Personally Identifiable Information (PII) Flashcards
20 Questions
106 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which action requires an organization to carry out a Privacy Impact Assessment?

Collecting PII to store in a new information system

Which of the following is an example of a physical safeguard that individuals can use to protect PII?

  • Locking office doors
  • Shredding documents
  • Using strong passwords
  • All of the above (correct)

What is the purpose of a Privacy Impact Assessment (PIA)?

Determine whether the collection and maintenance of PII is worth the risk to individuals

Information that can be combined with other information to link solely to an individual is considered PII.

<p>True (A)</p> Signup and view all the answers

What guidance identifies federal information security controls?

<p>OMB Memorandum M-17-12: Preparing for and Responding to a Breach of Personally Identifiable Information</p> Signup and view all the answers

An organization that fails to protect PII can face consequences including:

<p>All of the above (D)</p> Signup and view all the answers

If someone tampers with or steals an individual's PII, they could be exposed to which of the following?

<p>All of the above (D)</p> Signup and view all the answers

Which of the following is NOT a permitted disclosure of PII contained in a system of records?

<p>The record is disclosed for a new purpose that is not specified in the SORN.</p> Signup and view all the answers

Which of the following is not an example of PII?

<p>Pet's nickname (A)</p> Signup and view all the answers

Which of the following must privacy impact assessments (PIAs) do?

<p>All of the above (D)</p> Signup and view all the answers

What law establishes the federal government's legal responsibility for safeguarding PII?

<p>The Privacy Act of 1974 (C)</p> Signup and view all the answers

Organizations that fail to maintain accurate, relevant, timely, and complete information may be subject to which of the following?

<p>Civil penalties</p> Signup and view all the answers

What law establishes the public's right to access federal government information?

<p>The Freedom of Information Act (FOIA) (D)</p> Signup and view all the answers

An organization with existing system of records decides to start using PII for a new purpose outside the 'routine use' defined in the System of Records Notice (SORN). Is this a permitted use?

<p>No (A)</p> Signup and view all the answers

A System of Records Notice (SORN) is not required if an organization determines that PII will be stored using a system of records.

<p>False (B)</p> Signup and view all the answers

Which of the following is responsible for the most recent PII data breaches?

<p>Phishing (B)</p> Signup and view all the answers

Which of the following is not an example of an administrative safeguard that organizations use to protect PII?

<p>List all potential future uses of PII in the System of Records Notice (SORN) (D)</p> Signup and view all the answers

Within what timeframe must DoD organizations report PII breaches to the United States Computer Emergency Readiness Team (US-CERT) once discovered?

<p>1 Hour (D)</p> Signup and view all the answers

Officials or employees who knowingly disclose PII to someone without a need-to-know may be subject to which of the following?

<p>Both civil and criminal penalties (C)</p> Signup and view all the answers

Individuals who maintain a system of records without publishing the required public notice in the federal register may be subject to which of the following?

<p>Both civil and criminal penalties (C)</p> Signup and view all the answers

Flashcards

PII

Personally Identifiable Information; information that can be used to identify a specific individual.

PIA

Privacy Impact Assessment; evaluates risks and impacts of collecting and using PII.

Physical Safeguards

Protections against loss or theft of PII in a physical environment.

OMB M-17-12

Federal memorandum outlining information security controls for PII breaches.

Signup and view all the flashcards

System of Records Notice (SORN)

Notice describing how PII is collected, used, and stored, and is required when handling PII.

Signup and view all the flashcards

Privacy Act of 1974

Federal law focusing on the protection of PII.

Signup and view all the flashcards

FOIA

Freedom of Information Act; legal right of access to federal government information.

Signup and view all the flashcards

Remediation Costs

Costs associated with addressing a PII breach or violation.

Signup and view all the flashcards

Phishing

An attack designed to trick people into revealing sensitive information, often related to PII.

Signup and view all the flashcards

Data Breaches

Unauthorized access or disclosure of PII.

Signup and view all the flashcards

Administrative Safeguards

Processes and procedures intended to protect PII.

Signup and view all the flashcards

Civil Penalties

Penalties resulting from failure to maintain accurate or timely PII records.

Signup and view all the flashcards

Identity Theft

Criminals illegally obtain personal information to assume someone else's identity.

Signup and view all the flashcards

US-CERT

United States Computer Emergency Readiness Team.

Signup and view all the flashcards

Need-to-Know

Principle of only disclosing PII to those with a legitimate need to know this information.

Signup and view all the flashcards

Public Notices

Requirements to publish information about systems handling PII.

Signup and view all the flashcards

Loss of Trust

Damage or erosion of public confidence in an organization.

Signup and view all the flashcards

Legal Liability

Responsibility or accountability for damages or harm caused by mishandling information.

Signup and view all the flashcards

Embaressment

Feeling of shame or humiliation related to PII breaches.

Signup and view all the flashcards

Fraud

Deceptive practices or actions intended to induce financial loss in or towards an individual

Signup and view all the flashcards

Study Notes

Personally Identifiable Information (PII)

  • Organizations must conduct a Privacy Impact Assessment (PIA) when collecting PII for a new information system.
  • Physical safeguards to protect PII include various protective measures, with options for individuals to use all available methods.
  • A PIA assesses the risks and impacts of collecting and maintaining PII in order to decide if the benefits outweigh the risks to individuals.
  • PII in its broadest sense can be combined with other data to identify individuals, confirming that such information is classified as PII.
  • The Office of Management and Budget (OMB) Memorandum M-17-12 outlines federal information security controls regarding PII breaches.
  • Failing to protect PII can lead to remediation costs, loss of trust, legal liability, or all of the above.
  • Individuals whose PII is stolen or tampered with may face embarrassment, fraud, or identity theft.
  • Permitted disclosures of PII do not include records used for purposes not specified in the System of Records Notice (SORN).
  • Examples of PII include fingerprints and Social Security numbers, while a pet's nickname does not qualify as PII.
  • Privacy impact assessments must satisfy certain criteria to be considered valid and adequate.
  • The Privacy Act of 1974 establishes the federal government’s responsibility to safeguard PII.
  • Organizations that fail to maintain accurate and timely information may incur civil penalties.
  • The Freedom of Information Act (FOIA) provides the public with the right to access federal government information.
  • Using PII for purposes outside those defined in the SORN is not permitted.
  • A System of Records Notice (SORN) is always required when PII is to be stored within a system of records.
  • Phishing is the leading cause of recent PII data breaches, highlighting the need for effective cybersecurity measures.
  • Administrative safeguards for PII do not include listing potential future uses of PII in a SORN.
  • DoD organizations must report detected PII breaches to US-CERT within one hour.
  • Disclosing PII without a need-to-know basis may lead to criminal penalties for officials or employees.
  • Failure to publish required public notices for systems of records can result in both civil and criminal penalties.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Description

Test your knowledge on Personally Identifiable Information (PII) with these flashcards. Explore essential concepts like the Privacy Impact Assessment and various safeguards to protect PII. This quiz will help you understand critical aspects of PII compliance and security measures.

More Like This

Use Quizgecko on...
Browser
Browser