Fort Rucker continues fight against PII violations
August 22, 2013
FORT RUCKER, Ala. (August 22, 2013) -- In an age when information is literally available at people's fingertips, protecting personally identifiable information has become a priority, especially on military installations.
PII is any combination of information that can be used to identify a person, according to Deborah Seimer, director of Fort Rucker Human Resources.
"What everybody is really familiar with about PII is identity theft," she said, "and the biggest thing is Social Security numbers with a name and date of birth."
A person with any combination of that information has the potential to violate another's PII, said Seimer, but most times, the person careless with their own information is the only one to blame.
"One of the things that we've noticed [on Fort Rucker] is people seem to be under the misunderstanding that the green recycling bins are safe for PII to be put into," she said. "Those bins are not to be used for placing any type of PII in because what is in those bins doesn't go from their office to a shredder. It's very important to protect [PII]. Once it goes into a recycling bin, that information is no longer protected."
Any type of information that is disposed of in the recycling bins has the potential to be viewed by anyone with access to the bins, said Seimer. From the office, that information can travel miles to the recycling center where it is picked up by an organization outside Fort Rucker.
"People are cleaning out their files and not thinking about what could happen putting that information into the recycle bin," she said.
Seimer said that many people also seem to be under the misunderstanding that if the files they are throwing out are old, then they have no pertinent information in them. Regardless of how old they are, if the files or documents have any type of PII on them, they need to be destroyed properly by shredding, she added.
"People think that by recycling they are doing some good, which is fine," said the director, "but if they aren't disposing of PII properly, they could be jeopardizing more than just themselves.
"If [people] are throwing away things like manuals that are limited distribution or maps, any type of information like that can give information to our adversaries about what we're doing on Fort Rucker," said Seimer. "That kind of information is commonly found in combination with PII, and when that happens, the security office has to get involved and assess the situation."
Most of the organizations and offices on post have shredding machines, and the installation has a high-volume disintegrator run by the security office that is available to use at the recycling center, she said, so people have no excuse not to properly destroy PII documents.
"We use a disintegrator for paper that will shred documents and turn them into briquettes," said Linda Green, security assistant for the Fort Rucker security division.
Essentially the high-volume disintegrator turns paper into dust and compacts it into briquettes that the recycling center sells to different customers for various uses, she added
The recycling center also houses a CD/DVD destroyer, as well as a hard drive degausser and destroyer, said Heather Androlevich, security assistant for the Fort Rucker security division.
"(The hard drive degausser) uses really powerful magnets to completely obliterate any data on the hard drives so that they can't be readable," she said. "For classified hard drives, they also have to through the degausser and the hard drive destroy to be physically destroyed. It actually bends the hard drive so that there is no chance that any data can be retrieved from it."
In order to use the equipment, people must take a safety class provided by the security office and set up an appointment at their convenience, said Androlevich, adding that they can even accommodate unit training on a case-by-case basis.
To set up a training appointment, people can call 255-3094, or 255- 2973.
Other ways that people can violate and mishandle PII is by maintaining a system of records without public notice, requesting or obtaining records under false pretenses or disclosing PII to any person that isn't entitled to access it, according to Jennifer K. Williamson, civil law attorney for the Fort Rucker Office of the Staff Judge Advocate.
People found in violation of mishandling PII have the potential to be hit with civil penalties that range from payment of damages and attorney fees to personal action that can include termination of employment and possible prosecution. He added that criminal penalties can also be charged from a $5,000 fine to misdemeanor criminal charges if the violation is severe enough.
"[PII violations] can be a pretty big deal," said Seimer. "The operational security manager has to get involved as well as the security office to assess the situation and that can all take a lot of time."
Mishandling of PII is not only a problem when it comes to disposal of physical documents, she said, it also applies to electronic data, adding that there have also been incidents where people on the installation are mishandling PII electronically through emails that haven't been properly encrypted.
The director added that information received from the Army Privacy Office indicated the Army Web Risk Assessment Cell has begun to conduct periodic reviews of Army Knowledge Online, and as a result of these reviews, there have been numerous PII breach reports on a daily basis concerning unprotected folders containing PII on AKO.
"People should be advised that these PII breach reports get quite a lot of visibility," she said. "These breach reports are not only disseminated to the Department of Defense and key offices, but they are also briefed monthly to Army senior leadership.
"Bottom line: we need people's support in spreading the word within their organization regarding the importance (protecting PII)," said Seimer. "Either remove the PII altogether from AKO, or create password protected documents that are properly secured and restricted."