Identifying and Safeguarding PII DS-IF101.06
The individual to whom the record pertains has submitted a written request for the information in question.
***This use/disclosure is authorized. This use/disclosure is NOT authorized.
Your organization seeks to use the record for a routine use, as defined in the SORN.
***This use/disclosure is authorized. This use/disclosure is NOT authorized.
True or false? A System of Records Notice (SORN) is not required if an organization determines that PII will be stored using a system of records.
***True False
True or false? An individual whose PII has been stolen is susceptible to identity theft, fraud, and other damage.
***True False
True or false? Information that has been combined with other information to link solely to an individual is considered PII.
***True False
Within what timeframe must DoD organizations report PII breaches to the United States Computer Emergency Readiness Team (US-CERT) once discovered?
24 hours 48 hours ***1 hour 12 hours
Which of the following are examples of PII?
***Social Security Number (SSN) ***Driver's License Number ***Fingerprint First Pet's Name
Officials or employees who knowingly disclose PII to someone without a need-to-know may be subject to which of the following?
***Criminal penalties Civil penalties Both civil and criminal penalties Neither civil nor criminal penalties
What law establishes the public's right to access federal government information?
DoD 5400.11-R: DoD Privacy Program OMB Memorandum M-17-12: Preparing for and Responding to a Breach of Personally Identifiable Information The Privacy Act of 1974 ***The Freedom of Information Act (FOIA)
Which of the following is an example of a physical safeguard that individuals can use to protect PII?
Follow the National Archives and Records Administration's (NARA's) guidelines for document disposal Use cover sheets, the appropriate postal class, and wrapping procedures for transport Apply appropriate markings to PII documents ***All of the above
Which of the following is responsibile for most of the recent PII data breaches?
Physical breaking and entry ***Phishing Insider Threat Reconstruction of improperly disposed documents
Which action requires an organization to carry out a Privacy Impact Assessment?
Storing paper-based records Collecting any CUI, including but not limited to PII ***Collecting PII to store in a new information system Collecting PII to store in a National Security System
Identify each law or regulation
This regulation governs the DoD Privacy Program. - DoD 5400.11-R: DoD Privacy Program This law establishes the public's right to access federal government information. - FOIA This guidance identifies federal information security controls. - OMB M-17-12 This law establishes the federal government's legal responsibility for safeguarding PII. - Privacy Act of 1974
Your organization is using existing records for a new purpose and has not yet published a SORN.
This use/disclosure is authorized. ***This use/disclosure is NOT authorized.
An organization with an existing system of records decides to start using PII for a new purpose outside the "routine use" defined in the System of Records Notice (SORN). Is this a permitted use?
Yes ***No
Your organization has a new requirement for annual security training. To track training completion, they are using employee Social Security Numbers as record identification. Is this compliant with PII safeguarding procedures?
Yes ***No
