Safeguarding Personally Identifiable Information (PII)
IF YOU COLLECT IT, YOU MUST PROTECT IT!
WHAT IS PII?
- PII is any information which can be used to distinguish or trace an individual’s identity.
- PII is any personal information which is linked or linkable to a specified individual.
COLLECTING PII
It is your responsibility to:
- Ensure that the information entrusted to you in the course of your work is secure and protected. PII must only be accessible to those with an “official need to know.”
- Minimize the use, display or storage of Social Security Numbers (SSN) and all other PII. The DoD ID number or other unique identifier should be used in place of the SSN whenever possible.
- Keep personal information timely, accurate, and relevant to the purpose for which it was collected. Delete the information when no longer required.
- Provide a Privacy Act Statement (PAS) when collecting PII.
SAFEGUARDING PII
- Safeguarding refers to protecting PII from loss, theft, or misuse while simultaneously supporting the agency mission.
- Safeguards are protective measures the Army takes to prevent unauthorized access to or disclosure of personally identifiable information (PII).
- Safeguards are used to protect agencies from “reasonably anticipated threats.”
WHY IS IT IMPORTANT TO SAFEGUARD PII?
- Unauthorized recipients may fraudulently use the information.
- Damage to victims can affect their good name, credit, job opportunities, possibly result in criminal charges and arrest, as well as cause embarrassment and emotional stress.
Failure to safeguard PII can :
- Result in disciplinary actions. As a Government employee you can personally suffer criminal or civil charges and penalties for failure to protect PII.
- Erode confidence in the government’s ability to protect information.
- Impact business practices.
- Lead to major legal action.
- Lead to identity theft which can be costly to both the individual and the government.