Identifying and Safeguarding PII Flashcards

Questions and Answers

An organization that fails to protect PII can face consequences including:

All of the Above (correct)

No consequences

Increased funding

Enhanced security measures

Information that can be combined with other information to link solely to an individual is considered PII.

True

Which of the following is NOT a permitted disclosure of PII contained in a system of records?

The purpose is disclosed with a new purpose that is not encompassed by SORN

What guidance identifies federal information security controls?

OMB Memorandum M-17-12

Which of the following must Privacy Impact Assessments (PIAs) do?

All of the Above

What regulation governs the DoD Privacy Program?

DoD 5400.11-R: DoD Privacy Program

What law establishes the federal government's legal responsibility for safeguarding PII?

Privacy Act of 1974

What law establishes the public's right to access federal government information?

FOIA

No disclosure of a record in a system of records unless:

The individual to whom the record pertains submits a written request or has given prior written consent

Your coworker sent you an encrypted set of records containing PII from her personal e-mail account. Is this compliant with PII safeguarding procedures?

False

If you discover a data breach, you should immediately notify the proper authority and also:

Document where and when the potential breach was found: record URL for PII on the web

Officials or employees who knowingly disclose PII to someone without a need-to-know may be subject to which of the following?

Both civil and criminal penalties

Which of the following is NOT an example of an administrative safeguard that organizations use to protect PII?

List all potential future uses of PII in the System of Records Notice (SORN)

Phishing is not often responsible for PII data breaches.

False

Study Notes

Use and Disclosure of PII

• Organizations that neglect to safeguard Personally Identifiable Information (PII) can face serious consequences, including fines and legal action.
• PII includes any information that can be linked to a specific individual when combined with other data, supporting the need for robust protection measures.
• A new purpose that is not covered by the System of Records Notice (SORN) does not permit the disclosure of PII.
• The Office of Management and Budget (OMB) Memorandum M-17-12 sets forth federal information security control guidelines.
• Privacy Impact Assessments (PIAs) should fulfill multiple essential functions, encompassing comprehensive evaluations of privacy risks related to PII.
• The DoD Privacy Program is governed by DoD 5400.11-R, regulating the handling of PII within the Department of Defense.
• The legal framework for safeguarding PII at the federal level is established by the Privacy Act of 1974.
• The Freedom of Information Act (FOIA) guarantees public access to federal government information, fostering transparency.
• Disclosures of records in systems of records necessitate either a written request from the individual concerned, their prior written consent, or adherence to "routine use" definitions outlined in the SORN.

Safeguarding PII

• Sending PII from a personal email account, even if encrypted, is non-compliant with established safeguarding procedures during telework scenarios.
• Upon discovering a data breach, it is crucial to promptly inform the proper authorities and document the breach's specifics, including the URL where the PII was found.
• Officials or employees disclosing PII without a legitimate need-to-know may face both civil and criminal penalties, highlighting the seriousness of PII handling.
• Identifying all potential future uses of PII in a SORN is not classified as an administrative safeguard, which should focus on security and access management.
• Phishing is a significant threat and frequently leads to data breaches involving PII; therefore, it is crucial to remain vigilant against such tactics.

Description

Test your knowledge on personal identifiable information (PII) with these flashcards. Understand the importance of PII protection, including what constitutes PII and the consequences of misuse. Perfect for anyone looking to enhance their awareness of data privacy.