The purpose of this document is to assist Federal agencies in protecting the confidentiality of personally identifiable information (PII) in information systems. .manual-search ul.usa-list li {max-width:100%;} SP 800-122 (DOI) For example, they may need different information to open a bank account then they would file a fraudulent insurance claim. The Federal government requires the collection and maintenance of PII so as to govern efficiently. The document explains the importance of protecting the confidentiality of PII in the context of information security and explains its relationship to privacy using the the Fair Information Practices, which are the principles underlying most privacy laws and privacy best practices. The purpose of the Cyber Awareness Challenge is to influence behavior, focusing on actions that authorized users can engage to mitigate threats and vulnerabilities to DoD Information Systems. This includes information like names and addresses. Subscribe, Contact Us | Or they may use it themselves without the victims knowledge. FM0T3mRIr^wB`6cO}&HN 4$>`X4P\tF2HM|eL^C\RAl0) . PII can be used to commit identity theft in several ways. `I&`q# ` i . This information can be maintained in either paper, electronic or other media. 0000001199 00000 n #block-googletagmanagerfooter .field { padding-bottom:0 !important; } The regulation applies to any company that processes the personal data of individuals in the E.U., regardless of whether the company is based inside or outside the E.U. The Department of Energy defines PII as any information collected or maintained by the department about an individual that could be used to distinguish or trace their identity. PHI is one of the most sought-after pieces of data that a cybercriminal has in their sights. Which of the following must Privacy Impact Assessments (PIAs) do? We're available through e-mail, live chat and Facebook. View more (Brochure) Remember to STOP, THINK, before you CLICK. Identifying and Safeguarding PII V4.0 (2022) 4.5 (2 reviews) Which of the following must Privacy Impact Assessments (PIAs) do? hb```f`` B,@Q\$,jLq `` V Product Functionality Requirements: To meet technical functionality requirements, this product was developed to function with Windows operating systems (Windows 7 and 10, when configured correctly) using either Internet Explorer . The Leaders Orientation is an executive presentation (including a question and answer segment) that has been designed to familiarize DoD Leaders with core tenets of the DoD CES personnel system. The following are some examples of information that can be considered PII: Several merchants, financial institutions, health organizations, and federal agencies, such as the Department of Homeland Security (DHS), have undergone data breaches that put individuals PII at risk, leaving them potentially vulnerable to identity theft. This information can include a persons name, Social Security number, date and place of birth, biometric data, and other personal information that is linked or linkable to a specific individual. In addition to the forgoing, if contract employees become aware of a theft or loss of PII, they are required to immediately inform their DOL contract manager. - Analyze how an organization handles information to ensure it satisfies requirements -mitigate privacy risks -determine the risks of collecting, using, maintaining, and disseminating PII on electronic information systems. Retake Identifying and Safeguarding Personally Identifiable Information (PII). This interactive presentation reviews the definition of personally identifiable information (PII), why it is important to protect PII, the policies and procedures related to the use and disclosure of PII, and both the organization's and individual's responsibilities for safeguarding PII. The DoD ID number or other unique identifier should be used in place . It is the responsibility of the individual user to protect data to which they have access. .agency-blurb-container .agency_blurb.background--light { padding: 0; } This course explains the responsibilities for safeguarding PII and PHI on both the organizational and individual levels, examines the authorized and unauthorized use and disclosure of PII and PHI, and the organizational and individual penalties for not complying with the policies governing PII and PHI maintenance and protection. Privacy Statement, Stuvia is not sponsored or endorsed by any college or university, Pennsylvania State University - All Campuses, Rutgers University - New Brunswick/Piscataway, University Of Illinois - Urbana-Champaign, Essential Environment: The Science Behind the Stories, Everything's an Argument with 2016 MLA Update, Managerial Economics and Business Strategy, Primates of the World: An Illustrated Guide, The State of Texas: Government, Politics, and Policy, IELTS - International English Language Testing System, TOEFL - Test of English as a Foreign Language, USMLE - United States Medical Licensing Examination, Identifying and Safeguarding PII V4.0 (2022);TEST OUT Qs & Final Test Solved completely. hbbd```b``A$efI fg@$X.`+`00{\"mMT`3O IpgK$ ^` R3fM` PHI is a valuable asset and is sold on the dark web for more money than any other data set, according to Ponemon Institute. Any information that can be used to determine one individual from another can be considered PII. The Federal government requires the collection and maintenance of PII so as to govern efficiently. Get started with Skysnag and sign up using this link for a free trial today. @media only screen and (min-width: 0px){.agency-nav-container.nav-is-open {overflow-y: unset!important;}} citizens, even if those citizens are not physically present in the E.U. An official website of the United States government. Topics, Erika McCallister (NIST), Tim Grance (NIST), Karen Scarfone (NIST). PII is information that can be used to identify or contact a person uniquely and reliably or can be traced back to a specific individual. Erode confidence in the governments ability to protect information. The CES DoD Workforce Orientation is a presentation (including a question and answer segment) that has been designed to familiarize the workforce with the core tenets of the DoD CES personnel system. Lead to identity theft which can be costly to both the individual and the government. When approval is granted to take sensitive information away from the office, the employee must adhere to the security policies described above. The DoD ID number or other unique identifier should be used in place of the SSN whenever possible. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely. PII is regulated by a number of laws and regulations, including the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, and the Health Insurance Portability and Accountability Act. Federal Information Security Modernization Act; OMB Circular A-130, Want updates about CSRC and our publications? This site requires JavaScript to be enabled for complete site functionality. They may also use it to commit fraud or other crimes. #block-googletagmanagerheader .field { padding-bottom:0 !important; } The course reviews the responsibilities of the Department of Defense (DoD) to safeguard PII, and explains individual responsibilities. A lock () or https:// means you've safely connected to the .gov website. To be considered PII, the data must be able to be used to distinguish or trace an individuals identity. College Physics Raymond A. Serway, Chris Vuille. Result in disciplinary actions. 0000001061 00000 n Safeguard DOL information to which their employees have access at all times. 0000001866 00000 n You have JavaScript disabled. It comprises a multitude of information. .paragraph--type--html-table .ts-cell-content {max-width: 100%;} In the event their DOL contract manager is not available, they are to immediately report the theft or loss to the DOL Computer Security Incident Response Capability (CSIRC) team at [email protected]. Ensure that the information entrusted to you in the course of your work is secure and protected. %%EOF This Handbook provides best practices and DHS policy requirements to prevent a privacy incident involving PII/SPII during all stages of the information lifecycle: when collecting, storing, using, disseminating, or disposing of PII/SPII. Think privacy. The act requires that schools give parents and students the opportunity to inspect and correct their educational records and limits the disclosure of educational records without consent. or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. The document explains the importance of protecting the confidentiality of PII in the context of information security and explains its An official website of the United States government, Security Testing, Validation, and Measurement, National Cybersecurity Center of Excellence (NCCoE), National Initiative for Cybersecurity Education (NICE), Federal Information Security Modernization Act. Description:This course starts with an overview of Personally Identifiable Information (PII), and Protected Health Information (PHI), a significant subset of PII, and the significance of each, as well as the laws and policy that govern the maintenance and protection of PII and PHI. Department of Labor (DOL) contractors are reminded that safeguarding sensitive information is a critical responsibility that must be taken seriously at all times. PII can be defined in different ways, but it typically refers to information that could be used to determine an individual, either on its own or in combination with other information. Biology Mary Ann Clark, Jung Choi, Matthew Douglas. This is a potential security issue, you are being redirected to https://csrc.nist.gov. Learning Objectives:This course is designed to enable students to: Target Audience:DOD information system users, including military members and other U.S. Government personnel and contractors within the National Industrial Security Program. Any organization that processes, stores, or transmits cardholder data must comply with these standards. Share sensitive information only on official, secure websites. Think security. The Freedom of Information Act (FOIA) is a federal law that gives individuals the right to access certain government records. Safeguarding refers to protecting PII from loss, theft, or misuse while simultaneously supporting the agency mission. In others, they may need a name, address, date of birth, Social Security number, or other information. The site is secure. PII is any information that can be used to identify a person, such as your name, address, date of birth, social security number, and so on. ), which was introduced to protect the rights of Europeans with respect to their personal data. CUI is an umbrella term that encompasses many different markings to identify information that is not classified but which should be protected. The act requires that federal agencies make their records available to the public unless the records are protected from disclosure by one of the acts exemptions. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). In this module, you will learn about best practices for safeguarding personally identifiable information . .dol-alert-status-error .alert-status-container {display:inline;font-size:1.4em;color:#e31c3d;} PII/PHI Personally Identifiable Information (PII) is information that can be used to distinguish or trace an individual's identity, either alone or when combined with other information that is linked or linkable to a specific individual. Washington, DC 202101-866-4-USA-DOL1-866-487-2365www.dol.gov, Industry-Recognized Apprenticeship Programs (IRAP), Bureau of International Labor Affairs (ILAB), Employee Benefits Security Administration (EBSA), Employees' Compensation Appeals Board (ECAB), Employment and Training Administration (ETA), Mine Safety and Health Administration (MSHA), Occupational Safety and Health Administration (OSHA), Office of Administrative Law Judges (OALJ), Office of Congressional and Intergovernmental Affairs (OCIA), Office of Disability Employment Policy (ODEP), Office of Federal Contract Compliance Programs (OFCCP), Office of Labor-Management Standards (OLMS), Office of the Assistant Secretary for Administration and Management (OASAM), Office of the Assistant Secretary for Policy (OASP), Office of the Chief Financial Officer (OCFO), Office of Workers' Compensation Programs (OWCP), Ombudsman for the Energy Employees Occupational Illness Compensation Program (EEOMBD), Pension Benefit Guaranty Corporation (PBGC), Veterans' Employment and Training Service (VETS), Economic Data from the Department of Labor, Guidance on the Protection of Personal Identifiable Information. The course is designed to prepare DOD and other Federal employees to recognize the importance of PII, to identify what PII is, and why it is important to protect PII. Developed to be used in conjunction with annual DoD cybersecurity awareness training, this course presents the additional cybersecurity responsibilities for DoD information system users with access privileges elevated above those of an authorized user. Unlock insights, bypass email authentication configuration issues including SPF and DKIM; and protect your domain from spoofing with strict DMARC enforcement, all autonomously with Skysnag. This course was created by DISA and is hosted on CDSE's learning management system STEPP. This lesson is to prepare HR Professionals to guide supervisors and employees covered under CES for transition to the new personnel system with an overview of the background and history of the Cyber Excepted Service. 147 0 obj <> endobj 157 0 obj <>stream This is information that can be used to identify an individual, such as their name, address, or Social Security number. A full list of the 18 identifiers that make up PHI can be seen here. PII should be protected from inappropriate access, use, and disclosure. The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that protects the privacy of health information. The act requires that federal agencies give individuals notice of their right to access and correct their PII and establish penalties for PII misuse. 147 11 04/06/10: SP 800-122 (Final), Security and Privacy #views-exposed-form-manual-cloud-search-manual-cloud-search-results .form-actions{display:block;flex:1;} #tfa-entry-form .form-actions {justify-content:flex-start;} #node-agency-pages-layout-builder-form .form-actions {display:block;} #tfa-entry-form input {height:55px;} PII ultimately impacts all organizations, of all sizes and types. The definition of PII may vary from jurisdiction to jurisdiction but typically includes any information that can be used to identify an individual. Which of the following are risk associated with the misuse or improper disclosure of PII? We're available through e-mail, live chat and Facebook. .usa-footer .container {max-width:1440px!important;} Once you have a set of PII, not only can you sell it on the dark web, but you can also use it to carry out other attacks. The DoD Cyber Exchange is sponsored by The GDPR replaces the 1995 Data Protection Directive (95/46/E.C.