Protecting Personally Identifiable Information
By Tech. Sgt. Scott Sheldon, 31st Fighter Wing Information Assurance
/ Published May 26, 2010
AVIANO AIR BASE, Italy -- As the Department of Defense relies more and more on cyberspace to achieve national military objectives, adversaries are constantly looking for avenues of approach to exploit cyberspace to gain strategic, operational, and tactical advantage. As a result, it is the responsibility of all U.S. Air Forces in Europe personnel to protect our networks and critical information.
When using a computer over a network, there is always the possibility of data intercept by our adversaries or commercial organizations. When using any network, your actions are monitored, categorized and redistributed in a multitude of ways. In many cases public and private organizations are simply carrying out legitimate requests to transfer your data to intended destinations. These agencies may also be acquiring records to further their own commercial interests. Others may just be listening and watching with indeterminable intentions. Without knowing precisely who may have the capability to view the data we transmit and store, it is vital to know and understand what information must be protected.
Many of the electronic documents we work with on a day-to-day basis contain Personally Identifiable Information and other Privacy Act information. PII is defined as any information that can potentially be used to uniquely identify, contact or locate an individual. This is the type of information that identity thieves and our adversaries could specifically target. Some examples of PII include age and date of birth, social security numbers, educational levels, marital status, home addresses or telephone numbers. Many of the documents we routinely work with, such as performance reports, work center rosters, and manning documents, contain this type of information.
When sending PII or Privacy Act information via electronic mail, always use digital signatures, encryption, and appropriate subject line headers. In addition, the first line in the e-mail message must contain the following statement: "This e-mail contains FOR OFFICIAL USE ONLY (FOUO) information which must be protected under the Privacy Act and AFI 33-332." Electronic documents should be encrypted and password protected when stored on network devices. You should also restrict access to files and folders that contain sensitive information so only authorized personnel have access to them. Adding these simple security measures to your daily routines can effectively eliminate PII and Privacy Act violations.
In addition, it is always a good idea to secure and protect your home computer. Use anti-virus and anti-spyware software and conduct routine scans of your system. You should monitor what you transmit to Web sites or e-mail recipients. Never post personal information, such as full names, addresses, phone numbers, unit of assignment or other military designators, on social networking Web sites. Do not respond to phishing scams that request personal details through e-mail solicitation. If you doubt the validity of a Web site, use the contact information located on the site to speak with a company representative before transmitting personal information. If you store private information on your home computer use encryption, file and folder permissions to secure the information.
Using these simple security measures can have tremendous impacts on the security of our information. While the steps involved often take more time, we should be reminded that forgoing security for the sake of convenience is never an option. By continuing to follow these procedures we can prevent the disclosure of our information to unauthorized individuals and ensure the integrity of our computers and network systems.