Protecting PII is easy

  • Published
  • By Geoff Janes
  • Robins Public Affairs
When it comes to the reduction of breaches in handling Personally Identifiable Information, Air Force leaders say the numbers are heading in the right direction.

Even so, everyone with access to PII is being asked to alter routine business practices to further reduce the use of sensitive PII in their correspondences.

The steps are simple. Don't send sensitive PII at all (it's rarely needed). If it's needed, encrypt it, ensure the subject line states "For Official Use Only" and the body of the message has the correct Privacy Act Statement at the beginning of the email.

The correct procedures for sending PII can be found on the Robins Air Force Base Splash page. Additional information for file encryption can be found under the Robins Blue Star on employees' government computer desktops.

A recent assessment showed most breaches fall into four categories - personnel rosters, force management products, class rosters and passenger manifests.

Virtually all the identified breaches could've been mitigated by removing the PII. It only takes a few seconds to hide a column of social security numbers on a spreadsheet and save it as a .pdf.

The analysis showed that in the majority of cases, the email which caused the breach didn't need to contain PII - such as social security numbers - to meet the mission requirement which drove the transmission of an unencrypted email outside the Air Force Network.

According to Air Force officials, the bottom line is to consider what content is really needed before sending an email. If PII is needed, encrypt it and follow the guidelines in AFI 33-332.

With everyone's help the installation can meet its goal of zero PII breaches out of or into the AFNET.