.paragraph--type--html-table .ts-cell-content {max-width: 100%;} This interactive training explains various types of social engineering, including phishing, spear phishing, whaling, smishing, and vishing. ), which was introduced to protect the rights of Europeans with respect to their personal data. Thieves can sell this information for a profit. Safeguarding refers to protecting PII from loss, theft, or misuse while simultaneously supporting the agency mission. This information can be maintained in either paper, electronic or other media. #block-googletagmanagerfooter .field { padding-bottom:0 !important; } In the event their DOL contract manager is not available, they are to immediately report the theft or loss to the DOL Computer Security Incident Response Capability (CSIRC) team at dolcsirc@dol.gov. Identifying and Safeguarding Personally Identifiable Information (PII) PII is information that can be used to identify or contact a person uniquely and reliably or can be traced back to a specific individual. 147 0 obj <> endobj 157 0 obj <>stream PII must only be accessible to those with an "official need to know.". This includes information like names and addresses. law requires gov to safeguard pii privacy act senior military component offical for privacy DON CIO info stored on a computer data at rest scenario considered a breach -leaving document with pii in open area -attaching someone's medical info in a letter to the wrong recipient -posting truncated ssn in a public website To be considered PII, the data must be able to be used to distinguish or trace an individuals identity. PDF Personally Identifiable Information and Privacy Act Responsibilities Terms of Use The DoD ID number or other unique identifier should be used in place of the SSN whenever possible. This is a potential security issue, you are being redirected to https://csrc.nist.gov. PII is regulated by a number of laws and regulations, including the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, and the Health Insurance Portability and Accountability Act. ), Health Information Technology for Economic and Clinical Health Act (HITECH), Encrypting all PII data in transit and at rest, Restricting access to PII data to only those who need it, Ensuring that all PII data is accurate and up to date, Destroying PII data when it is no longer needed. Think security. Developed to be used in conjunction with annual DoD cybersecurity awareness training, this course presents the additional cybersecurity responsibilities for DoD information system users with access privileges elevated above those of an authorized user. Which of the following are risk associated with the misuse or improper disclosure of PII? We're available through e-mail, live chat and Facebook. The following are some examples of information that can be considered PII: Several merchants, financial institutions, health organizations, and federal agencies, such as the Department of Homeland Security (DHS), have undergone data breaches that put individuals PII at risk, leaving them potentially vulnerable to identity theft. The regulation applies to any company that processes the personal data of individuals in the E.U., regardless of whether the company is based inside or outside the E.U. Controlled Unclassified Information (CUI) Program Frequently Asked Subscribe, Contact Us | Personal Identifiable Information (PII) is defined as: Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. The information they are after will change depending on what they are trying to do with it. In terms of the protection of PHI, HIPAA and the related Health Information Technology for Economic and Clinical Health Act (HITECH) offer guidelines for the protection of PHI. planning; privacy; risk assessment, Laws and Regulations Privacy Statement, Stuvia is not sponsored or endorsed by any college or university, Pennsylvania State University - All Campuses, Rutgers University - New Brunswick/Piscataway, University Of Illinois - Urbana-Champaign, Essential Environment: The Science Behind the Stories, Everything's an Argument with 2016 MLA Update, Managerial Economics and Business Strategy, Primates of the World: An Illustrated Guide, The State of Texas: Government, Politics, and Policy, IELTS - International English Language Testing System, TOEFL - Test of English as a Foreign Language, USMLE - United States Medical Licensing Examination, Identifying and Safeguarding PII V4.0 (2022);TEST OUT Qs & Final Test Solved completely. Companies are required to provide individuals with information about their rights under the GDPR and ensure that individuals can easily exercise those rights. When collecting PII, organizations should have a plan in place for how the information will be used, stored, and protected. With these responsibilities contractors should ensure that their employees: Contractors should ensure their contract employees are aware of their responsibilities regarding the protection of PII at the Department of Labor. Once you have a set of PII, not only can you sell it on the dark web, but you can also use it to carry out other attacks. Company Registration Number: 61965243 %%EOF div#block-eoguidanceviewheader .dol-alerts p {padding: 0;margin: 0;} Personally Identifiable Information (PII), Privacy Act System of Records Notice (SORN), Post Traumatic Stress Disorder (PTSD) Research, Office of the Administrative Assistant to the Secretary of the Army, Department of Defense Freedom of Information Act Handbook, AR 25-55 Freedom of Information Act Program, Federal Register, 32 CFR Part 518, The Freedom of Information Act Program; Final Rule, FOIA/PA Requester Service Centers and Public Liaison Officer. Start/Continue Identifying and Safeguarding Personally Identifiable Information (PII). An official website of the United States government. The Freedom of Information Act (FOIA) is a federal law that gives individuals the right to access certain government records. The document explains the importance of protecting the confidentiality of PII in the context of information security and explains its An official website of the United States government, Security Testing, Validation, and Measurement, National Cybersecurity Center of Excellence (NCCoE), National Initiative for Cybersecurity Education (NICE), Federal Information Security Modernization Act. Safeguard DOL information to which their employees have access at all times. The Department of Energy defines PII as any information collected or maintained by the department about an individual that could be used to distinguish or trace their identity. In some cases, all they need is an email address. The Privacy Act of 1974 is a federal law that establishes rules for the collection, use, and disclosure of PII by federal agencies. trailer Essential Environment: The Science Behind the Stories Jay H. Withgott, Matthew Laposata. Access Control; Audit and Accountability; Identification and Authentication; Media Protection; Planning; Risk Assessment; System and Communications Protection, Publication: Official websites use .gov PII can be defined in different ways, but it typically refers to information that could be used to determine an individual, either on its own or in combination with other information. Keep personal information timely, accurate, and relevant to the purpose for which it was collected. The launch training button will redirect you to JKO to take the course. Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) The course reviews the responsibilities of the Department of Defense (DoD) to safeguard PII, and explains individual responsibilities. Internet-based, self-paced training courses, Training videos, usually in 10 minutes or less, that allows you to refresh your knowledge of a critical topic or quickly access information needed to complete a job, Center for Development of Security Excellence, Defense Counterintelligence and Security Agency, Personally Identifiable Information (PII), My Certificates/Digital Badges/Transcripts, My Certificates of Completion for Courses, Controlled Unclassified Information (CUI) Training, Personally Identifiable Information (PII) Training, Identifying and Safeguarding Personally Identifiable Information (PII), Hosted by Defense Media Activity - WEB.mil. Federal government websites often end in .gov or .mil. Whether youre supplementing your training in DCWF Orientation or coming back for a refresher, this learning game is designed to test your knowledge of the Defense Cyber Workforce Framework (DCWF). It is vital to protect PII and only collect the essential information. This lesson is to prepare HR Professionals to guide supervisors and employees covered under CES for transition to the new personnel system with an overview of compensation elements of the CES occupational structure. Dont Be Phished! PHI is a valuable asset and is sold on the dark web for more money than any other data set, according to Ponemon Institute. How to Identify PII Loss, 1 of 2 How to Identify PII . The act requires that covered entities take reasonable steps to safeguard the confidentiality of protected health information and limits the disclosure of protected health information without consent. This includes companies based in the U.S. that process the data of E.U. 147 11 The purpose of this document is to assist Federal agencies in protecting the confidentiality of personally identifiable information (PII) in information systems. Lewis's Medical-Surgical Nursing Diane Brown, Helen Edwards, Lesley Seaton, Thomas . Avoid compromise and tracking of sensitive locations. The document explains the importance of protecting the confidentiality of PII in the context of information security and explains its relationship to privacy using the the Fair Information Practices, which are the principles . Handbook for Safeguarding Sensitive Personally Identifiable Information. In others, they may need a name, address, date of birth, Social Security number, or other information. Identifying and Safeguarding Personally Identifiable Information (PII) Marking Special Categories of Classified Information Original Classification Unauthorized Disclosure of Classified Information and Controlled Unclassified Information Insider Threat Establishing an Insider Threat Program Insider Threat Awareness Maximizing Organizational Trust 0000000016 00000 n Think protection. PII includes, but is not limited to: Social Security Number Date and place of birth endstream endobj startxref In this module, you will learn about best practices for safeguarding personally identifiable information . The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student educational records. Center for Development of Security Excellence, Defense Counterintelligence and Security Agency, Identifying and Safeguarding Personally Identifiable Information (PII) DS-IF101.06, My Certificates/Digital Badges/Transcripts, My Certificates of Completion for Courses, Controlled Unclassified Information (CUI) Training, Personally Identifiable Information (PII) Training, Hosted by Defense Media Activity - WEB.mil, Define PII and Protected Health Information, or PHI, a significant subset of PII, and the significance of each, as well as the laws and policy that govern the maintenance and protection of PII and PHI, Identify the responsibilities for safeguarding PII and PHI on both the organizational and individual levels, Identify use and disclosure of PII and PHI, State the organizational and individual penalties for not complying with the policies governing PII and PHI maintenance and protection. PII must only be accessible to those with an official need to know.. 0000002651 00000 n Training Catalog - DoD Cyber Exchange Erode confidence in the governments ability to protect information. CDSE courses are intended for use by Department of Defense and other U.S. Government personnel and contractors within the National Industrial Security Program. .table thead th {background-color:#f1f1f1;color:#222;} 0000001199 00000 n Some examples you may be familiar with: Personally Identifiable Information (PII) Sensitive Personally Identifiable Information (SPII) Identifying and Safeguarding PII V4.0 (2022);TEST OUT Qs & Final Test Secure .gov websites use HTTPS Get started with Skysnag and sign up using this link for a free trial today. Which of the following establishes Written for Institution Central Texas College Course All documents for this subject (1) The benefits of buying summaries with Stuvia: Guaranteed quality through customer reviews Unauthorized recipients may fraudulently use the information. This interactive exercise provides practical experience in the processes of cybersecurity risk assessment, resource allocation, and network security implementation. This site requires JavaScript to be enabled for complete site functionality. Knowledge Check, 1 of 3 Knowledge Check; Summary, 2 of 3 Summary; Finished, 3 of 3 Finished; Clear and return to menu . .cd-main-content p, blockquote {margin-bottom:1em;} Because DOL employees and contractors may have access to personal identifiable information concerning individuals and other sensitive data, we have a special responsibility to protect that information from loss and misuse. The .gov means its official. Think privacy. %PDF-1.5 % Learning Objectives:This course is designed to enable students to: Target Audience:DOD information system users, including military members and other U.S. Government personnel and contractors within the National Industrial Security Program. Popular books. The act requires that federal agencies give individuals notice of their right to access and correct their PII and establish penalties for PII misuse. 2 of 2 Reporting a PII Loss; Conclusion, 7 of 7 Conclusion. 203 0 obj <>stream They may also use it to commit fraud or other crimes. Defense Information Systems Agency (DISA), National Centers of Academic Excellence in Cybersecurity (NCAE-C), Public Key Infrastructure/Enabling (PKI/PKE), HR Elements Lesson 3: Occupation Structure, HR Elements Lesson 4: Employment and Placement, HR Elements Lesson 5: Compensation Administration, Identifying and Safeguarding Personally Identifiable Information (PII), Mobile Device Usage: Do This/Not That poster, Phishing and Social Engineering: Virtual Communication Awareness Training, Privileged User Cybersecurity Responsibilities. Minimize the use, display or storage of Social Security Numbers (SSN) and all other PII. 0000001903 00000 n DOD Mandatory Controlled Unclassified Information (CUI) Training 0000001422 00000 n [CDATA[/* >