Trending

BROWSE ALL TOPICS

The Use of Recall Rosters

By DON CIO Privacy Team - Published, August 1, 2010

Privacy Tip While recall rosters serve a useful and valid purpose, safeguards must be in place to ensure that the personally identifiable information they contain is properly maintained and protected to prevent inadvertent disclosure. This privacy tip provides specific safeguards all Department of the Navy personnel should use when creating and sharing recall rosters.

Several recent personally identifiable information (PII) breaches have involved the mishandling of recall rosters. Examples include rosters being posted in publicly accessible areas; rosters being transmitted as email attachments without proper encryption and marking; rosters including full or truncated Social Security numbers (SSN); rosters being stored on a shared drive/web portal without the appropriate access controls/permissions in place; and failure to protect hard copy rosters outside the workplace. Data elements have included various combinations of names, SSNs, dates of birth, family members' names, home addresses, telephone numbers and security clearances. Reasons given for dissemination included "all-hands" meetings, training, social functions and access requests. (Note: Alpha rosters and flight rosters are considered recall rosters.)

When creating and sharing a recall roster, you should:

  • Ask: Does the recipient(s) have a need to know? Is the information appropriately marked as "FOUO - Privacy Sensitive"? Is the transmission secure? Should the information be displayed in this location? Are only essential PII elements listed?
  • Establish procedures for proper maintenance, storage and dissemination.
  • Provide training to ensure DON personnel follow established procedures.
  • Ensure that compliance spot checks include recall rosters.
  • Ensure that the sole purpose is to recall personnel and/or notify them of building/base/office closings.
  • Limit PII elements to only the minimum required to recall an individual, e.g., names, addresses and telephone numbers (home, work, cell). SSNs should never be included.
  • Provide a Privacy Act Statement any time PII is solicited from an individual, whether in writing or electronically. Contact your Privacy Act coordinator for more information.
  • Post to an intranet site only when proper access controls/permissions are in place.
  • See CNO Memorandum: "Recall Rosters" for additional information.
Identity theft affected almost 10 million Americans last year. It is more important than ever that we protect the privacy information of DON personnel.

TAGS: IDManagement, Privacy

Related Policy
Processing of Electronic Storage Media for Disposal
Reduction of SSN Use Within DoD
Updated Plan to Remove Social Security Numbers from DoD Identification Cards
DON Social Security Number Reduction Plan for Forms Phase One
Safeguarding Personally Identifiable Information (PII)
Related News
PII Breach Articles from CHIPS Magazine
Steps For Military Personnel to Take to Defend Against ID Theft
Privacy Tips
Rules for Handling PII by DON Contractor Support Personnel
SSNs to be Removed from Government ID Cards
Related CHIPS Magazine
Factsheet: National Background Investigations Bureau
Privacy Awareness Tips
Safeguarding Your Common Access Cards and Military Identification Cards
Strengthening Privacy Awareness and Protection
Your mobile phone account could be hijacked by an identity thief
Related Resources
Personally Identifiable Information Posters
2014 PII Brief
Privacy Act System of Records Notices
Inventory of DON Systems With Completed Privacy Impact Assessments
2012 Social Security Number Reduction Brief

DON CIO Information

Online Services & Community