Civil Liberties Program, including those portions that relate to privacy.
UNSECNAV Memo - May 14, 2012
This memo retains the Department of the Navy Chief Information Officer as the DON's Senior Military Component Official for Privacy, and delegates the responsibility for oversight and management activities of the Department's implementation of the Privacy Act. It further appoints the DON CIO as the DON Senior Freedom of Information Act (FOIA) Official, and the DON Chief Civil Liberties Officer. It delegates the ...
SECNAVINST 5720.44C Change 1 - February 21, 2012
The purpose of this instruction is to provide basic policy and regulations for carrying out the public affairs and internal relations programs of the Department of the Navy.
DON Guidance - December 5, 2011
The Department of Defense Information Technology Portfolio Repository-Department of the Navy (DITPR-DON) process guidance document provides a comprehensive discussion of core DITPR-DON functionality and basic lifecycle transactions. This information will enable all users to gain the understanding necessary to perform the basic IT asset management functions of registering, transferring and archiving DON IT systems within ...
Under Secretary of Defense Memo - November 5, 2010
This memo cancels the Jan. 28, 2009, memo, "Business Practice Changes to Allow the Removal of Social Security Numbers from DoD Identification (ID) Cards," which established a timeline for truncation and removal of the visible Social Security numbers (SSN) on all ID cards.
The memo addresses concerns raised by DoD stakeholders about potential adverse impacts that may occur if the SSN is truncated or removed as ...
Availability of DON Records and Publication of DON Documents Affecting the Public - September 10, 2010
Subparts A, B, C and D of 32 CFR Part 701 issue policies and procedures for implementing the Freedom of Information Act (FOIA) (5 U.S.C. 552) and Department of Defense Directive 5400.7–R series (the DoD FOIA Program),
NAVADMIN 125/10 - April 8, 2010
The Under Secretary of the Navy issued the memo "Safeguarding Personally Identifiable Information" in February 2010 emphasizing the importance he places on personal privacy and the safe management of Department of the Navy's personally identifiable information (PII). His intention was to make eradicating further PII breaches a Departmental priority.
As a result, the Vice Chief of Naval Operations release
MARADMIN 162/10 - March 18, 2010
The Under Secretary of the Navy issued the memo "Safeguarding Personally Identifiable Information" in February 2010 emphasizing the importance he places on personal privacy and the safe management of the Department of the Navy's personally identifiable information (PII). His intention was to make eradicating further PII breaches a Departmental priority.
As a result, MajGen George Allen, DON Deputy CIO (M
UNSECNAV Memo - February 12, 2010
This memo conveys the seriousness the Under Secretary of the Navy places on personal privacy and the safe management of Department of the Navy personally identifiable information (PII) and his intention to make eradicating further PII breaches a Departmental priority. This includes implementing a DON-wide plan to reduce the collection and use of Social Security numbers.
UNSECNAV Memo - October 30, 2009
This memo designates the Department of the Navy Chief Information Officer as the Senior Military Component Official for Privacy for the Department of the Navy, delegated the responsibility for oversight of the Department's implementation of the Privacy Act of 1974.
DTG 181430Z MAY 09 - May 18, 2009
This Naval message implements the Department of Defense Privacy Impact Assessment (PIA) guidance of Feb. 12, 2009, for the Department of the Navy. The following is highlighted:
The guidance expands PIA coverage from just members of the public to include Federal personnel, Federal contractors, and Foreign Nationals employed at U.S. military facilities abroad.
PIAs are required for legacy systems and electronic ...
DTG 181905Z DEC 08 - December 18, 2008
This Naval message emphasizes that personally identifiable information (PII) annual awareness training is foundational to the safeguarding of PII and key to understanding the Department's breach reporting responsibilities. It explains how DON leadership must continually reinforce PII awareness, through training, so that personnel properly safeguard privacy sensitive information in order to improve business processes.
DTG 032009Z OCT 08 - October 3, 2008
This Naval message provides updates to the DON policy for digital signature and encryption of email. It also provides updated budget guidance for procurement and use of Smart Card Reader technology to support digital signature and encryption of email from Personal Electronic Devices.
ALNAV 070/07: R 042232Z OCT 07 - October 4, 2007
This ALNAV message stresses the seriousness of safeguarding personally identifiable information (PII) across the Department by establishing an annual PII awareness training requirement, as well as completing semi-annual command level PII compliance spot checks.
View PII Spot Check Form.
Public Law 110-53 - August 3, 2007
This is an excerpt from PUBLIC LAW 110-53-AUG. 3, 2007, "Implementing Recommendation of the 9/11 Commission Act of 2007," specifically Sections 801 (Modification of Authorities Relating to Privacy and Civil Liberties Oversight Board) and 803 (Privacy and Civil Liberties Officers).
DTG 232026Z JUL 07 - July 23, 2007
This Naval message defines personally identifiable information (PII) and emphasizes the importance of its proper handling following more than 100 incidents of PII loss during the past 18 months.
DTG 171952Z APR 07 - April 17, 2007
This Naval message establishes interim policy for the handling of personally identifiable information when stored on government furnished laptop computers, other mobile computing devices and removable storage media (e.g., removable hard drives, thumb drives, blackberries, personal digital assistants, compact discs and DVDs).
CNO Memo - September 7, 2006
This memo provides guidance regarding the use of recall rosters for the management of personnel and addresses what personal information may be included.
DON CIO Memo - June 16, 2006
This memo and enclosures prescribe the Department of Defense and Department of the Navy Privacy Impact Assessment guidance for IT systems that contain information in identifiable form.
DoD Guide - March 1, 2006
This guide specifies technical details for implementing interagency PIV I and PIV II National Institute of Standards and Technology Special Publication 800-73v1 requirements in the DoD CAC environment. It documents how the DoD common access card and middleware are implemented with PIV.
DoD 5220.22-M - February 28, 2006
This manual prescribes requirements, restrictions, and other safeguards that are necessary to prevent unauthorized disclosure of classified information and to control authorized disclosure of classified information.
DON Guidance - October 27, 2004
This summary provides the Department of the Navy format for system assessors to use when conducting a Privacy Impact Assessment.
DTG 061525Z OCT 04 - October 8, 2004
This Naval message provides amplifying public key infrastructure implementation guidance.
CNO Memo - February 10, 2003
This memo directs Navy activities to be proactive with regards to complying with the Privacy Act of 1974 and SECNAVINST 5211.5 series, DON Privacy Program. The memo provides Privacy Act coordinators good general guidance and addresses areas that are still important today, i.e., protecting personally identifiable information, reducing the
DoD Instruction 6025.18-R - January 24, 2003
This Department of Defense Regulation prescribes the uses and disclosures of protected health information. It is based on the requirements of the Health Insurance Portability and Accountability Act, Public Law 104-191. It covers much of the same information as the Privacy Act of 1974. This regulation was effective April 14, 2003, and is mandatory for use by all DoD Components.
OMB M-99-05 - January 7, 1999
This memorandum provides instructions to agencies on how to comply with the President's Memorandum of May 14, 1998, on "Privacy and Personal Information in Federal Records." In his memo, the president directed Federal agencies to review their current information practices and ensure that they are being conducted in accordance with privacy law and policy. The president also directed the Office of Mangaement and Budget to ...
5 U.S.C. 552a - September 1, 1974
The Privacy Act of 1974, 5 U.S.C. § 552a, establishes a code of fair information practices that governs the collection, maintenance, use and dissemination of personally identifiable information about individuals that is maintained in systems of records by federal agencies. A system of records is a group of records under the control of an agency from which information is retrieved by the name of the individual or by some ...
June 13, 2019
When a Department of the Navy activity reports a breach of personally identifiable information (PII), it must also include lessons learned in an after-action report. Lessons learned are an important feedback mechanism to shape future DON privacy policy. The following information is a compilation of the most frequently reported lessons learned.
June 10, 2019
Presentations given during the DON IT conference sessions held in Norfolk, VA, June 3-5, are available by request to government civilian, military personnel, and DoD support contractors. Please submit your request by using the "Contact Us" link located in the DON CIO Information section
June 3, 2019
The conference schedule is now available for the DON IT Conference, East Coast 2019. It has been approved for June 3-5, 2019, and will be held at the at the Hilton Norfolk The Main in Norfolk, VA. No conference fee will be assessed, but registration is required.
Walk-in registration will be available for three categories of attendees: 1) Non-TDY DON civilian and military attendees; 2) local and TDY government ...
March 11, 2019
DD Form 2923, the Privacy Act Data Cover Sheet, is used to identify and safeguard personally identifiable information (PII) contained in hard copy documents. Its use is currently a Department of the Navy "best practice."
February 26, 2019
SAFE (Safe Access File Exchange) is back in service and can be used to securely transmit files containing personally identifiable information (PII). SAFE should be available for the next six months. At that time DISA intends to have implemented a new DoD enterprise solution, replacing SAFE.
SAFE allows users to send up to 25 files securely to recipients within the .mil and .gov domains. The files can total up to 2GB ...
February 25, 2019
Congratulations to the 2019 DON Information Management/Information Technology (IM/IT) Excellence Award Winners! The DON IM/IT Excellence Awards recognize excellence in information management and information technology across the Department of the Navy.
by The Honorable Thomas B. Modly - January 25, 2019
During the first weeks of his tenure as president of JPMorgan Chase Bank, Jamie Dimon was briefed on the company’s efforts to outsource its information technology and corporate networks. It’s now the stuff of legend how Dimon not only cancelled a $5-billion IT contract, but challenged his people to own information as a proprietary, business-defining function. This strategic perspective has guided IT investment and ...
January 23, 2019
Walk-in registration onsite at the West Coast DON IT Conference scheduled for Feb. 13-15 at the San Diego Convention Center will be available for three categories of attendees: 1) Non-TAD DON civilian and military attendees; 2) local and TAD government support contractors who provide a CAC or contact information of government sponsor; and 3) local and TAD non-DON government attendees.
The schedule, session ...
December 14, 2018
According to the Privacy Rights Clearing House, in 2017 there were 829 data breaches in the U.S. affecting over 2 billion individual records. Virtually every adult in the U.S. has had their privacy sensitive information compromised at least once and probably multiple times. This Privacy Tip provides actions you can take to prevent or minimize the potential for identity theft. The OCIO Privacy Team has developed a list ...
by Capt. Damen Hofheinz - July 13, 2018
It is my pleasure to be selected to serve as Director, Office of the CIO (OCIO). The DON CIO recently consolidated and reorganized. Certain functions not statutorily required to be done by the CIO were delegated to the Navy and Marine Corps. This is resulting in streamlined processes, workflow efficiency, and a leaner CIO organization. Mr. Thomas Modly, Under Secretary of the Navy, is also both the Chief Management ...
June 1, 2018
Wallet or purse, check; suitcase, check; briefcase, check; smartphone and charging cord, check; PII, huh? The last thing you should do before you step out of the rental car and return the keys to the customer service representative is make sure you have all of your valuables in hand, and that includes your personally identifiable information (PII).
April 30, 2018
Presentations given during the DON IT conference sessions held in Norfolk, VA, April 23-25, are available by request to government civilian, military personnel, and DoD support contractors. Please submit your request by using the "Contact Us" link located in the DON CIO Information section
by Petty Officer 2nd Class Justin Yarborough, Navy Public Affairs Support Element East - April 27, 2018
Rear Adm. Danelle Barrett, Navy Cyber Security Division Director, and senior leaders from the Office of the Department of the Navy Chief Information Officer (DON CIO) awarded eight recipients for their work, drive and innovation that advanced the Navy and Marine Corps Information Technology (IT) communities during the DON IT Conference at The Main Hilton, April 24.
March 1, 2018
This article provides information about a new Medicare scam, general rules for protecting yourself, and what to do if you become a victim.
February 20, 2018
Steve Muck, the DON CIO's Privacy and Information Sharing Director, was recently named a 2018 Fed 100 Award Winner. Steve was recognized for his outstanding management and oversight of the DON Privacy, FOIA, Records Management and Knowledge Management programs.
by Dr. Kelly E. Fletcher - January 29, 2018
I want to share with you this years outstanding DON IT Conference program and congratulate the winners of the DON Information Management/Information Technology (IM/IT) Excellence Awards.
The DON Chief Information Officer hosts an East and West Coast DON IT Conference each year to provide information about the latest DON IT initiatives, offer training that applies to IT certifications, enable interaction with DON ...
by DON CIO Privacy Team - October 31, 2017
Privacy Tips are meant to increase awareness about privacy issues that impact the Department of the Navy by highlighting a specific topic. Feedback or suggestions for future topics are welcomed.
October 31, 2017
Whether you have been personally impacted by a breach of personally identifiable information (PII) or not, it is still imperative that you put safeguards in place to protect your information, and prevent a breach from occurring.
October 30, 2017
The deadline to submit nominations for the DON Information Management/Information Technology (IM/IT) Excellence Awards has been extended to Nov. 27, 2017. The awards recognize the superior efforts of IM/IT projects, teams, and individuals in helping to transform DON information technology.
by Department of Homeland Security - October 9, 2017
Businesses face significant financial loss when a cyber attack occurs. Cybercriminals often rely on human error – from employees failing to install software patches to clicking on malicious links – to gain access to systems. From the top leadership to the newest employee, cybersecurity requires the vigilance of every employee to keep data, customers, and capital safe and secure.
by Department of Homeland Security - October 2, 2017
Cybersecurity is present in every aspect of our lives, whether it be at home, work, school, or on the go. Regardless of one's technical ability or background, there are simple steps everyone can take to stay safe online.
May 15, 2017
The threat of tax return identity theft remains a growing problem. Learn the signs of potential fraudulent activity, how to reduce your risk, and actions you can take if you become a victim of tax return related identity theft.
by Robert Foster - April 17, 2017
The need for innovation never diminishes – to harness technology; to do more with less in budget challenged environments; to challenge the status quo. The Department of the Navy continues to cultivate an environment that promotes, fosters, and rewards innovation.
November 8, 2016
The DON CIO Privacy Office receives frequent inquiries regarding how to obtain copies of military personnel records, military health records, and award information from active duty military, veterans, family members, and members of the public. This Privacy Tip provides specific links and information to obtain such personnel records.
November 3, 2016
The following is a list of CHIPS Magazine articles about personally identifiable information (PII) breaches based on factual reports sent to the DON CIO Privacy Office. Incidents such as these will be reported in each subsequent issue of CHIPS Magazine.
by Robert Foster - October 31, 2016
With increasing frequency, we read about computer networks being hacked — in both the public and private sectors. You may have been affected by one of the latest incidents on your own home network, the attack that brought several popular websites, including Amazon, Twitter and Netflix, to a standstill for hours. Though it did not affect our DON network, it is a compelling reminder that cyber intrusions are increasing in ...
by Robert Foster - October 31, 2016
With increasing frequency, we read about computer networks being hacked — in both the public and private sectors. You may have been affected by one of the latest incidents on your own home network, the attack that brought several popular websites, including Amazon, Twitter and Netflix, to a standstill for hours. Though it did not affect our DON network, it is a compelling reminder that cyber intrusions are increasing in ...
by Rob Foster - August 11, 2016
I want to update you on what the Department of the Navy is doing to protect sensitive personal data from compromise. As you know, personal data loss, which can lead to identity theft, is not always due to outsider threats. It can be the result of an insider’s malicious actions or simply an insider’s lack of proper handling of what we call “personally identifiable information” or PII. The Department has a track record ...
July 10, 2016
SECNAV Manual 5000.3, "DON Documentary Material Task," was signed by the Secretary of the Navy on June 27, 2016. The manual provides guidance to every organization that receives a request to search for, locate, preserve, and, if appropriate, collect, review, and provide documentary material in response to subpoenas, document production requests in litigation, record hold requests, Congressional inquiries, requests from ...
by Rob Foster - May 9, 2016
There are mobile applications for almost everything, and now there are apps that allow Department of the Navy active duty and civilian personnel in any location to access important information and required training on their personal smartphone or tablet. These apps will work on personal devices outside of the Navy Marine Corps Intranet (NMCI) domain.
by Navy News Service - April 20, 2016
Department of the Navy Chief Information Officer (DON CIO) Robert Foster recognized more than 10 individuals and teams for transforming the Navy and Marine Corps through information technology during a ceremony at the Washington E. Walter Convention Center April 20.
March 4, 2016
The Department of the Navy Chief Information Officer is pleased to announce the winners of the 2016 DON IM/IT Excellence Awards. The awards recognize teams and individuals for various categories of awards related to information management and information technology. The following were selected as the 2016 winners.
by DON Privacy Team - February 26, 2016
The following is a list of CHIPS Magazine articles on the Department of the Navy's (DON's) Social Security Number (SSN) Reduction program and related success stories received by the DON CIO Privacy Office. Additional articles such as these will be reported in each subsequent issue of CHIPS Magazine.
by the DONCIO Privacy Team - February 8, 2016
Over 34,000 identity fraud cases were reported by the Internal Revenue Service (IRS) in 2011, an almost 100 percent increase over 2010. All that is required by the identity thief is a full name, date of birth and associated Social Security Number (SSN) to file a fraudulent tax return. The IRS has taken aggressive steps to curb fraudulent activity and in 2013indictments and sentencing doubled and the average prison term ...
by Rob Foster - February 4, 2016
It is very important to me to spend time meeting with Department of the Navy (DON) stakeholders to maintain active communication and feedback channels. I have made it a point to get out of the Pentagon and visit various Navy and Marine Corps commands to see for myself the excellent IT-related work that’s taking place and hear directly about IT-related challenges and concerns. I have strongly encouraged the DON Chief ...
December 22, 2015
More than 25 million current, former, and prospective government employees and contractors were affected by two breaches at the Office of Personnel Management (OPM), first reported in June 2015. More...
by DON CIO Privacy Team - December 8, 2015
The theft of Personally Identifiable Information (PII) from major retailers, financial institutions and the Federal Government has impacted large segments of the population and made headline news. More insidious and with profound consequences for patients, insurance and health care providers, is the theft of medical data. More...
December 7, 2015
Did you know an estimated 91 percent of cyber hacking attacks start with a phishing or spear-phishing email? This infographic from Navy Live tells you how to recognize spear phishing, what to do if you receive a spear phishing email, and how to report it.
October 6, 2015
It is very important to act quickly if you believe someone has used your name, social security number, or other aspect of your identity to commit fraud. More...
September 28, 2015
More than 25 million current, former, and prospective government employees and contractors were affected by two breaches at the Office of Personnel Management (OPM), first reported in June 2015. The SECNAV website provides timely and accurate information regarding the nature and extent of the personal information compromised, the notification process, and actions that should be taken to minimize the risk to personnel.
by GSA - September 1, 2015
The U.S. General Services Administration (GSA) announced that it has awarded government-wide Federal Supply Schedule Blanket Purchase Agreements (BPAs) for identity monitoring, and data breach response and protection services. More...
by DON CIO Privacy Team - August 3, 2015
The most commonly reported PII breach in the Department of the Navy is also one of the easiest breaches to prevent: failure to encrypt an email message containing personally identifiable information (PII). In August 2014, failure to encrypt email resulted in almost half of all PII breaches reported, impacting a significant number of DON personnel. More...
by National Cyber Security Alliance - April 10, 2015
The National Cyber Security Alliance (NCSA) and Better Business Bureau (BBB) say now is the perfect time for a "digital spring cleaning."
In many households, spring cleaning is an annual ritual marked by clearing out closets, basements and garages, de-cluttering cabinets and getting everything spic and span. While making sure your home is in tip-top shape, don’t forget about getting a fresh start with your online ...
October 20, 2014
Attempted intrusions into DoD networks by spear-phishing or a social media based attack occur frequently. While it is legal to access social media sites from your DoD computer, there are precautions that you should take to make both your personal information and our government networks safe from attack. ...
September 15, 2014
Personally identifiable information (PII) should only be shared or accessible to those with a need to know. PII includes government email addresses as well as personal email addresses. A best practice when sending emails to a large number of individuals is to use the BCC (blind copy) feature. ...
July 11, 2014
Recent media accounts have reported a breach of the Office of Personnel Management (OPM) network. At this time, neither OPM nor the United States Computer Emergency Readiness Team (US-CERT) has identified any loss of personally identifiable information for any users of OPM's internal or external systems. There is no need for additional action from employees and customers related to this incident.
April 30, 2014
Identity theft is defined as the fraudulent acquisition and use of an individual's personal information, usually for financial gain. The U.S. Department of Justice reports that the average number of U.S. identity fraud victims annually is over 11.5 million; with the total financial loss attributed to identity theft in 2013 at $21 billion.
January 10, 2014
Identify theft is a constant and evolving threat for all citizens and can be of particular concern for deployed military and their families. Identity theft is a serious crime that can disrupt your finances, credit history, and reputation, and take time, money, and patience to resolve.
July 29, 2013
The Pentagon visitor's entrance has implemented keypad entry on the Social Security number (SSN). The implementation is based on a recommendation by the Department of the Navy Chief Information Officer Privacy Team to the Office of the Secretary of Defense. Previously the SSN was asked for verbally, which allowed the potential for being overheard by other visitors. As an interim measure, visitors were asked to write ...
May 20, 2013
"Phishing" is a criminal activity in which an adversary attempts to fraudulently acquire sensitive information by impersonating a trustworthy person or organization via email. "Spear phishing," however, takes this email threat to a new level.
May 6, 2013
Do you know what to do if you suspect there's been a compromise of personally identifiable information?
January 28, 2013
Social media are excellent venues for exchanging information, but some of this information could contain personally identifiable information (PII). PII is any information that can be used to distinguish or trace an individual's identity. Examples include but are not limited to: name, Social Security Number, date of birth, home address, home phone number, personal e-mail address, financial information, fingerprints, ...
January 24, 2013
In a previous Privacy Tip titled, “Don't Get Caught by Phishing,” phishing was described as a criminal activity in which an adversary attempts to fraudulently acquire sensitive information by impersonating a trustworthy person or organization. A rising cyber threat called spear phishing takes this email threat to a new level.
by Enterprise IT Communications - December 7, 2012
The Department of the Navy has made significant progress in adjusting to its smaller budget, but much work remains. The $100 million in savings achieved so far is just a start to the $2 billion cut to the DON’s IT budget, said Terry Halvorsen, the DON Chief Information Officer.
December 3, 2012
The Department of the Navy Chief Information Officer Privacy Office reports that 80 percent of all "high-risk" personally identifiable information (PII) breaches involve the Social Security Number (SSN). Recent DON and Department of Defense policy guidance outlines steps that reduce or eliminate the collection, use, display and maintenance of the SSN in DON business practices. As a result, commands are now authorized to ...
November 9, 2012
The Feb. 2012 message, Department of the Navy Social Security Number (SSN) Reduction Plan Phase Three, prohibited the faxing of SSNs and other personally identifiable information (PII) in all but a few special cases. Since its release, many processes that require the faxing of PII, specifically the SSN, have been identified. To ensure that business processes continue uninterrupted to the maximum extent possible, the ...
October 24, 2012
The Department of the Navy Chief Information Officer Privacy Office receives frequent inquiries regarding paper shredding as a means of destroying unclassified documents containing personally identifiable information (PII).
by Steve Muck - August 15, 2012
The following is a recently reported personally identifiable information (PII) data breach. Names have been changed or omitted, but details are factual and based on reports sent to the Department of the Navy Chief Information Officer Privacy Office.
July 27, 2012
We all save an overabundance of mementos from the past — whether it is a favorite blanket from grandma, a box full of baseball cards (unfortunately, not a Tug McGraw or Ted Williams rookie
card in the mix), or 20-year-old report cards. While it may be comforting to know that we can always find a particular item; in reality, is that box of baseball cards valuable enough to keep around? We, as a department, have long ...
June 5, 2012
At the most recent Department of the Navy Information Technology Conference in Virginia Beach, Va., Terry Halvorsen, DON Chief Information Officer, held a town hall to discuss his strategy for business IT transformation and the future of DON IT. Download the full transcript, which includes questions from the audience, here.
May 31, 2012
In October of 2008, the Department of the Navy Chief Information Officer released a GENADMIN message that reiterated guidance requiring DON users to digitally sign and encrypt email messages. The below process explains what to do if you should encounter problems when encrypting an email.
May 30, 2012
During the next five to 10 years, the Department of the Navy is facing significant budget constraints. To support vital warfighting capabilities that protect the safety of the nation, it is necessary to find efficiencies in other areas. As part of this effort, the DON Chief Information Office and its information technology partners, such as internal stakeholders and industry, will thoroughly review all operations from an ...
by Terry Halvorsen - May 17, 2012
As a department, we like to save our data and records -- to ensure we will have a historical record or to meet a regulatory requirement. And indeed, many of the Department's business processes require the legitimate use of sensitive information. However, there are cases in which personally identifiable information (PII) or protected health information (PHI) should not be used, maintained or collected.
by Steve Muck - April 20, 2012
The following is a recently reported personally identifiable information (PII) data breach involving a Sailor who improperly handled PII. Names have been changed or omitted, but details are factual and based on reports sent to the Department of the Navy Chief Information Officer Privacy Office.
by Steve Muck - February 17, 2012
The Department of the Navy continues to implement guidance to better safeguard personally identifiable information (PII) by reducing or eliminating the collection, use, display and maintenance of a Social Security number (SSN) where possible. During the past 18 months, the DON has implemented two phases of its SSN reduction plan and is initiating procedures for the third phase. Results of this department-wide effort are ...
by Steve Muck & Steve Daughety - October 27, 2011
The following is a recently reported personally identifiable information (PII) data breach involving a Department of the Navy support contractor who improperly handled PII. Incidents such as this will be reported in CHIPS magazine to increase PII awareness. Names have been changed or omitted, but details are factual and based on reports sent to the DON Chief Information Officer Privacy Office.
by Steve Muck - October 27, 2011
The Department of the Navy is eliminating the unnecessary collection of Social Security numbers (SSNs) to protect personally identifiable information (PII). The SSN, to include any form of the SSN, such as truncated, masked, partially masked, encrypted or disguised, is ubiquitous and a key data element used to commit identity fraud.
by Michelle Schmith - August 19, 2011
The privacy of an individual is a fundamental right that must be respected and protected. While improved handling and security measures within the Department of the Navy are noted in recent months, the number of incidents in which loss or compromise of personally identifiable information (PII) occurs remains unacceptably high.
by Steve Muck - August 19, 2011
A question submitted to the "Ask an Expert" section of the Department of the Navy Chief Information Officer website underscores the need to improve business processes that involve the use of a Social Security number. While there are many legitimate requirements for SSN use, efforts must be made to reduce or eliminate reliance on this unique personal identifier. After reading the question and the DON CIO's response, ...
by DON CIO Privacy Team - July 18, 2011
The purpose of this tip is to reinforce existing DON policy regarding digitally signing and encrypting emails that contain personally identifiable information (PII).
by Steve Muck - June 21, 2011
The following is a recently reported personally identifiable information data breach involving a Department of the Navy support contractor who improperly handled PII. Incidents such as this are recounted to increase PII awareness. Names have been changed or omitted but details are factual and based on reports sent to the DON Chief Information Officer Privacy Office.
by Steve Muck - May 17, 2011
The Department of the Navy is working to eliminate the unnecessary collection of Social Security numbers (SSNs) to protect your personally identifiable information (PII). The SSN is ubiquitous and one of the key data elements used to commit identity fraud. The DON has embarked on a plan to reduce the use of the SSN by eliminating it where it is not needed or replacing it with another unique identifier (e.g., the ...
by DON Privacy Team - April 12, 2011
Identity theft is a constant and evolving threat for all citizens and can be of particular concern for those on military deployment and their families. It is a serious crime that occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes.
by the DON Privacy Team - March 10, 2011
The following Privacy Tip provides existing policy guidance and best business practices for contract support personnel who handle personally identifiable information. Office of the Secretary of Defense Memo dated June 05, 2009, "Safeguarding Against and Responding to the Breach of Personally Identifiable Information (PII)" and SECNAV INST 5211.5E: "SECNAV Privacy Program" apply.
by the DON CIO Privacy Team - February 15, 2011
This Privacy Tip provides answers to frequently asked questions regarding upcoming changes to the Department of Defense identification cards. The questions and answers below were reproduced from a recent DoD memo. Changes include the removal of both the sponsor and dependent Social Security number (SSN), the addition of a DoD benefits number for DoD beneficiaries, and the removal of the SSN in the card bar codes. The DoD ...
by Steve Muck - February 11, 2011
The Department of the Navy Central Adjudication Facility (DONCAF), a Naval Criminal Investigative Service (NCIS) organization, is responsible for determining who within the Department of the Navy is eligible to hold a security clearance, have access to Sensitive Compartmented Information (SCI), and be assigned to sensitive duties.
by Steve Muck - February 7, 2011
Human error is the cause of 80 percent of the DON's PII breaches. Not knowing or not following guidance, or just being careless can result in the unintended disclosure of privacy sensitive information and potentially adversely affect many personnel.
by Steve Muck - January 21, 2011
The Social Security number (SSN) has evolved beyond its intended purpose to become the identifier of choice for many of the business processes within the Department of the Navy. While use of the SSN has become the enabler to identify and authenticate individuals, it is one of the key elements used for identity theft and fraud. Widespread use of the SSN has reached unacceptable levels and requires a department-wide effort ...
by Steve Muck - January 21, 2011
A memo from the Under Secretary of Defense issued Nov. 23, 2010, (DTM 13798-10, "Social Security Numbers (SSN) Exposed on Public Facing and Open Government Websites"), addresses concerns about the potential for adverse consequences if the Social Security number (SSN) is truncated or removed as previously planned.
by DON CIO Privacy Team - November 4, 2010
This is part two of Elements of a Good Privacy Program and serves as a best practices guide to help Department of the Navy commands/units implement and sustain privacy awareness and better safeguard personally identifiable information within their control.
by DON CIO Privacy Team - October 12, 2010
This Privacy Tip will be published in two parts and serves as a best practices guide to help Department of the Navy commands/units implement and sustain privacy awareness and better safeguard personally identifiable information within their control.
by DON CIO Privacy Team - August 1, 2010
While recall rosters serve a useful and valid purpose, safeguards must be in place to ensure that the personally identifiable information they contain is properly maintained and protected to prevent inadvertent disclosure. This privacy tip provides specific safeguards all Department of the Navy personnel should use when creating and sharing recall rosters.
by DON CIO Privacy Team - July 15, 2010
When a Department of the Navy activity reports a personally identifiable information breach, it must include lessons learned in an after-action report. Lessons learned are an important feedback mechanism and are used to shape future DON privacy policy. The following information is a compilation of the most frequently reported lessons learned.
by Steve Muck - June 9, 2010
The following is a recently reported data breach involving the disclosure of personally identifiable information (PII) on the Navy Knowledge Online (NKO) website. Names have been changed or omitted but details are factual and based on reports sent to the DON CIO Privacy Office.
by Steve Muck - March 8, 2010
The following is a recently reported compromise of personally identifiable information (PII) involving the disposal of copiers containing personal information stored on their hard drives. Incidents such as this will be reported to increase PII awareness. Names have been changed or removed, but details are factual and based on reports sent to the DON CIO Privacy Office.
by DON CIO Privacy Team - February 25, 2010
The Department of the Navy, Department of Defense and Office of Management and Budget (OMB) have mandated the protection of data at rest (DAR) on all unclassified network seats/devices. NMCI is implementing a solution using GuardianEdge Encryption Anywhere and Removable Storage software to meet these requirements. All data in computer storage as well as data written to a removable storage device will be encrypted. This ...
by DON CIO Privacy Team - January 1, 2010
ALNAV 070/07 Department of the Navy Personally Identifiable Information (PII) Training Policy states that, "Commanders/Commanding Officers/Officers in Charge will ensure that supervisors conduct a spot check of their assigned area of responsibility, focusing on those areas that deal with PII on a regular basis (e.g., human resources, personnel support, medical, etc.)." The ALNAV also states that the compliance spot check ...
by Steve Muck - November 29, 2009
The following is a recently reported compromise of personally identifiable information (PII) involving the theft of storage media containing personal information. Names have been changed or removed, but details are factual and based on reports sent to the Department of the Navy Chief Information Officer Privacy Office.
by Christy Crimmins - November 17, 2009
The use of social media has become a popular topic within the Department of the Navy, Defense Department and across the federal government. As agencies begin to venture into this media, whether it is creating an agency Facebook page or updating constituents via Twitter, precautions must be taken and risks should be assessed. While these tools open up many avenues for broader communication and collaboration, they also ...
by DON CIO Privacy Team - November 4, 2009
A successful command privacy program must include an aggressive records review and disposal component. While hard copy files cannot be ignored, the volume of electronic data files is a much larger issue and must be aggressively addressed by local commands/units.
by DON CIO Privacy Team - October 6, 2009
Two recent personally identifiable information (PII) breach incidents involving the turn in of reproductive office equipment highlight the fact that many people do not know that copiers and printers present information security challenges.
by DON CIO Privacy Team - September 1, 2009
This Privacy Tip is a summary of input received from information assurance personnel, security personnel and privacy officials from a variety of commands across the Department of the Navy and Joint Forces Command. The information is intended to represent best business practices and should not be considered DON policy, unless otherwise noted.
by Steve Muck - August 19, 2009
The following is a recently reported compromise of personally identifiable information (PII) involving the improper disposal of human resources documents. Names have been changed or removed, but details are factual and based on reports sent to the DON CIO Privacy Office.
by DON CIO Privacy Team - June 1, 2009
Why should you protect your personal information? To an identity thief, it can provide instant access to your financial accounts, your credit record and your other personal assets. If you think that no one would be interested in your personal information, think again.
by DON CIO Privacy Team - May 1, 2009
As cell phones and personal digital assistants (PDAs) become more technologically advanced, attackers are finding new ways to target victims. By using text messaging or email, an attacker could lure you to a malicious site or convince you to install malicious code on your portable device.
by Steve Muck - April 22, 2009
The following is a recently reported compromise of personally identifiable information (PII) involving the transmission of an un-encrypted e-mail which contained National Security Personnel System (NSPS) performance ratings of employees within a Navy region. Names have been changed or removed, but details are factual and based on reports sent to the DON CIO Privacy Office.
by DON CIO Privacy Team - March 6, 2009
If the Department of the Navy eliminated the use of Social Security numbers (SSN) from email, forms, documents and electronic information technology systems, 80 percent of the personally identifiable information (PII) breaches reported in 2008 would never have occurred. The March Privacy Tip of the Month explores the relationship between SSNs and identity theft. It also provides approaches to reducing the display, ...
by Steve Muck - February 20, 2009
The following is a reported loss or breach of personally identifiable information (PII) involving a Department of the Navy information system with lessons learned from the event. Names have been changed or removed, but details are factual and based on reports sent to the DON Privacy Office.
February 2, 2009
The Department of the Navy enterprise solution for protection of sensitive Data at Rest (DAR) on non-NMCI assets is now available. Implementation of this solution enables compliance with DoD and DON requirements associated with protection of personally identifiable information (PII) and other types of sensitive DAR on mobile computing devices and portable storage media.
by DON CIO Privacy Team - February 1, 2009
During the past year, the Department of the Navy has experienced problems relating to turning in excess information technology and office equipment that contain personally identifiable information (PII).
January 1, 2009
During the past year, the Department of the Navy has experienced a few documented cases of identity theft linked to the loss of government privacy information. The December 2008 Privacy Tip focused on how thieves steal identities, what they do with the personal information they obtain, and general information about identity theft. This Privacy Tip is reproduced from Department of Justice guidance found on its
December 1, 2008
During the past year, the Department of the Navy has experienced a few documented cases of identity theft linked to the loss of government privacy information. This Privacy Tip focuses on how thieves steal identities and what they do with that personal information, as well as general information about identity theft.
November 1, 2008
As outlined in a recently published memo, the Department of the Navy endorses the secure use of Web 2.0 tools to enhance collaboration, streamline processes and foster productivity.
by Steve Muck - October 29, 2008
The following is the July 2008 summary of recently reported losses or breaches of personally identifiable information (PII) involving laptops or thumb drives. Laptop security continues to be the foremost vulnerability in the Department of the Navy. Names have been changed or removed, but details are factual and based on reports sent to the Department of the Navy Privacy Office.
September 8, 2008
The U.S. General Services Administration awarded Blanket Purchase Agreements (BPAs) to assist Federal agencies in protecting the confidentiality of personal credit and payment information, as well as providing a fast and effective solution for Federal agencies needing commercial-off-the-shelf credit monitoring services, according to its web site.
September 1, 2008
Recent personally identifiable information (PII) breach reports highlight the need to conduct searches of shared drives throughout the Department to protect employees’ personal information and reduce the risk of identity theft. PII is found most often in documents related to awards, medals, legal issues, medical records and financial data.
by Steve Muck - August 6, 2008
The following is a synopsis of a recently reported loss or breach of personally identifiable information (PII) that highlights common mishandling mistakes made by individuals within the Department of the Navy.
Names have been changed, but details are factual and based on reports sent to the DON Privacy Office.
August 1, 2008
Peer-to-Peer (P2P) networks, which link computers directly, allowing users to swap digital movies, music and files with other users without centralized security controls or oversight.
July 28, 2008
The recently released Department of the Navy Cyber Crime Handbook provides an overview of the definitions, criminal techniques, electronic laws, incident reporting and responses regarding cyber threats to DON personnel and the Department's global network infrastructure.
July 11, 2008
An enterprise solution to encrypt DON data-at-rest (DAR) for non-Navy Marine Corps Intranet (NMCI) networks is anticipated to be available this fall from the Department of Defense Enterprise Software Initiative/SmartBUY Enterprise Software Agreements.
July 1, 2008
Phishing is a criminal activity in which an adversary attempts to fraudulently acquire sensitive information by impersonating a trustworthy person or organization. Examples of such practices include manipulated emails that appear to be from the Department of the Navy, Navy Federal Credit Union, Navy Knowledge Online or other recognizable contacts.
June 13, 2008
Whether due to carelessness or theft, the loss of laptops and other portable electronic devices (especially thumb drives), continues to be one the top contributors to the loss of personally identifiable information (PII).
June 9, 2008
The International Association of Privacy Professionals' (IAPP) mission is to define, promote and improve the privacy profession globally and is the world's largest association of privacy professionals representing more than 5,000 members from business, government and academia across 32 countries. It is the first organization to establish educational and testing credentials for information privacy, i.e., the Certified ...
by Steve Muck - May 14, 2008
The following synopsis of a recently reported loss or breach of personally identifiable information (PII) highlights common mishandling mistakes made by individuals within the Department of the Navy. Names have been changed, but details are factual and based on reports sent to the DON Privacy office.
May 13, 2008
From FBI.gov
The scenario: You are at the airport waiting for your flight. With time to kill, you are thinking of connecting your laptop to the airport’s Wi-Fi to check your office e-mail, do some personal banking or shop for a gift for your spouse.
However, chances are there is a hacker sitting nearby with a laptop attempting to “eavesdrop” on your computer to obtain personal data that will provide access to ...
by Steve Muck - February 8, 2008
The following is a synopsis of a recently reported loss or breach of personally identifiable information (PII) that highlights common mishandling mistakes made by individuals within the Department of the Navy. Names have been changed, but details are factual and based on reports sent to the DON Privacy Office.
July 15, 2019
Section 208 of the E-Government Act of 2002 establishes government-wide requirements for conducting, reviewing and publishing Privacy Impact Assessments (PIA). The PIA directs agencies to conduct reviews of how privacy issues are considered when creating or purchasing new information technology (IT) systems or when initiating new electronic collections of information in identifiable form. A PIA addresses privacy factor
by DON Privacy Team - June 13, 2019
Department of the Navy Annual Privacy Training is mandatory for all DON employees to include civilians, military members, and contractors. Contractor employees should refer to their DON contract for their specific requirements.
May 21, 2019
Conference sessions will be available via dial-in for those who want to participate from remote locations. The line will be muted by default, pressing *6 will unmute and mute your line. Please check back before the start of each session as numbers may change throughout the day.
by DON CIO Privacy Team - February 19, 2019
A privacy breach is defined as a known or suspected loss of Department of the Navy personally identifiable information (PII).
January 30, 2019
The following resources are provided to implement the Department of Defense's Privacy and Civil Liberties Programs, DoDI 5400.11, through advice, monitoring, official reporting and training.
January 30, 2019
The following is a list of the latest policy, guidance and resources related to the safeguarding of personally identifiable information.
by DON Privacy Team - January 25, 2019
The attached resource is provided for labeling CDs containing personally identifiable information (PII).
January 24, 2019
Naval message DTG 151450Z MAR 17: New Department of the Navy Social Security Number Reduction Plan, requires the use of SECNAV 5213/1 to review and justify the continued collection of Social Security numbers on all Department of the Navy forms, IT systems and applications, and share drives and web portals.
December 12, 2018
Q&A with Under Secretary of the Navy Thomas B. Modly, Department of the Navy CIO and CMO
Under Secretary of the Navy Thomas B. Modly
Department of the Navy Releases Business Operations Plan to Further Reforms
Office of the Navy Chief of Information
November 27, 2018
This document attempts to address the common issues encountered as a privacy impact assessment moves its way through the review and approval process. Consider this a "living" document and help us improve its content and usefullness.
September 11, 2018
The following is a list of general frequently asked questions of the Office of the Chief Information Officer (OCIO) Privacy Team.
by DON CIO Privacy Team - September 11, 2018
The following is a list of topics with questions that are frequently asked of the Department of the Navy Chief Information Officer Privacy Team. Responses have been provided and, in many cases, there are added references to the guidance that is cited. Please provide the Privacy Team additional questions so they may be added to the list.
by DON Privacy Team - August 29, 2018
The DON has a continuing affirmative responsibility to safeguard PII and to prevent its loss, theft or compromise. All DON personnel, including support contractors and business partners must ensure their actions do not contribute to, or result in, a compromise. Contractor employees who work onsite at a government facility must take the same DON Annual Privacy Training required of DON Civilians and military personnel. ...
July 18, 2018
DoD Bans Use of GPS-Capable Devices in All 'Operational Areas'
CHIPS Magazine
Promoting a New Era of Electromagnetic Spectrum Repurposing
Shameeka Hunt
Marines Test Future of W
May 22, 2018
The following breach-related resources are provided to aid in reporting the loss or suspected loss of personally identifiable information (PII).
by Defense Privacy, Civil Liberties, and Transparency Division - May 1, 2018
The attached System of Records Notices (SORN) Guide was developed by the Defense Privacy, Civil Liberties, and Transparency Division.
by DON CIO Privacy Team - April 19, 2018
The Department of the Navy Users Guide to Personally Identifiable Information (PII) is provided as a convenient desk reference that can be printed as a brochure and distributed to increase awareness throughout the Department.
January 24, 2018
The following resources are provided to assist with contractor privacy responsibilities.
by DON CIO Privacy Team - January 5, 2018
This final rule amends the Federal Acquisition Regulation to clarify the training requirements for contractors whose employees will have access to a system of records on individuals or handle personally identifiable information. These training requirements are consistent with the Privacy Act of 1974, 5 U.S.C. 552a, and OMB Circular A–130, Managing Federal Information as a Strategic Resource. Prime contractors are ...
January 1, 2018
Is my name considered personally identifiable information?
Don Free, DON CIO Privacy Office DON Privacy Team
Rear Adm. Danelle Barrett, Navy Cyber Security Division Director
CHIPS Magazine Staff
DON Enterpri
by DON CIO Privacy Team - December 19, 2017
The following resources are provided to support the Department of the Navy's annual privacy training and semi-annual compliance spot-check requirements. Note: The GENADMIN (DTG 181905Z DEC 08) training requirement supercedes the ALNAV 070/07 training requirement. The compliance spot check requirements of the ALNAV remain in effect.
December 8, 2017
The following is a list of topic areas and frequently asked questions relating to those topics. After review, if you still have an unanswered question, please feel free to submit it to Contact Us. (Submissions are limited to 1,500 characters. Please allow 3-5 business days for response from the DON CIO team.) You can also use the Search tool at the top of the page to find answers quickly.
September 14, 2017
The new Department of Defense Privacy Impact Assessment Template has been published and is available for use. The link provides access to the fillable PDF version of DD FORM 2930 on the DoD forms website.
by DON CIO Privacy Team - September 14, 2017
The following resources are provided to assist with the privacy impact assessment submission process.
July 24, 2017
DON CIO Establishes DON IT Capability Priorities Process
Anna Tarrant, DON CIO Financial Analyst
Smishing – The Latest Scam to Obtain Personal Data
DON Privacy Team
Building a Highly Skilled Risk Management F
May 12, 2017
The DON Privacy Quiz highlights basic personally identifiable information (PII) knowledge and policy information that all DON personnel should be familiar. It is recommended that command/unit privacy officials use this quiz (attached below) as a training aid that can be specifically tailored to local use. Please provide feedback on how to make this a better tool by submitting your comments to the DON CIO Privacy Team via ...
March 16, 2017
The following resources are provided to help implement the Department of the Navy's Social Security Number Reduction Plan.
by DON Privacy Team - February 17, 2017
Forty-seven states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private, governmental or educational entities to notify individuals of security breaches of information involving personally identifiable information.
by Defense Media Activity - February 10, 2017
Social media is an integral part of the strategic communications and public affairs missions of the Department of Defense. Like any asset, it is something to defend and protect with vigilance. Cyber attacks are a real and present threat to the cybersecurity of government social media accounts.
by DON CIO Privacy Team - December 15, 2016
The following privacy presentations are provided for reference and use in developing future presentations and briefings.
by DON CIO Privacy Team - July 13, 2016
The attached slide presentation provides the setup process for easily adding the "FOUO - Privacy Sensitive" marking to both the subject line and the text block of emails containing PII.
July 11, 2016
The following list provides resources for Blanket Purchase Agreements for Identity Monitoring.
July 11, 2016
The below list provides resources for email and PII.
July 11, 2016
This Privacy Tip provides guidance regarding the reproduction (copy, scan, or other means) of CAC and Military identification cards and highlights the importance of safeguarding these cards. ...
by DON Privacy Team - July 8, 2016
The Social Security Reduction effort across the DoD and DON has eliminated the use of the SSN from many forms.
Use the links below to locate the latest copy of official instructions and forms.
Please ensure you are using the latest version/edition.
by DON CIO Privacy Team - June 22, 2016
When a DoD or DON form is updated to eliminate collection of the SSN, it is extremely important that the latest version of the form be used.
by DON CIO Privacy Team - June 17, 2016
The Health Insurance Portability and Accountability Act, or HIPAA, gives individuals the right to see and get copies of their health information, or share it with a third party, like a family member or a mobile device application. Having easy access to their health information empowers individuals to be more in control of decisions regarding their health and well-being. Individuals can monitor chronic conditions better, ...
by DON Privacy Team - March 25, 2016
Your personal information is a valuable commodity. It's not only the key to your financial identity, but also to your online identity. Knowing how to protect your information — and your identity — is a must in the 21st century. Here are some tips and resources from the Federal Trade Commission (FTC) to doing it effectively.
by DON CIO Privacy Team - December 11, 2015
One proactive step that can be taken to increase privacy awareness at your activity or command is to conduct a privacy stand down. Marine Corps Installations West-Marine Corps Base, Camp Pendleton (MCIWEST-MCB CAMPEN) recently did just that by declaring Sept. 23, 2015 as "Personally Identifiable Information Awareness Day" throughout their region.
November 2, 2015
The Department of the Navy Chief Information Officer has created press-quality posters to help communicate the importance of protecting and properly handling personally identifiable information (PII).
by DON Privacy Team - September 30, 2015
The links and bullets below contain information on PII, as well as resources, which are specifically useful to commanders.
July 2, 2015
Rob Foster was selected as the Department of the Navy Chief Information Officer effective June 2015. In support of the Deputy Under Secretary of the Navy for Management, Mr. Foster heads the Office of the DON CIO and is the DON's senior official and advisor on matters related to Information Management (IM), Information Technology (IT)/cyberspace, and Information Resources Management (IRM). He develops strategies, ...
June 11, 2015
OPM has begun notifying affected current and former federal employees of the subject breach.
May 15, 2015
The attached document was created by the Headquarters Marine Corps (HQMC) C4 Cybersecurity Division as a result of the increasing threat from adversaries both domestic and abroad to the physical security of our military personnel and their family members. The guide contains detailed instructions on how to remove information about oneself from public people searching websites.
February 4, 2015
Department of the Navy policy requires emails containing personally identifiable information (PII) to be digitally signed and encrypted. Most DON employees rarely send PII via email, so it makes sense for them to encrypt email messages on a case by case basis. However, some organizations within the DON handle PII on a regular basis and it makes sense for them to make encryption the default and unencrypt emails when not ...
by DoD White Paper - August 25, 2014
The SSN has been used throughout the DoD as a means to identify and authenticate individuals and its expanded use has increased efficiency, enabling DoD information systems and processes to interoperate and transfer information with a greatly reduced chance of errors. However, the threat of identity theft has rendered this widespread use unacceptable, resulting in the requirement that all Federal agencies evaluate how ...
by DON CIO Privacy Team - March 24, 2014
The personally identifiable information (PII) brief attached below was presented at the Department of the Navy IT Conference, West Coast 2014 and is provided as a reference and for use in developing other PII presentations.
August 2, 2013
Mr. Will Kammer, Chief, Defense Freedom of Information Policy Office presented the attached training in June 2013 at a three day DoD-wide Privacy Act (PA)/Freedom of Information Act (FOIA) training conference. The training was held at the National Geospatial-Intelligence Agency Headquarters in Springfield, VA.
by DON CIO Privacy Team - June 3, 2013
The Base Recycling Manager and Privacy Act Coordinator at Marine Corps Base Camp Pendleton have created a "No PII" placard for use on recycling bins and dumpsters around the base to prevent the improper disposal of personally identifiable information (PII).
May 31, 2013
The following Protected Health Information (PHI) documents are provided as references. PHI is individually identifiable health information that is transmitted or maintained by electronic or any other form or medium, excluding individually identifiable health information in employment records held by a covered entity in its role as employer.
April 8, 2013
The Privacy Act allows executive branch agencies to collect, maintain and disseminate information on individuals affiliated with that agency. The Department of the Navy does not maintain information about individuals who have never been affiliated with the Department.
The DON's inventory of Privacy Act System of Records Notices (SORNs) identifies under "exemptions claimed for this system" those systems that are exempt ...
January 29, 2013
The following are links to past messages from the DON CIO.
by DON CIO Privacy Team - December 7, 2012
The Social Secruity Number Reduction brief attached below was presented at the 2012 Department of the Navy IT Conference and is provided as a reference and for use in developing other personally identifiable information presentations.
by DON CIO Privacy Team - October 26, 2012
Emails containing personally identifiable information (PII) in the body of the email or in an email attachment:
Should only be sent to recipients with an official need-to-know.
Should have "FOR OFFICIAL USE ONLY - PRIVACY SENSITIVE" in the subject line.
Should have "FOR OFFICIAL USE ONLY - PRIVACY SENSITIVE: Any misuse or unauthorized disclosure of this information may result in both criminal and civil penalties" ...
by DON CIO Privacy Team - October 26, 2012
Identity theft affected 8.4 million adult Americans in 2007. Within the Department of the Navy, two incidents related to the loss of government controlled personally identifiable information (PII) that resulted in identity theft have been confirmed since June 2006.
by DON CIO Privacy Team - October 26, 2012
Below is a list of frequently asked questions on laptop and portable devices.
by DON CIO Privacy Team - October 26, 2012
by DON CIO Privacy Team - October 26, 2012
Privacy training should be completed by all Department of the Navy personnel (i.e., civilians, military and contractors) no later than Aug. 31 of each year.
by DON CIO Privacy Team - October 5, 2012
Phase II of the Department of the Navy Social Security Number (SSN) Reduction Plan addressed a review of information technology systems that collect the SSN. The purpose of the review was to assess whether continued collection was required, whether collection could cease (i.e., elimination of the SSN), or whether the SSN could be substituted with another unique identifier (i.e., the DoD ID number).
by DON CIO Privacy Team - October 5, 2012
Annual privacy training is mandatory and must be completed by August 31 each year, as stated in this message. The preferred sources of training for the Navy are Navy Knowledge Online (NKO) and the Total Workforce Management System (TWMS). MarineNet is the preferred source for the Marine Corps.
July 3, 2012
The following privacy training consists of nine breach scenarios and is intended to augment the Department of the Navy's annual personally identifiable information (PII) awareness course. The scenarios can be used to increase awareness or as a refresher for individuals who mishandle PII.
June 20, 2012
The following is a list of privacy resources.
by DON CIO Privacy Team - June 15, 2012
In Phase II of the Department of the Navy Social Security Number (SSN) Reduction Plan, program managers/system owners identified information technology systems that could eliminate the collection of SSNs by substituting the Department of Defense identification (ID) number (i.e., the Electronic Data Interchange Personal Identifier). Phase III authorizes the use and substitution of the DoD ID number and provides strict ...
by DON CIO Privacy Team - May 1, 2012
Service members and their families face many life altering events that most people never experience, such as frequent moves, extended deployments and multiple family separations. Each of these events can potentially expose the service member to an increased risk of identity theft and/or fraud. The following links provide information on what to do if you find yourself in a situation where your personal information has ...
by DON CIO Privacy Team - April 10, 2012
The World Wide Web is specifically designed to be open and accessible to a global audience. While this global accessibility makes the web a powerful public information tool and enhances productivity in the conduct of daily business, it also presents a potential risk to Department of the Navy personnel, assets and operations if inappropriate information is published on DON websites. Threats to the security of Navy and ...
by DON CIO Privacy Team - March 15, 2012
The Department of Defense identification number, formerly referred to as the Electronic Data Interchange Personal Identifier (EDIPI), is a unique 10-digit number that is associated with personnel and their Common Access Card (CAC). The DoD ID is assigned to each person registered in the Defense Enrollment and Eligibility Reporting System (DEERS). This includes government civilians, active duty military, dependents, ...
January 20, 2012
This checklist is an internal Department of the Navy document to be used by command leadership to assess the level of compliance in the handling of personally identifiable information as delineated by law and/or specific DoD/DON policy guidance. As commands adapt this checklist for their own use, their checklists will be posted here as a resource for others.
January 17, 2012
For new and existing Department of the Navy forms and information technology systems, any use of the Social Security number (SSN) that cannot be justified through appropriate authorities must be eliminated.
by DON CIO Privacy Team - January 16, 2012
The Privacy Complaint Process is a tiered process.
by CHINFO - September 1, 2011
The Department of the Navy Chief of Information has created a guide detailing recommended Facebook privacy settings and how to achieve them. The guide provides step-by-step instructions to help Facebook users create a balance between safeguarding their privacy and enjoying the benefits of social networking online.
by DON CIO Privacy Team - July 18, 2011
The following resources are provided to assist in completing the review of information technology systems that collect Social Security numbers.
by DON CIO Privacy Team - July 18, 2011
The following process should be followed when reviewing information technology systems that collect Social Security numbers (both full and truncated).
by DON CIO Privacy Team - July 13, 2011
To support the review of information technology systems that collect Social Security numbers, the attached response matrix is provided.
by DON CIO Privacy Team - July 13, 2011
The continued collection of Social Security numbers by existing information technology systems and collection by new IT systems must be justified.
by DON CIO Privacy Team - July 13, 2011
Privacy Act Data Cover Sheet, DD Form 2923 dated September 2010, is provided to aid in the safeguarding of personally identifiable information (PII). Use of the form is considered a best practice.
by DON CIO Privacy Team - May 20, 2011
The below Privacy Act Training presentations are provided for use by Department of the Navy Privacy Act coordinators as reference materials only. They not required training and will not be updated in the future. They should not be confused with the DON annual Personally Identifiable Information Training required by "GENADMIN DON CIO WASHINGTON DC 181905Z DEC 08."
March 3, 2011
On Nov. 5, 2010, the Under Secretary of Defense for Personnel & Readiness (USD(P&R)) signed a memorandum announcing the removal of printed Social Security numbers on all Department of Defense identification cards. By the end of May 2011 and beyond, all DoD ID cards issued will display a new number, called the DoD identification number (also known as the EDI-PI). In addition to the DoD ID number, individuals entitled to ...
by DON CIO Privacy Team - November 10, 2010
When is a Privacy Act Statement required?
If your organization requests that an individual furnish personal information (name, date of birth, Social Security number, etc.) for a system of records, regardless of the method used to collect the information (e.g., forms, personal or telephonic interview, etc.), then a Privacy Act Statement (PAS) is required. If the information requested will not be included in a system ...
November 5, 2010
Department of the Navy electronic storage media processing, copying or storing classified and/or controlled unclassified information (CUI) is subject to the requirements of DTG 221633Z AUG 10: "Processing of Magnetic Hard Drive Storage Media for Disposal" and shall be safeguarded commensurate with the level of information stored until destroyed.
by DON CIO Privacy Team - October 19, 2010
The following resources are intended to supplement SECNAVINST 5211.5E: "DON Privacy Program"
and should prove useful to Privacy Act coordinators. Please submit suggestions for additions to this list to the Ask an Expert section of the website. Select the topic: "Privacy Act."
by DON CIO Privacy Team - October 15, 2010
The Privacy Act of 1974 is largely based on a set of internationally recognized principles for protecting the privacy and security of personal information known as the Fair Information Practices. A U.S. government advisory committee first proposed the practices in 1973 to address what it termed a poor level of protection afforded to privacy under contemporary law. The Organization for Economic Cooperation and Development ...
by DON CIO Privacy Team - September 24, 2010
All Privacy Act system of records notice (SORN) actions are transmitted electronically to the Chief of Naval Operations, Department of Defense and the Federal Register, because this method is both time and cost effective. Since DoD uses special software to transmit the text to the Federal Register, please do not indent, underline, bold, double-space or center the text.
All new systems require a "Narrative Statement on ...
by DON CIO Privacy Team - September 24, 2010
A Privacy Act (PA) system of records notice is the authority that allows you to collect, maintain and disseminate information that is retrieved by an individual's name and personal identifier. Because many activities maintain similar types of records, we have written generic or "umbrella" PA systems of records notices to cover activities that require collection of those types of records.
by DON CIO Privacy Team - September 17, 2010
The following processes are provided for active duty military members, former military members, family members, and other individuals wishing to obtain copies of military personnel records.
by DON CIO Privacy Team - September 17, 2010
The attachment is a copy of the Code of Federal Regulations, Title 32, Volume 5, Revised as of July 1, 2008 (32 CFR 701.128), "Privacy Act Exemptions for Specific Navy Record Systems."
by DON CIO Privacy Team - September 17, 2010
The following checklist is provided for use by Privacy Act coordinators and should be tailored to a command's specific needs.
by DON CIO Privacy Team - September 15, 2010
The Defense Privacy Program homepage provides resources related to the Privacy Program, Privacy Impact Assessments and the Freedom of Information Act.
by DON CIO Privacy Team - September 15, 2010
To make a Privacy Act (PA) request, label the request itself and the envelope: "PRIVACY ACT REQUEST." Identify the specific PA system of records notices you wish to have searched. (See index of PA System of Records Notices and submit your request according to the requirements set forth under "Record Access Procedures.") PA requests must be signed, so we cannot accept email requests.
by DON CIO Privacy Team - September 15, 2010
The attachment below provides step-by-step instructions to encrypt files using WinZip.
by DON CIO Privacy Team - September 15, 2010
The following additional resources are provided:
by DON CIO Privacy Team - September 15, 2010
The "Overview of the Privacy Act of 1974," prepared by the Department of Justice's Office of Privacy and Civil Liberties (OPCL), is a discussion of the Privacy Act's disclosure prohibition, its access and amendment provisions, and its agency recordkeeping requirements.
September 15, 2010
Best Practices for use with Command Shared Drives and Web Portals
The attachment below is the Program Executive Officer, Enterprise Information Systems (PEO EIS) Portal Procedures for Safeguarding Personally Identifiable Information (PII) and should be used as a best practice. The Department of the Navy has experienced numerous breaches across the enterprise in which PII was improperly posted to shared drives and web ...
by DON CIO Privacy Team - September 15, 2010
What is the Privacy Act?
The Privacy Act (PA) pertains to records the Department of the Navy is maintaining about you. More than 150 types of PA System of Records Notices (SORNs) have been identified that allow the DON to collect, maintain, use and disseminate information about individuals affiliated with the Department. View a complete list of approved systems.
by DON CIO Privacy Team - September 15, 2010
The following list of Office of Management and Budget memoranda pertains to privacy and is provided to assist personnel as they conduct their daily privacy-related functions.
September 13, 2010
Disclosure accounting allows an individual to determine what agencies or persons have been provided information from the system of records about them, enables Department of the Navy activities to advise prior recipients of the system of records of any subsequent amendments or statements of dispute concerning the system of records, and provides an audit trail of the DON's compliance with the Privacy Act of 1974.
September 13, 2010
When an individual is requested to furnish personally identifiable information for possible inclusion in a system of records, a Privacy Act Statement (PAS) must be provided to the individual, regardless of the method used to collect the information (e.g., forms, personal, telephonic interview, IT system, etc). If the information requested will not be included in a system of records, a PAS is not required.
by DON CIO Privacy Team - September 3, 2010
Naval message DTG 192101Z Jul 10: "DON Social Security Number Reduction Plan for Forms Phase One" requires the use of SECNAV 5213/1 to review and justify the continued collection of Social Security numbers on all Department of the Navy forms.
August 5, 2010
The following hard drive disposal resources provide current Department of the Navy policy and guidance with regard to degaussing, destruction, and turn-in of DON-owned or leased hard drives. It also includes the waiver process.
by DON CIO Privacy Team - August 5, 2010
The following guidelines are provided for the proper destruction of Department of the Navy hard drives.
by DON CIO Privacy Team - July 12, 2010
The following is a list of 12 acceptable use criteria for systems requesting the use of Social Security numbers.
by DON CIO Privacy Team - June 23, 2009
Welcome to the Department of the Navy Chief Information Officer Privacy Team recommended reading list. This list will be periodically updated.
by DON CIO Privacy Team - June 19, 2009
The identity theft brief attached below was presented at the 2012 Department of the Navy IM/IT Conference and is provided as a reference and for use in developing other PII presentations.
by DON CIO Privacy Team - June 19, 2009
The Privacy Impact Assessment (PIA) brief attached below was presented during the 2012 Department of the Navy IM/IT Conference and is provided as a reference and for use in developing other PIA presentations.
March 2, 2009
An Office of Management and Budget (OMB) Information Collection Number is required when collecting information from 10 or more members of the public in a 12-month period and is used in completing the Privacy Impact Assessment (PIA) Template.
January 20, 2009
The attached brief provides background information, the resultant responses and best practices developed by the Bureau of Naval Personnel related to the sensitivity to the loss of personally identifiable information of DON personnel. Also attached is a transcript from the presentation.
December 19, 2008
In addition to the privacy resources and information available on the DON CIO website, the following list of websites provide further information on privacy and identity theft prevention.
August 15, 2008
Commands reporting a loss or suspected loss of personally identifiable information (PII) will be contacted by the Department of the Navy Chief Information Officer Privacy Team to determine if individual notifications are required. The decision to notify will be based on the nature of the PII compromised and the resultant level of risk of identity theft. If the command is faced with notifications and cannot locate the ...
July 22, 2008
The DON Table of Potential Consequences and Penalties for the Mishandling/Improper Safeguarding of PII was developed with legal assistance from the Department of the Navy’s Office of Civilian Human Resources and its Workforce Relations and Compensation Division, the Office of the Judge Advocate General, and the Office of the DON CIO.
July 10, 2008
The Department of the Navy Cyber Crime Handbook contains an overview of the definitions, criminal techniques, electronic laws, incident reporting and responses regarding the cyber threats to Department personnel and the global infrastructure we rely on.