Protecting personal information

  • Published
  • By Master Sgt. Kenneth Bellard
  • Academy Public Affairs
U.S. AIR FORCE ACADEMY, Colo. --  The Defense Department defines personally identifiable information, or PII, as information that identifies, links or is unique to an individual.

PII can distinguish or trace a person's identity or any other information linked or linkable to any specified individual.

There were two personally identifiable information violations earlier this year, which means that personnel here didn't appropriately safeguard information.

Charles Springs, the Academy's Privacy Act officer, said the most common PII violations are government computer users failing to digitally sign and encrypt their emails containing PII.

All users should place "For Official Use Only or "FOUO'" at the beginning of the subject line, and "This e-mail contains for official use only information which must be protected under the Freedom of Information Act (5 U.S.C .552) and/or the Privacy Act of 1974 (5 U.S.C. 552a)," in their emails, he said.

The second-most common PII violation is unprotected personal information on share drives, Springs said.

"Users are placing PII in shared folders that are not locked down and they're are not ensuring people with a need-to-know are in the correct security group," he said. "Also, they're not password protecting the document so anyone on the network with access to that area can see the PII, which is a security breach."

For your protection:

· Digitally sign and encrypt emails containing PII.

· Use the PII statement in emails containing Personally Identifiable Information. Do not use this statement otherwise. This will allow email recipients to determine if an email contains sensitive information or not and if the message requires protection.

· Don't take information out of a privacy act system of records and place it in other formats to send via email.

· Lock shared drive areas containing PII to those with a "need-to-know."

· Do not send PII to non-federal agencies unless the agency or person has encryption capabilities. Use https://safe.amrdec.army.mil/SAFE2 as an alternate means.
· Do not send PII to a list of people.

· If a PII violation occurs, immediately secure the information if it's on a shared drive and notify your unit's Privacy Act monitor.

Call 333-6231 for more information.