Monday, May 12, 2014

ARPC holds forum, discusses safeguarding PII

by Tech. Sgt. Rob Hazelett
Air Reserve Personnel Center Public Affairs


5/9/2014 - BUCKLEY AIR FORCE BASE, Colo. -- Military service members, Department of Defense civilians and contractors at the Air Reserve Personnel Center were briefed on ways to safeguard Personally Identifiable Information during a meeting here May 7.

Brig. Gen. Samuel "Bo" Mahaney, ARPC commander, was at the helm during the session and said it's helpful to think in terms of a need-to-know basis.

"One thing I want you to think about as we go through this isn't just, 'Did I send the information in the right format to someone who is authorized to receive it?'" Mahaney said. "Think about the person you sent it to as well. How responsible are they? What might they do with that information?"

Mahaney said ARPC had a few incidents that aren't necessarily from anything the center is doing wrong, but the trail came back here.

"It might be somebody else out in the field doing something with the information they shouldn't. So think through that second and third order of effect, 'Do they really need all the information I'm providing?'" Mahaney said. "We want to be the lead agency in the Air Force Reserve, in the Air Force and in the DOD. We always want to be out in front because we handle so much of this information. We want to make sure we really reinforce the procedures in place to protect that information."

As the meeting continued, Tech. Sgt. Eric Robbins, ARPC privacy act manager, highlighted some recent incidents ARPC has had and reinforced the requirement on PII to members.

Robbins gave an introduction to what PII is, how PII can be protected, PII trends in ARPC and the Air Force Reserve Command and the ARPC commander's new PII policy.

PII is embedded in nearly every aspect of what we do, Robbins said, and can be found in permanent change of station orders, driver's license numbers, passport IDs, mother's maiden name, personal phone numbers and travel orders ... just to name a few.

"When you have an identifier, such as a social security number or date of birth tied with a name, that is considered PII," Robbins said. "It's our responsibility to protect the member's information."

Protecting PII includes remaining vigilant of the emails members send out.

"If we're sending personal information by email it can only be sent via dot mil to dot mil, and must be encrypted email," Robbins said. "Even if a force support squadron requests information, and have validated their request, we want to make sure they have an encrypted email account. You want to properly mark the email For Official Use Only, have the privacy act statement at the heading of the email and ensure that it stays encrypted."

Master Sgt. Rachel Forman, ARPC customer support superintendant, said the only ways to send PII are through encrypted email, myPers account, DoD file exchange service, snail mail or fax.

Robbins said faxing PII is allowed, but there are some rules members must follow:

· The recipient must have a need to know
· Members must redact as much information on the document being sent
· A proper cover sheet must be used (AF IMT 3535)
· Members should call the recipient and let them know they are sending a fax and remain on the line until the fax is received

For more information, contact your privacy act manager.

No comments:

Post a Comment