Trending

BROWSE ALL TOPICS

To Err is Human: Human Error is Main Cause of PII Breaches

By Steve Muck - Published, February 7, 2011

Human error is the cause of 80 percent of the DON's PII breaches. Not knowing or not following guidance, or just being careless can result in the unintended disclosure of privacy sensitive information and potentially adversely affect many personnel.

The Social Security number is the most frequently lost, stolen or compromised PII data element. The SSN is involved in almost 70 percent of DON breaches. This sensitive identifier must be closely safeguarded or eliminated from use. SSNs are improperly disclosed by: sending SSNs in an email or in attachments, creating recall rosters with SSNs, or posting names with associated SSNs to web portals or shared drives. In these examples, SSNs were either transmitted without encryption, not properly marked or sent to recipients that did not have a need to know.

DOD DIRECTIVE 5400.11 DEFINITIONS

5400.11 Para E2.2: Personally Identifiable Information (PII) Personal Information. "Information about an individual that identifies, links, relates, or is unique to, or describes him or her (e.g., a Social Security number; age; military rank; civilian grade; marital status; race; salary; home or office phone numbers; other demographic, biometric, personnel, medical, and financial information, etc.). Such information also is known as personally identifiable information (e.g., information which can be used to distinguish or trace an individual's identity, such as his or her name; Social Security number; date and place of birth; mother's maiden name; and biometric records, including any other personal information which is linked or linkable to a specified individual.)"

5400.11-R: PII Breach

"Actual or possible loss of control, unauthorized disclosure, or unauthorized access of personal information where persons other than authorized users gain access or potential access to such information for an other than authorized purposes where one or more individuals will be adversely affected."

Steve Muck is the DON CIO privacy team lead.

TAGS: Cybersecurity, Privacy

Related Policy
Improving Critical Infrastructure Cybersecurity
Processing of Electronic Storage Media for Disposal
DON Public Affairs Policy and Regulations
Safeguarding Personally Identifiable Information
DON Privacy Impact Assessment Guidance
Related News
DON IT West and East 2017 Conference Registration Now Open
Nominations for DON IM/IT Excellence Awards Due Dec. 5
DON CIO Awards Recognize Information Management and Information Technology Excellence
DON IT Conference Presentations Available
DON CIO Congratulates 2016 DON IM/IT Award Winners
Related CHIPS Magazine
Tech Support Companies Using Deceptive Pop-Up Ads to Scare Consumers into Purchasing Unneeded Service
Creating a Smart, Skilled Cybersecurity Workforce
Factsheet: National Background Investigations Bureau
DoD Releases Update of Manual Governing Defense Intelligence Activities
OPM Announces New Chief Information Officer
Related Resources
Personally Identifiable Information Posters
2014 PII Brief
DON Users Guide to Personally Identifiable Information
Inventory of DON Systems With Completed Privacy Impact Assessments
Privacy Frequently Asked Questions
Related Industry News
New Pentagon Website Can Tell If You Were Hacked by China
Nextgov 
America Needs To Stay the Course on GPS Security
Space News 
5 Ways to Spot a Coerced Insider Threat
Nextgov 
For Today's Government Data Security, Trust no one
Government Computer News 
OPM Security Chief: You're Gonna Need a Bigger Boat
Federal Computer Week 

DON CIO Information

Online Services & Community