FAQ’s about Personally Identifiable Information (PII)

 

Q.  What is PII?

 

A.  PII refers to information that can be used to distinguish or trace an individual’s identity, such as name, Social Security Number, biometric records, etc. alone or when combined with other persona l identifying information which is linked or linkable to a specific individual, such as date of birth, mother’s maiden name, etc.  

 

Q.  Where can PII be found?

 

A.  Many of us either handle or have access to PII on a daily.   We use PII stored in databases in our network and on internal databases within our offices, on our laptops and we also handle and transport many documents that contain PII in order to get our work done.  It is our responsibility to become aware of how we operate and the many ways in which PII can be at risk.

 

 Q. Why should I protect PII?

 

A.  We must protect PII for both our employees and our customers.  It has a direct and critical impact on everyone’s lives.  The loss of PII can result in substantial harm, embarrassment, and inconvenience to individuals and may lead to identity theft or other fraudulent use of personal information. 

 

Q.  What can I do to protect PII?

 

A. There are a number of steps that can be taken to make PII and sensitive information more secure.  Some steps are:

·         Never leave PII unattended

·         Always safeguard your computer when away from it any length of time

·         Store all sensitive information, which includes PII,  in lockable offices and/or cabinets

·         Protect PII when transporting—use simple coversheets and/or sealed envelopes, and deliver documents directly to the intended recipient that is authorized to handle PII

·         Shred documents containing PII when no longer needed

 

Q.  What is defined as a “breach” of PII?

 

A. OMB defines a “breach” as loss of control, compromise, unauthorized acquisition, unauthorized access, or any similar term referring to situations where persons other than authorized users and for an other than authorized purpose have access or potential access to personally identifiable information, whether physical or electronic.

 

Q.  How do I report a breach of PII?

 

A.  It is the responsibility of all ITA employees to report within 1 hour of discovery any known breach of PII to David Robinson, CFO and Director of Administration at 202-482-5855, and Renee Macklin, Chief Information Officer at 202-482-3801.

 

Taking a few simple steps daily to safeguard PII should become a habit.  If you have questions or need further information, please contact Charles Jefferson at 202-482-6078 or charles.jefferson@mail.doc.gov