PII
T/F Following a breach, organizations must issue a breach notification.
True
T/F phishing is responsible for most of the recent PII breaches?
True
Which law establishes the right of the public to access federal government information?
FOIA
If you discover PII on the web, immediately close your browser & delete all information regarding the URL
False
Individuals are immune to criminal penalities, even if they fail to uphold their PII responsibilities.
False
You are reviewing personnel records containing PII when you notice a record with missing information. You contact the individual to update the personnel record. Compliant or non?
Compliant
Identify if a PIA is required...
- PII records are being converted from paper to electronic - A new system is being purchased to store PII
Which type of safeguarding measure involves restricting PII access to people with a need to know
Administrative
Organizations can incur what type of PII penalties?
Civil
What type of penalties can individuals incur for PII breach?
Criminal
Must report breach 1 hour to US-CERT, 24 hours to Component Privacy Office, 48 hours to the Defense Privacy, Civil Liberties & transparency division
DoD 5400.11-R
Where is a System of Records Notice (SORN) filed?
National Register
Your coworker was teleworking when the agency email system shut down. She had an urgent deadline so sent you an encrypted set of records containing PII from her personal email account. Compliant or non?
Non-compliant
Your organization has a new requirement for annual security training. To track trainin completion, they are using employee social security numbers as record identification. Are they compliant or non-compliant?
Non-compliant
PHI stands for...
Protected health information
Which law establishes the federal government's legal responsibility for safeguarding PII?
The privacy act of 1974
Improper disclosure of PII can result in identify theft
True
Misuse of PII can result in legal liability of the organization
True
Organizations can incur civil penalties for failing to uphold their PII responsibilities.
True
A PIA is required if your system for storing PII is entirely on paper.
True
Organizations must report to Congress the status of their PII holdings every...
Year