Identifying and Safeguarding PII V4.0 Flashcards
21 Questions
105 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which of the following must Privacy Impact Assessments (PIAs) do? (Select all that apply)

  • Analyze how an organization handles information to ensure it satisfies requirements
  • Mitigate privacy risks
  • Determine the risks of collecting, using, maintaining, and disseminating PII on electronic information systems
  • All of the above (correct)
  • An Individual whose PII has been stolen is susceptible to identity theft, fraud, and other damage.

    True

    What guidance identifies federal information security controls?

  • The Privacy Act of 1974
  • The Freedom of Information Act (FOIA)
  • OMB Memorandum M-17-12: Preparing for and responding to a breach of PII (correct)
  • DOD 5400.11-R: DOD Privacy Program
  • Which of the following is NOT an example of PII?

    <p>Pet's nickname</p> Signup and view all the answers

    Which of the following is NOT a permitted disclosure of PII contained in a system of records?

    <p>The record is disclosed for a new purpose that is not specified in the SORN</p> Signup and view all the answers

    When is a PIA required?

    <p>When an organization collects PII from existing information systems and electronic collections for which no PIA was previously completed, or for new information systems or electronic collections.</p> Signup and view all the answers

    When is a PIA not required?

    <p>When the information system or electronic collection does not collect, maintain, or disseminate PII, is a national security system, or is solely paper-based.</p> Signup and view all the answers

    Within what timeframe must DOD organizations report PII breaches to the United States Computer Emergency Readiness Team (US-CERT) once discovered?

    <p>1 hour</p> Signup and view all the answers

    Using employee Social Security Numbers as record identification for tracking training completion is compliant with PII safeguarding procedures.

    <p>False</p> Signup and view all the answers

    Using a cross-cut shredder to dispose of physical copies of documents containing PII is compliant with PII safeguarding procedures.

    <p>True</p> Signup and view all the answers

    Organizations that fail to maintain accurate, relevant, timely, and complete information may face which type of penalties?

    <p>Civil penalties</p> Signup and view all the answers

    Paper-based PP is involved in data breaches more often than electronic PP documentation.

    <p>False</p> Signup and view all the answers

    Which regulation governs the DoD Privacy Program?

    <p>DOD 5400.11-R: DOD Privacy Program</p> Signup and view all the answers

    Which of the following is NOT included in a breach notification?

    <p>Articles and other media reporting the breach</p> Signup and view all the answers

    A PIA is required if your system for storing PII is entirely on paper.

    <p>False</p> Signup and view all the answers

    Misuse of PII can result in legal liability of the individual.

    <p>True</p> Signup and view all the answers

    Misuse of PII can result in legal liability of the organization.

    <p>True</p> Signup and view all the answers

    Where is a System of Records Notice (SORN) filed?

    <p>Federal Register</p> Signup and view all the answers

    Organizations must report to Congress the status of their PII holdings every:

    <p>Year</p> Signup and view all the answers

    What should Jane Student do if she cannot find the correct cover sheet for a document containing PII?

    <p>Mark the document CUI and wait to deliver it until she has the cover sheet</p> Signup and view all the answers

    The acronym PHI, in this context, refers to:

    <p>Protected Health Information</p> Signup and view all the answers

    Study Notes

    Privacy Impact Assessments (PIAs)

    • PIAs are essential for assessing organizational handling of information to meet compliance requirements.
    • They aim to mitigate privacy risks and evaluate the implications of collecting, using, maintaining, and disseminating Personally Identifiable Information (PII).

    Identity Theft Vulnerability

    • Individuals whose PII has been stolen are at risk of identity theft, fraud, and other damages.

    Federal Information Security Controls

    • OMB Memorandum M-17-12 provides guidance on federal information security controls related to breaches of PII.

    Defining PII

    • PII examples include a driver's license number, social security number, and fingerprints.
    • A pet's nickname is not classified as PII.

    Permitted Disclosure of PII

    • A disclosure of PII is not permitted if it is for a new purpose not previously specified in the System of Records Notice (SORN).

    PIA Requirements

    • A PIA is mandated for existing information systems without a prior PIA and for new systems or collections of PII.

    Exceptions to PIA Requirements

    • No PIA is needed if the system does not collect, maintain, or disseminate PII, operates as a national security system handling classified info, or is purely paper-based.

    Reporting PII Breaches

    • DOD organizations must report PII breaches to the US-CERT within one hour upon discovery.

    Use of Social Security Numbers

    • Utilizing employee Social Security Numbers for tracking training completion does not comply with PII safeguarding procedures.

    Disposal of PII

    • Proper disposal of PII, such as shredding documents with a cross-cut shredder, complies with safeguarding procedures.

    Consequences of Inaccurate Information

    • Organizations failing to maintain accurate and timely information may face civil penalties.

    Breach Notification Requirements

    • Breach notifications exclude articles and media reports surrounding the incident.
    • Misuse of PII can lead to legal liability for both individuals and organizations.

    System of Records Notices (SORN)

    • SORNs are filed with the Federal Register, ensuring public access and transparency.

    Reporting PII Holdings to Congress

    • Organizations are required to report the status of their PII holdings to Congress annually.

    Proper Document Delivery Practices

    • If a PII document cannot be delivered with a correct cover sheet, it should be marked appropriately and not delivered until the cover sheet is available.

    Protected Health Information (PHI)

    • The acronym PHI stands for Protected Health Information, highlighting the sensitivity of health-related data.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Test your knowledge on Privacy Impact Assessments and the proper handling of Personally Identifiable Information (PII) with these flashcards. This quiz will help you understand the requirements and privacy risks organizations face in managing PII, as outlined in version 4.0, 2022. Boost your privacy assessment skills and awareness.

    More Like This

    NSW Privacy Impact Assessments
    7 questions
    Health Information Privacy and Security
    20 questions
    Personally Identifiable Information (PII) Flashcards
    20 questions
    Use Quizgecko on...
    Browser
    Browser