As the COVID-19 situation means more employees are teleworking, Army privacy officials are calling for caution when it comes to transmitting personally identifiable information, or PII.
“Employees are trying to be inclusive and keep each other abreast of circumstances as teleworking expands across our organizations,” said Beth-Anne Ward, the privacy program manager for the U.S. Army Aviation and Missile Command.
Personal Identifying information is any information about an individual which can be used to distinguish or trace an individual's identity. PII includes information such as rank, name, Social Security number, date and place of birth, mother's maiden name, biometric data, and financial or medical records. Failure to properly protect PII could result in significant harm to individuals, to include embarrassment, inconvenience, financial loss, identity theft, and other types of distress.
“While we are limiting face-to-face discussions and relying more heavily on email, we must add that extra layer of attention and think things through before we push send,” Ward said. “Exposed PII puts both individuals and the command at risk.”
Ward cautions those who deal with this type of information to carefully consider who they copy on emails, particularly when high-impact information, like Social Security numbers, are involved.
“Think about who really needs to have that information,” Ward said. “We must be cognizant of all recipients and limit the distribution to those with a need to know.”
Email that includes PII must be encrypted and the subject heading must include “FOUO – PII” or “UNCLASSIFIED//FOUO PROTECTED BY PRIVACY ACT.” The subject marking calls attention to the email content, and hopefully prevents careless forwarding to those without a need to know, Ward said.
“PII data elements require protective handling and safeguarding,” Ward said. “We are reminding our workforce about those data levels to protect peoples’ private information and decrease the risk of data breaches.”
Along with emails, many employees are turning to SharePoint to boost collaboration. Ward cautions that those who need to use SharePoint for PII must contact administrators to ensure their site is secured.
“Otherwise, Social Security numbers do not belong on SharePoint,” she said.
“Protecting sensitive information is everyone’s business,” said AMCOM Chief of Staff Col. Rick Zampelli. “Anyone who suspects a breach or receives unencrypted PII should report it to privacy officials.”