Department of Navy Chief Information Officer - News: Safeguarding PII on the Command Shared Drive

Audit Readiness of IT Systems (0)	DIACAP (12)	Information Sharing (48)	Open Source (3)
Awards (35)	DON Enterprise Architecture (49)	IT Asset Management (20)	Performance Measurement (2)
Business Case Analysis (11)	Enterprise Licensing Agreements (12)	IT Efficiencies (119)	Personal Electronic Device (17)
CIO Authorities (56)	Enterprise Services (35)	IT Expenditure Approval Authority (12)	Printing and Imaging (Copiers/MFDs) (17)
Civil Liberties (21)	Enterprise Software Initiative (32)	IT Governance (48)	Privacy (257)
Clinger-Cohen Act Compliance (25)	FISMA (11)	IT Infrastructure (17)	Public Key Infrastructure (19)
Cloud Computing (21)	Forms/Reports (14)	IT Investment Management (77)	Records Management (38)
Common Access Card (9)	Freedom of Information Act (27)	IT Portfolio Management (1)	Section 508 (10)
Cybersecurity (240)	Functional Area Manager (9)	Knowledge Management (34)	Social Media (31)
Cyberspace/IT Workforce (34)	GIG Standards (20)	Naval Enterprise Networks (38)	Spectrum (56)
DADMS/DITPR-DON (42)	Green IT (10)	Naval Networking Environment (12)	Statutory & Regulatory Compliance (11)
Data at Rest (10)	Identity Management (112)	NGEN (18)	Telecommunications (62)
Data Center Consolidation (37)	IM/IT Strategy (44)	NMCI (27)	Wireless (65)
Data Strategy (12)	Information Assurance (63)

Safeguarding PII on the Command Shared Drive

Published, September 1, 2008

Recent personally identifiable information (PII) breach reports highlight the need to conduct searches of shared drives throughout the Department to protect employees’ personal information and reduce the risk of identity theft. PII is found most often in documents related to awards, medals, legal issues, medical records and financial data.

ALNAV 070/07: DON Personally Identifiable Information Annual Training Policy, requires commands to conduct a semi-annual compliance spot check targeting those offices that handle PII on a regular basis (e.g., human resources, personnel support, financial, medical and legal). The checklist should be used as a guide.

Item 19 on the checklist requires a search and spot check of 25 percent of files likely to contain PII on a command’s shared drive. This Privacy Tip of the Month provides suggestions and lessons learned to assist in searching a shared drive and properly safeguarding any PII discovered during this search.

As an example, each member of a command could:

Conduct a full text search of all shared drive files and folders (e.g., Microsoft Office documents and Adobe Acrobat PDF documents) using his or her last name as the key word search criteria. (Note: Search results for Adobe Acrobat PDF documents will only be returned based on a search of the subject line (i.e., not a full text search).
Subject lines of the search results could then be visually scanned and documents opened that one would expect to contain PII. PII is information linked to an individual that could result in identity theft (e.g., SSNs, and financial, medical and/or legal information, etc.).
Documents that actually contain PII could then be password protected. See below for process.
Location(s) of the document(s) in question should be noted for easy retrieval in the future.
Command Privacy Act coordinators should consult with their records management personnel regarding retention and destruction rules for the specific documents in question IAW the Records Management Manual (SECNAV M-5210.1, November 2007 (Rev)).
Based on this information, determination can then be made as to the best way to protect and store documents that need to be retained and when and how to dispose of those documents no longer required.

In any case, deleting/redacting unnecessary PII where possible and reducing the amount of PII collected in the future should be everyone’s goal.

Below are the steps to password protect documents that contain PII.

To password protect a Microsoft Office document:

Open and save the document to the desired location.
Click on "Tools" in the tool bar at the top of the screen.
Click on "Options" in the drop down menu.
Click on the "Security" tab.
Type in your password and click on "OK."
Confirm your password and click on "OK."

To password protect an Adobe .PDF document:

Open and save the document to the desired location.
Click on "Document" on the tool bar.
Select "Security" and then click on "Secure this document…"
Click on "Restrict opening and editing using passwords…"
Check the box "Require a password to open the document."
Select a password and type it in the "Document Open Password:" box.
Click on "OK" and confirm the password.
Click on "OK."
You must now save the document for the password restriction to take effect.

TAGS: Cybersecurity, Privacy

Processing of Electronic Storage Media for Disposal

DON Public Affairs Policy and Regulations

Safeguarding Personally Identifiable Information

DON Privacy Impact Assessment Guidance

DON CIO Information

Online Services & Community

RSS Feeds

DON CIO FOIA

DON CIO Mobile Website

Website Accessibility

External Links Disclaimer

SECNAV DON CIO • 1000 Navy Pentagon
Washington, DC 20350-1000

This is an official U.S. Navy website (DoD Resource Locator 45376) sponsored by the Department of the Navy Chief Information Officer (DON CIO). The purpose of this website is to facilitate effective information flow about information management/information technology and cybersecurity issues and initiatives occuring within the Department of the Navy.

Please read our Privacy Policy notice.
Please read our Section 508/Accessibility Statement.

Trending

Safeguarding PII on the Command Shared Drive

Published, September 1, 2008

TAGS: Cybersecurity, Privacy

DON CIO Information

Online Services & Community