Serving Clovis, Portales and the Surrounding Communities
link U.S. Air Force graphic: Airman 1st Class Eboni Reece
The responsibility to safeguard Personally Identifiable Information falls upon every Airman. Failure to protect PII could result in identity theft, which occurs when an individual's personal information is used without prior authorization in an attempt to commit fraud or other crimes.
"I don't need to worry about identity theft because no one wants to be me."
Stand-up comedian, Jay London, makes light of identity theft with one of his famous one-liners, but the idea of an individual's personal information being used without authorization in an attempt to commit fraud or other crimes is no joking matter.
From social security and telephone numbers to e-mail addresses, each and every Air Commando at Cannon Air Force Base handles Personally Identifiable Information. PII is any information about an individual that can be used to distinguish their identity. Failure to handle PII properly could result in a vulnerability known as a PII breach.
A PII breach is defined as a loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access or any similar term referring to situations where persons other than authorized users and for other than authorized purpose have access or potential access to PII, whether physical or electronic.
The abuse of such information can not only affect separate individuals, but ultimately poses a threat to the entire Air Force. In many cases in which PII has been compromised, information is released that can be used to steal someone's identity. It is vital for every individual to understand how to properly safeguard their personal information and the information of others.
As the world moves steadfastly into the digital age, more and more information is being stored and transmitted via email and by other electronic means. Whether it is an effort to work smarter and not harder or simply an attempt at saving mass quantities of paper, e-mails are often sent to distribution lists containing PII, such as alpha, recall and unit personnel management rosters, for mission essential purposes. To protect the sensitivity of this information, it is important to adhere to the guidance provided within Air Force Instruction 33-332.
According to AFI 33-332, sending unencrypted e-mails containing Privacy Act information to distribution, group or non ".mil" email addresses is strictly prohibited. This is how a majority of PII breaches are caused.
If you need to send an email containing Privacy Act/PII, it must be encrypted, have the acronym that stands for 'For Official Use Only' at the beginning of the subject line and include the official Privacy Act statement at the beginning of the email. In addition to that, the Privacy Act statement cannot be indiscriminately applied to all e-mails. It must only be included when transmitting PII required to be protected For Official Use Only purposes.
Most breaches are not caused deliberately or with malicious intent. However, the act of simply forwarding an email containing PII to one's personal email address is a violation of the aforementioned AFI. An action that one may complete for convenience purposes could potentially leave bits of PII open to being compromised.
PII breaches do not solely occur at the fingertips of lackadaisical email composers, however. The protection of tangible PII is equally important. High sensitive items such as performance reports, recall rosters and any document containing an individual's social security number left in a common area could result in loss or theft. It may seem harmless, but leaving personal information in unsecured vehicles and file drawers, unattended workplaces, in checked baggage during travel or the storage/use of such sensitive information in personal media can also make PII vulnerable to getting in the wrong hands.
These are all acts that can unknowingly be done on a daily basis by airmen Air Force wide. As the number of PII breaches rises, it is imperative that each airman understands what constitutes PII, how it should be handled and that it is everyone's responsibility to abide by the regulations and report any inappropriate disclosures.
If you discover any unauthorized disclosures of PII data, report it immediately through your chain of command to the base Privacy Act manager, Mr. Glenn Ravan.
Lost, stolen or possibly compromised PII must be reported to US CERT (http://www.us-cert.gov/) within one hour of the discovery. An investigation will be initiated and personnel who fail to adhere to guidelines outlined in AFI 33-332 may be susceptible to punishment under the Uniformed Code of Military Justice Article 92 or civil equivalent.
No one is immune to identity theft. The financial and psychological price tag associated with repairing an individual's identity can be costly and may require numerous years to accomplish. Each airman must be vigilant in preserving their personal Privacy Act rights as well as the PII of their wingman.