PII protection, it matters

Published Aug. 20, 2014
By Jennifer Green-Lanchoney
66th Air Base Group Public Affairs

HANSCOM AIR FORCE BASE, Mass. -- Everyone has a chance of falling victim to identity theft; knowing how to properly protect personally identifiable information, PII, could lower those chances exponentially.

"PII is information that can be used to distinguish or trace an individual's identity," said Anita Heath, Hanscom's Freedom of Information and Privacy Act manager. "This information includes names, Social Security numbers, dates and places of birth and mothers' maiden names."

Failure to safeguard PII could result in a PII breach. According to Air Force Regulations, a PII breach is considered a loss of control, compromise or unauthorized access where persons other than authorized users have access or potential access to PII, whether physical or electronic, for anything other than an authorized purpose.

"Protecting privacy information is the responsibility of every federal employee, military member and contractor who handles PII contained in any Air Force record," said Jay Hudson, Hanscom Information Management chief. "The loss of personally identifiable information can result in substantial harm, embarrassment and inconvenience to individuals and may lead to identity theft or other fraudulent use of the information."

Using encrypted email could lessen the potential for breaches in handling PII.

"Encryption is the process of changing plaintext into ciphertext for the purpose of security or privacy. Encryption of emails that hold PII is important," said Hudson. "It will keep all but the most dedicated hackers from intercepting and reading your private communications. Only the intended recipients can view it."

Safeguard PII by not only encrypting emails but also password-protecting files. Examples of files that need protecting are recall rosters, award packages and reviews.

"The 68th Network Warfare Squadron monitors official unsecured and unprotected telecommunications systems to determine if they are being used to transmit critical, sensitive or classified information," said Hudson. "Individuals who inappropriately store and transmit PII over the AFNET will have their accounts locked in response to the violation."

There could be strict repercussions for those who do not handle the information properly.

The least severe repercussion is to lock network accounts of users who have been found to have sent PII improperly, Hudson said. "As a more severe ramification, it is possible that a civil lawsuit may be filed against the Air Force for failing to comply with the Privacy Act. In addition to specific remedial actions, civil remedies include payment of damages, court costs and attorney fees in some cases."

For more information on how to protect PII, contact your unit privacy manager. If a UPM is unavailable or has not been appointed contact Anita Heath at Anita.Heath@us.af.mil or 781-225-1431.