Travis Airmen must keep watch over PII

  • Published
  • By Airman 1st Class Eboni Reece
  • 27th Special Operations Wing Public Affairs
TRAVIS AIR FORCE BASE, Calif. --  From social security and telephone numbers to email addresses, each and every Airman at Travis handles Personally Identifiable Information. PII is any information about an individual that can be used to distinguish a person's identity. Failure to handle PII properly could result in a vulnerability known as a PII breach.

A PII breach is defined as a loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access or any similar term referring to situations when people other than authorized users and for other than authorized purposes have access or potential access to PII, whether physical or electronic.

The 68th Network Warfare Squadron, Lackland Air Force Base, Texas, and 352nd Network Welfare Squadron, Joint Base Pearl Harbor-Hickam, Hawaii, serve as the Cyberspace Defense Analysis Weapon System and are actively monitoring the Air Force network for PII breaches and violations. When a PII breach is identified, it is reported to the 624th Operations Center at Lackland, and the formal reporting process is initiated.

The abuse of such information cannot only affect separate individuals, but ultimately poses a threat to the entire Air Force. In many cases in which PII was compromised, information is released that can be used to steal someone's identity. It is vital for every individual to understand how to properly safeguard their personal information and the information of others.

As the world moves steadfastly into the digital age, more and more information is being stored and transmitted via email and other electronic means. Whether it is an effort to work smarter and not harder or simply an attempt at saving mass quantities of paper, emails are often sent to distribution lists containing PII, such as alpha, recall and unit personnel management rosters, for mission-essential purposes. To protect the sensitivity of this information, it is important to adhere to the guidance provided within Air Force Instruction 33-332.

According to AFI 33-332, sending unencrypted emails containing Privacy Act information, anything that is personally identifiable information about individuals, to distribution, group or non dot-mil email addresses is strictly prohibited. This is how a majority of PII breaches are caused.

If you need to send an email containing Privacy Act/PII, it must be encrypted, have the acronym that stands for "For Official Use Only" at the beginning of the subject line and include the official Privacy Act statement at the beginning of the email. In addition to that, the Privacy Act statement cannot be indiscriminately applied to all emails. It must only be included when transmitting PII required being protected For Official Use Only.

Most breaches are not caused deliberately or with malicious intent. However, the act of simply forwarding an email containing PII to one's personal email address is a violation of the aforementioned AFI. An action that one may complete for convenience purposes could potentially leave bits of PII open to compromise.

PII breaches do not solely occur at the fingertips of lackadaisical email composers. The protection of tangible PII is equally important. High-sensitive items such as performance reports, recall rosters and any document containing an individual's social security number left in a common area could result in loss or theft.

It may seem harmless, but leaving personal information in unsecured vehicles and file drawers, unattended workplaces, in checked baggage during travel or the storage or use of such sensitive information in personal media can also make PII vulnerable to getting in the wrong hands.

These are all acts that can unknowingly be done on a daily basis by Airmen Air Force-wide. As the number of PII breaches rises, it is imperative that each Airman understands what constitutes PII, how it should be handled and that it is everyone's responsibility to abide by the regulations and report any inappropriate disclosures.

If you discover any unauthorized disclosures of PII, report it immediately through your chain of command to the base Privacy Act manager at 424-2228.

Lost, stolen or possibly compromised PII must be reported to US CERT at www.us-cert.gov/ within one hour of the discovery. An investigation will be initiated and personnel who fail to adhere to guidelines outlined in AFI 33-332 may be susceptible to punishment under the Uniformed Code of Military Justice Article 92 or civil equivalent.

No one is immune to identity theft. The financial and psychological price tag associated with repairing an individual's identity can be costly and may require numerous years to accomplish. Each Airman must be vigilant in preserving their personal Privacy Act rights as well as the PII of their wingman.

Senior Airman Nicole Leidholm contributed to this report.