JANUARY 23, 2020 – U.S. Army Garrison Fort McCoy is stressing the raising of public awareness of the Department of Defense’s (DOD) policy and commitment to detect, deter, and defend against accidental disclosure of personally identifiable information (PII).
Privacy is important to everyone Protecting Privacy Act (PA) records is the responsibility of every federal employee, military member, and contractor who handles them. Personnel must ensure the security and confidentiality of records, protect against possible threats or hazards, and permit access only to authorized persons. All records (paper and electronic) will be protected as prescribed in DOD Regulation 5400.11-R, DOD Privacy Program, and AR 25-21, The Army Privacy Program.
PII is any information about a person maintained by an agency, including:
- any information that can be used to distinguish or trace a person’s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records.
- any other information that is linked or linkable to a person, such as medical, educational, financial, and employment information.
Examples of PII data
The following list contains examples of information that may be considered PII:
- full name, maiden name, mother‘s maiden name, or alias.
- personal identification number, social security number, passport number, driver‘s license number, taxpayer identification number, patient identification number, financial account or credit card number, or DOD identification number.
- address information, such as street address or email address.
- computer asset information, such as internet protocol (IP) or media access control (MAC) address or other host-specific persistent static identifier that consistently links to a particular person or small, well-defined group of people.
- telephone numbers, including mobile, business, and personal numbers.
- personal characteristics, including photographic images, x-rays, fingerprints, or other biometric image or template data.
- information identifying personally owned property, such as vehicle registration number or title number and related information.
When sending PII via email from a government computer, ensure there is an official need and addressees are authorized to receive it. Encrypt the email and identify it as “FOUO” and “Protected by Privacy Act” in the subject line. If there are attachments with Privacy Act information, mark the attachment as for official use only (FOUO).
If disclosure of PII data is discovered, report it immediately through the appropriate chain of command and contact the Fort McCoy Privacy Act officer. Additionally, any lost, stolen, or possibly compromised information must be reported to the U.S. Computer Emergency Readiness Team at www.us-cert.gov within one hour of the discovery.
(Article prepared by the Fort McCoy Directorate of Human Resources and Public Affairs Office.)