CHARLESTON AIR FORCE BASE, S.C. –
We all handle personal information on Charleston AFB. Therefore, it is imperative everyone understands Personally Identifying Information and the proper handling of this sensitive information. PII has taken the spotlight and has become a Special Interest Item within the Air Force.
What is PII? PII is defined as information directly identifying an individual. Examples include names, personal addresses, social security numbers or e-mail addresses.
Why should you protect PII? It is vital to protect this information because it can easily result in identity theft. Identity theft is a situation in which an individual's personal information is used without authorization in an attempt to commit fraud or other crimes.
If you discover any disclosures of PII data, report it immediately to your chain of command. Lost, stolen or possible compromised PII must be reported within one hour of the discovery to base Records Management at 963-3273 and they will then contact U.S. Computer Emergency Readiness Team. An investigation will be initiated and those who are found guilty of causing the breach could be charged with criminal and civil penalties. Here are do's and don'ts in protecting PII:
Do's
1. Protect PII information according to its sensitivity level. Privacy Act Cover Sheets should be used as protection.
2. Ensure all official records, especially those depicting personal information on an individual, are properly identified on the official file plan for office or organization.
3. Treat personal information on a "need to know" basis. All Air Force personnel have an obligation to safeguard these records from inappropriate access.
4. Verify with the base records manager, legal office or higher level functional expert when in doubt about collection and use of personal information.
5. Provide a PII warning statement at the beginning of e-mail, not at the end. It alerts readers to protect such information.
6. Shred PII before placing in recycle bins. Peel and stick signs for recycle bins are available at base records management.
Don'ts
1. Leave items such as performance reports, recall rosters or alpha rosters in an area that could result in loss or theft.
2. Store electronic PII records on shared drives without being password protected.
3. Develop or use databases, which include personal identifier fields unless prior approval is obtained; store electronic PA records on shared drives.
4. Disclose information from a system of records to someone not entitled to such information.
5. Obtain another person's records under false pretenses.
6. Take for granted everyone is honest when it comes to protecting PA information.
Everyone has a chance of becoming a victim of identity theft. The monetary and emotional cost of repairing an individual's identity can be extensive, requiring years to recover. Each of us must be diligent in protecting and properly destroying PII information.
Identity theft is a high-tech epidemic, it's for real and it's happening now. Each of us must protect the privacy rights of others.