Losses of personally identifiable information (PII) can have lasting repercussions for both those whose data has been compromised and for the federal agency responsible for safeguarding it. Training on both PHI and PII protection are mandatory for DOD civilian employees and military personnel.
Joint Knowledge Online will host this training. Selecting the Launch Training button will direct you there.
Defining PII
As more data is being accumulated by both public and private organizations, it comes as no surprise that personal identifiable information (PII) can often become vulnerable to cyber attacks and breaches. As such, people have become increasingly wary about how organizations collect and utilize their personal data. Pinpointing exactly what constitutes Personal Identifiable Information can be tricky, but in general it refers to any data which identifies someone. Attributes that identify one include their full name, face and other physical identifiers; email address; date of birth; social security number (SSN); bank account numbers (BAN); driver’s license (DLN), passport (PAN), biometric data, passwords/login information/screen names/any other personal identifier.
PII refers to any high risk data that, if exposed, could cause substantial harm or embarrassment to an individual. Examples include Social Security numbers, health and medical records covered by HIPAA regulations, biometric information such as fingerprints or DNA, financial details like credit report numbers or bank account numbers as well as security clearance details as well as any data that is unique to an individual, such as their birth place address phone number etc.
PII training equips employees to identify this sensitive data, protect it against unapproved access, such as through encryption and other secure storage methods, and limit vulnerabilities by restricting how much PII hackers gain access to in the first place. Attaining this goal requires using various techniques, such as identity and access management (IAM), encrypted in transit and at rest data storage, homomorphic encrypted data protection, and confidential computing. Zero-trust architecture and multifactor authentication can add another layer of protection against hackers gaining access to personally identifiable information (PII). Employee training on how to recognize phishing attempts or any other types of cyberattacks designed to steal PII should also be implemented to protect the business’ data. Implement a security awareness program and regularly conduct phishing and cyberattack simulations, including providing training in protecting sensitive information (PII). Doing this can raise awareness among army personnel as to their roles and responsibilities when protecting this vital resource.
Managing PII
If you work in IT, security or compliance, Personal Identify Information (PII) has likely come up a lot in conversation. PII data is vulnerable to cyber attacks, fraud and government regulations regarding privacy regulations but also essential for backup and restore operations. There are ways of managing PII so it becomes less vulnerable to attack.
Limiting access is the cornerstone of protecting personally identifiable information (PII). Employees should be forbidden from viewing sensitive data when not working on projects requiring its use; this way, less chance exists of accidentally sharing this data with unintended individuals or companies. PII should also be encrypted before it’s transmitted over the Internet and stored safely – for instance using records storage facilities with advanced security controls for hard copies of such PII.
As another means of protecting PII, Security’s Sensitive Data Intelligence (SDI) solutions enable organizations to automate key aspects of its management. For example, these solutions help organizations discover, identify, classify, catalog and store PII within both structured and unstructured data systems, while providing insight into access settings, sensitive data and regulations so as to reduce the chance of data breach while meeting compliance laws and regulations.
Businesses must establish policies and procedures for collecting, storing, using, transmitting and disclosing PII. These should be adopted entity-wide and communicated to employees; then reviewed regularly for updates as technology or threats emerge.
Management of personally identifiable information (PII) is vital to any business’s success. As it touches all areas of an individual’s life – be it financial or civic – improper protection can lead to massive identity theft and business disruptions; but with proper tools and training, businesses can ensure their PII remains protected while preventing costly breaches by creating policies and procedures for handling and storing PII, as well as encrypting all transited and stored information.
Disposing of PII
Once no longer needed, PII should be properly disposed of to avoid falling into the hands of hackers or being compromised in other ways. PII can be found both on paper documents as well as electronic ones containing photographs, videos, audio recordings or voicemails, making it imperative for military personnel, Department of Defense civilians and contractors to safeguard all pertinent PII at all times.
Information considered personally identifying information (PII) must be used to distinguish or trace an individual, such as personal descriptors, names, dates of birth, social security numbers, medical evaluations and military status evaluations. Furthermore, biometric records that link back to an individual must also be considered PII and collected under federal laws or Executive Order.
The DoD has implemented policies and procedures for handling and disposing of Personally Identifiable Information (PII). Employees and contractors must familiarize themselves with these regulations in order to report any breach or loss of PII, while also notifying DoD of any breach in security of PII that might compromise the privacy of its workforce, their families, or civilian personnel in general. These safeguards exist in order to protect both military service members as well as civilian staffers alike.
As keeping a list of documents that contain personally identifiable information (PII) will enable you to easily identify any that are accidentally discarded or lost, it’s wise to be sure all the proper disposal procedures have been complied with. Also, for additional protection it would be prudent to store office documents that contain PII in an offsite file cabinet, away from foot traffic and unapproved personnel.
GSA’s Privacy Program offers online and in-person courses on safeguarding Controlled Unclassified Information (CUI) and Personally Identifiable Information (PII). New employees are required to complete this training upon employment; current employees and contractors are mandated annually. These courses aim to give participants an overview of how best to handle and secure PII while also teaching how to respond in case of breaches.
Keeping Records Secure
Records security is an integral component of army pii training, and should be prioritized. This ensures that only authorized people have access to this information and prevents it from being stolen or misused – this is especially crucial with electronic records, which can be vulnerable to hackers and other potential threats. Various measures can be implemented to secure electronic records such as using strong passwords and locking up cabinets where records are kept. It’s also vitally important that there be a system in place for reporting incidents.
Persons whose personal information has been stolen or released could experience both financial and reputational harm as a result. This may impact their credit rating, job opportunities and cause embarrassment; furthermore it could result in disciplinary action and criminal charges being taken against them; furthermore it can damage trust in government’s ability to protect PII; in extreme cases it can even lead them to lose their homes or other properties altogether while incurring large fines and penalties from failing to do so.
Legal requirements require the Department of Defense to protect PII and PHI. Military personnel and other federal employees must also receive training on this topic; training outlines legal requirements regarding protecting these records as well as individual responsibilities for safeguarding them. Joint Knowledge Online (JKO) hosts this course. To access it, select Launch Training; to take it you will need your CAC/VA PIV number as access is granted via login credentials.
This interactive presentation covers the definition and classification of personally identifiable information (PII) and protected health information (PHI), the use and disclosure policies and procedures, as well as both organization’s and individual responsibilities in protecting PII. The course is targeted toward DOD civilians, military members, contractors using DOD information systems as well as any Federal agencies which utilize these systems; it is not meant to replace in-house training on this matter.