PII

T/F Following a breach, organizations must issue a breach notification.

True

T/F phishing is responsible for most of the recent PII breaches?

True

Which law establishes the right of the public to access federal government information?

FOIA

If you discover PII on the web, immediately close your browser & delete all information regarding the URL

False

Individuals are immune to criminal penalities, even if they fail to uphold their PII responsibilities.

False

You are reviewing personnel records containing PII when you notice a record with missing information. You contact the individual to update the personnel record. Compliant or non?

Compliant

Identify if a PIA is required...

- PII records are being converted from paper to electronic - A new system is being purchased to store PII

Which type of safeguarding measure involves restricting PII access to people with a need to know

Administrative

Organizations can incur what type of PII penalties?

Civil

What type of penalties can individuals incur for PII breach?

Criminal

Must report breach 1 hour to US-CERT, 24 hours to Component Privacy Office, 48 hours to the Defense Privacy, Civil Liberties & transparency division

DoD 5400.11-R

Where is a System of Records Notice (SORN) filed?

National Register

Your coworker was teleworking when the agency email system shut down. She had an urgent deadline so sent you an encrypted set of records containing PII from her personal email account. Compliant or non?

Non-compliant

Your organization has a new requirement for annual security training. To track trainin completion, they are using employee social security numbers as record identification. Are they compliant or non-compliant?

Non-compliant

PHI stands for...

Protected health information

Which law establishes the federal government's legal responsibility for safeguarding PII?

The privacy act of 1974

Improper disclosure of PII can result in identify theft

True

Misuse of PII can result in legal liability of the organization

True

Organizations can incur civil penalties for failing to uphold their PII responsibilities.

True

A PIA is required if your system for storing PII is entirely on paper.

True

Organizations must report to Congress the status of their PII holdings every...

Year