Identifying and Safeguarding PII DS-IF101.06

Ace your homework & exams now with Quizwiz!

The individual to whom the record pertains has submitted a written request for the information in question.

***This use/disclosure is authorized. This use/disclosure is NOT authorized.

Your organization seeks to use the record for a routine use, as defined in the SORN.

***This use/disclosure is authorized. This use/disclosure is NOT authorized.

True or false? A System of Records Notice (SORN) is not required if an organization determines that PII will be stored using a system of records.

***True False

True or false? An individual whose PII has been stolen is susceptible to identity theft, fraud, and other damage.

***True False

True or false? Information that has been combined with other information to link solely to an individual is considered PII.

***True False

Within what timeframe must DoD organizations report PII breaches to the United States Computer Emergency Readiness Team (US-CERT) once discovered?

24 hours 48 hours ***1 hour 12 hours

Which of the following are examples of PII?

***Social Security Number (SSN) ***Driver's License Number ***Fingerprint First Pet's Name

Officials or employees who knowingly disclose PII to someone without a need-to-know may be subject to which of the following?

***Criminal penalties Civil penalties Both civil and criminal penalties Neither civil nor criminal penalties

What law establishes the public's right to access federal government information?

DoD 5400.11-R: DoD Privacy Program OMB Memorandum M-17-12: Preparing for and Responding to a Breach of Personally Identifiable Information The Privacy Act of 1974 ***The Freedom of Information Act (FOIA)

Which of the following is an example of a physical safeguard that individuals can use to protect PII?

Follow the National Archives and Records Administration's (NARA's) guidelines for document disposal Use cover sheets, the appropriate postal class, and wrapping procedures for transport Apply appropriate markings to PII documents ***All of the above

Which of the following is responsibile for most of the recent PII data breaches?

Physical breaking and entry ***Phishing Insider Threat Reconstruction of improperly disposed documents

Which action requires an organization to carry out a Privacy Impact Assessment?

Storing paper-based records Collecting any CUI, including but not limited to PII ***Collecting PII to store in a new information system Collecting PII to store in a National Security System

Identify each law or regulation

This regulation governs the DoD Privacy Program. - DoD 5400.11-R: DoD Privacy Program This law establishes the public's right to access federal government information. - FOIA This guidance identifies federal information security controls. - OMB M-17-12 This law establishes the federal government's legal responsibility for safeguarding PII. - Privacy Act of 1974

Your organization is using existing records for a new purpose and has not yet published a SORN.

This use/disclosure is authorized. ***This use/disclosure is NOT authorized.

An organization with an existing system of records decides to start using PII for a new purpose outside the "routine use" defined in the System of Records Notice (SORN). Is this a permitted use?

Yes ***No

Your organization has a new requirement for annual security training. To track training completion, they are using employee Social Security Numbers as record identification. Is this compliant with PII safeguarding procedures?

Yes ***No


Related study sets

Psychology In Your Life: Chapter 5 Sensation and Perception

View Set

CSCI Ch 1 - 7 combined, CSCI CH 8-11, 13-14, Computer Science 165 Midterm, C++ Chapter 12, Ch17, Final

View Set

Senior Project MLA Research Paper Outline (sample paper)

View Set

Chapter 6 Review Data Management

View Set

TERM 4 Ch 28 Care of Patients Requiring Oxygen Therapy or Tracheostomy

View Set

305 Chapter 29 Infection Control

View Set