2013 annual pii training certificate n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
2013 Annual PII Training Certificate PowerPoint Presentation
Download Presentation
2013 Annual PII Training Certificate

Loading in 2 Seconds...

play fullscreen
1 / 29

2013 Annual PII Training Certificate - PowerPoint PPT Presentation


  • 98 Views
  • Uploaded on

2013 Annual PII Training Certificate. This is to certify that I have received my 2013 annual PII training. I understand that I am responsible for safeguarding PII. I also understand that I may be subject to disciplinary actions for failure to properly protect and safeguard PII data.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '2013 Annual PII Training Certificate' - yuri


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
2013 annual pii training certificate
2013 Annual PII Training Certificate

This is to certify that I have received my 2013 annual PII training. I understand that I am responsible for safeguarding PII. I also understand that I may be subject to disciplinary actions for failure to properly protect and safeguard PII data.

_________________________________ _________________

Name Date

privacy act

Privacy Act

Personally Identifiable Information (PII) Training

questions this module will answer
Questions this Module Will Answer …
  • What is Personally-Identifiable Information (PII)?
  • What are your roles and responsibilities regarding the Privacy Act?
  • What often causes PII loss or compromise?
  • What are the potential costs?
  • How can you prevent losing or compromising PII?
  • How should you handle, protect and dispose of PII?
  • What should you do if PII is lost or compromised?

PMT | Apr 2013 | v 0.1 | Privacy Act

you are responsible for
You Are Responsible for …
  • Ensuring you complete PII training annually
  • Abiding by protocols when collecting, maintaining, destroying, or disseminating personal information
  • Periodically reviewing shared devices for compliance
  • Practicing Limited Access Principles
  • Ensuring that contracts include privacy clauses FAR 52-224-1 and 52.224-2 and that contract language addresses how data is to be disposed at the end of the contract
  • Identifying the Privacy Act System of Records Notice (SORN) and following the rules set in the notice

PMT | Apr 2013 | v 0.1 | Privacy Act

what is the privacy act
What is the Privacy Act?
  • The Privacy Act of 1974, as amended by 5 U.S.C. 552a, regulates the collection, use, safeguarding, and disposition of personal information in government-wide systems of records

PMT | Apr 2013 | v 0.1 | Privacy Act

personally identifiable information pii
Personally Identifiable Information (PII)
  • PII refers to information that can be used to distinguish or trace an individual’s identity
  • PII needs to be protected and released only on a need-to-know basis
  • Two Types
    • Sensitive
    • Non-Sensitive

PMT | Apr 2013 | v 0.1 | Privacy Act

sensitive pii
Sensitive PII

Sensitive PII is information, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual

Sensitive PII elements include, but are not limited to:

PMT | Apr 2013 | v 0.1 | Privacy Act

non sensitive pii
Non-Sensitive PII

Non-Sensitive PII is information, that could be sensitive to an employee; could also be information that is needed to do the business of the agency

Non-Sensitive PII elements include but are not limited to:

PMT | Apr 2013 | v 0.1 | Privacy Act

what is a system of records notice
What Is a System of Records Notice?
  • Before DON can use a system of records to collect and maintain information on an individual it must publish a Privacy Act System of Records Notice (SORN) in the Federal Register
    • Informs the general public of what data will be collected, its purpose, and on who’s authority
    • Sets the rules the DON will follow in collecting and maintaining personal data

PMT | Apr 2013 | v 0.1 | Privacy Act

what is a privacy act system of records
What Is a Privacy Act System of Records ?

A Privacy Act system of records is "a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual”

Government-Wide Examples

DON Examples

Equal Employment Opportunity in the Federal Government Complaint and Appeal Records (EEOC/GOVT)

General Personnel Records (OPM/GOVT-1)

Organization Management and Locator System (NM05000-2)

Time and Attendance Feeder Records (NM07421-1)

Employee Relations (NM12771-2)

The DON Chief Information Officer lists over 150 DON Privacy Act system of records www.doncio.navy.mil

PMT | Apr 2013 | v 0.1 | Privacy Act

why protect
Why Protect?
  • Regulations
  • To prevent unauthorized uses
  • To protect against Identity Theft
  • To avoid compromise
  • To avoid loss
  • Protects business practices

It’s the right thing to do!

PMT | Apr 2013 | v 0.1 | Privacy Act

how to protect pii
How to Protect PII?
  • Question individuals who request PII data
  • Assure Need-to-Know
  • Safeguard personal data
  • Maintain close control of data
  • Store data out-of-sight
  • Take steps to properly destroy data
  • Lock offices
  • Lock cabinets
  • Use DD2923 cover sheet

PMT | Apr 2013 | v 0.1 | Privacy Act

how to protect email
How to Protect Email?

Email

  • Encrypt all email containing PII and FOUO data
  • Ensure PKI certificate has been published to the Global Address Listing (GAL)/Microsoft Outlook so email can be encrypted
  • Use the recommended warning statement in email when sending PII data:

FOR OFFICIAL USE ONLY - PRIVACY SENSITIVE - Any misuse or unauthorized disclosure can result in both civil and/or criminal penalties.

    • Statement should be at the top of email message
    • FOUO should be present in the subject box of the email
    • Statement should only be used in email that contain sensitive data
    • Should not be used as a blanket statement

PMT | Apr 2013 | v 0.1 | Privacy Act

how to protect muster recall rosters
How to Protect Muster/Recall Rosters?

Muster/Recall Rosters

  • Access on a need-to-know basis
  • Shall never contain SSN’s
  • Only contain names (abbreviated), addresses, and telephone numbers
  • Use Cover Sheet
  • FOUO/Privacy Statement
  • Do NOT hang muster/recall cards around your neck
  • If lost have a way for someone who finds it to return or destroy

PMT | Apr 2013 | v 0.1 | Privacy Act

how to protect when faxing
How to Protect When Faxing?

Faxing – Per Department of the Navy GENADMIN message 171625ZFEB2012

  • Use of Fax Machines to send SSN’s and other PII by DON Personnel is PROHIBITED except when:
    • Another more secure means of transmitting is not practical
    • A process outside of DON control requires faxing such as:
      • DFAS,
      • TRICARE,
      • Defense Manpower Data Center (DMDC)
    • In cases where operational necessity requires expeditious handling

PMT | Apr 2013 | v 0.1 | Privacy Act

additional protection info when faxing
Additional Protection Info When Faxing
  • When sending a fax utilize a Privacy Act

Cover Sheet and verify receipt

  •  External customers such as service veterans, Air Force and Army personnel, dependents, and retirees may continue to fax documents containing PII to DON activities but shall be strongly encourage to use an alternative means such as:
    • USPS
    • Scanning and transmit using a secure means

PMT | Apr 2013 | v 0.1 | Privacy Act

how to protect outlook calendar cell phone
How to Protect Outlook Calendar/Cell Phone?
  • Shared Outlook Calendar
    • Do not post
      • Type of leave taking
      • Where you are on travel
      • Birthdays
    • Keep personal and work calendar separate
  • Cell phone
      • Initials
      • Last name and first initial
      • Last name only

PMT | Apr 2013 | v 0.1 | Privacy Act

disposal and reducing risk
Disposal and Reducing Risk
  • Cross cut shred documents with PII
  • Place only shredded PII into recycling
  • Use caution when copying documents with PII
  • Posters available on RFCC COI
    • Faxing
    • Copying
    • Shredding

https://mynavair.navair.navy.mil/portal/server.pt/community/privacy_act/1176/privacy_act_resources/57552

PMT | Apr 2013 | v 0.1 | Privacy Act

not protecting pii
Not Protecting PII
  • If PII is:
    • Lost
    • Stolen
    • Compromised
  • You will need to take action!
    • Does it need to be reported?
    • Can you define the data and who it belonged to?
    • Is it a Breach?

PMT | Apr 2013 | v 0.1 | Privacy Act

breach
Breach
  • A PII breach is the loss of control, unauthorized disclosure, or unauthorized access of personal information, or the compromise of privacy-sensitive information.
  • It could be:
    • Loss of device which houses PII data (lap top, cell phone, PDA, hard drives, portable storage device, etc.)
    • IT System being hacked
    • Email containing PII data sent unencrypted outside of our control
    • PII data in recycling (not shredded)
    • PII data left out in open areas (cubes, printers, faxes)

PMT | Apr 2013 | v 0.1 | Privacy Act

what makes a breach reportable
What Makes A Breach Reportable?
  • Will the lost or stolen data lead to harm, embarrassment, or identity theft?
  • Is the likelihood high that PII will be or has been used by unauthorized individuals?
  • Was the data unprotected?
  • Could there have been a disclosure of private facts?
  • Could there be an unwarranted exposure of PII leading to humiliation or loss of self-esteem?
  • Could there be a potential for blackmail?

PMT | Apr 2013 | v 0.1 | Privacy Act

causes of pii loss or compromise
Causes of PII Loss or Compromise

Human error

Stolen laptops

Unprotected PII sent using email or by fax

Posting PII on bulletin or check-in/out boards

Lost portable storage devices

Using inappropriate methods for disposing of documents containing PII

Posting PII in public folders, on internal websites (e.g., MyNAVAIR), or on the Internet

PMT | Apr 2013 | v 0.1 | Privacy Act

impact of a breach
Impact of a Breach

Emotionally stressful

Embarrassing

Facilitates identity theft

Compromises business practices

Results in disciplinary action against the offender

Erodes confidence in the Government’s ability to protect PII information

PMT | Apr 2013 | v 0.1 | Privacy Act

examples of breaches
Examples of Breaches

DON has reported the following types of breaches:

  • Stolen lap top
  • Unencrypted emails
  • Resumes in recycling
  • Navy copiers erroneously sold before hard drives sanitized
  • Employee downloaded PII to unencrypted CD
  • A Sailor and his civilian girlfriend were allegedly attempting to steal the identity of multiple staff members
  • Missing hard drives

PMT | Apr 2013 | v 0.1 | Privacy Act

pii violations
PII Violations
  • Violations which may lead to criminal penalties include:
    • Collecting data without meeting the Federal Register publication requirement (SORN)
    • Sharing data with unauthorized individuals
    • Acting under false pretenses or facilitating those acting under false pretenses

Penalties for violating the Privacy Act include a misdemeanor charge with jail time of up to one year and fines of up to $5,000

PMT | Apr 2013 | v 0.1 | Privacy Act

what should you do if pii is breached
What Should You Do If PII Is Breached?
  • Notify your immediate supervisor and the Site Privacy Act Coordinator
  • Gather the following information for reporting purposes:
    • Date of breach
    • Circumstances
    • What was lost
    • Number of employees affected
    • Mitigation

Seek additional assistance from your Site Privacy Act Coordinator as needed

PMT | Apr 2013 | v 0.1 | Privacy Act

summary
Summary
  • Recognize the difference between Sensitive and Non-Sensitive PII
  • Actively voice and demonstrate your support to protect PII
  • Protect, DON’T collect!
  • Collecting PII in a system requires a SORN
  • Properly handle, protect, and dispose of PII
  • Take action to report and mitigate situations where PII may have been lost or compromised

PMT | Apr 2013 | v 0.1 | Privacy Act

2013 annual pii training certificate1
2013 Annual PII Training Certificate

This is to certify that I have received my 2013 annual PII training. I understand that I am responsible for safeguarding PII. I also understand that I may be subject to disciplinary actions for failure to properly protect and safeguard PII data.

_________________________________ _________________

Name Date

privacy act1

Privacy Act

Personnel Management Training

for New Supervisors