The Department of the Navy's Information Technology Magazine Notify Me of New Issue
Email this Article Email   

CHIPS Articles: Posting Official Department of the Navy Information on Personal Unofficial Websites

Posting Official Department of the Navy Information on Personal Unofficial Websites
By Steve Muck and Steve Daughety - January-March 2014
The following is a recently reported breach of personally identifiable information (PII) involving the posting of PII on a personal website by a well-intentioned service member. Incidents such as this will be reported in each edition of CHIPS to increase PII awareness. Names have been changed or omitted, but details are factual and based on reports sent to the Department of the Navy Chief Information Officer Privacy Office.

The Incident

A service member in an effort to provide a useful resource to other Sailors, created a personal website containing various Navy instructions, guides, and other information. In addition, a spreadsheet with more than 2,000 full Social Security numbers (SSNs), test scores, and education information was posted.

Actions Taken

Once discovered, the website was immediately taken down. A breach report was submitted for the potential compromise of personal information because of the high risk that disclosure of names and associated SSNs presents. Written notifications were sent to the individuals affected.

Lessons Learned

The following apply to the posting of PII and other official information to websites:

  • Official information including PII should only be posted to DON approved websites. Officially approved sites have gone through a certification and accreditation process which includes security and privacy safeguards.
  • When PII is posted to a DON approved website, access must be restricted to only those with an official need to know and marked with the "FOUO - Privacy Sensitive" statement.
  • Duplicating lists of PII for convenience is not a valid reason to collect it.
  • The collection of PII must be authorized and serve an official purpose.

Breach notifications cost not only scarce resources (e.g., time and money), but have the potential to negatively affect morale and trust in an organization.

More DON Privacy Resources can be found at www.doncio.navy.mil/privacy.

Steve Muck is the privacy lead for the Department of the Navy Chief Information Officer.

Steve Daughety provides support to the Department of the Navy Chief Information Officer Privacy Team.
TAGS: Privacy, RM
DON CIO Seal
DON CIO Seal
Related CHIPS Articles
Factsheet: National Background Investigations Bureau
BUPERS Continues to Reduce its Use of the SSN
Strengthening Privacy Awareness and Protection
SECNAV Revises & Reissues OPNAV Personally Identifiable Information (PII) Breach Reporting Forms
Mobile Apps Released for Records Management and Personally Identifiable Information
Related DON CIO News
DON IT Conference Schedule Now Available
Register for DON IT East and West 2017
Navy Mobile Apps Bring Information and Training to Your Smartphone and Tablet
DON IT Conference Presentations Available
Rules for Handling PII by DON Contractor Support Personnel
Related DON CIO Policy
DITPR-DON Process Guidance v1.0
Code of Federal Regulations (32 CFR Part 701)
Privacy Act of 1974
CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988