PII: Protect Personal Information
JOINT BASE PEARL HARBOR-HICKAM, Hawaii -- PII - What's the big deal? Inappropriately send it and get your account locked!
"You don't have to print me a copy of our new recall roster because I just e-mailed it to myself at home."
How many times has someone said that to you just before going home the night before a practice telephone recall? It's ok though because everyone at work has a recall roster and they're posted in continuity books so we can all be contacted just in case something happens...right?
That recall roster is filled with Personally Identifiable Information (PII). In layman's terms, PII is any unique information that someone can use to steal your identity. On just that one document a hacker can gain an Airman's rank, full name, duty title, home address and telephone number and cell phone. They can also tell who an Airman's supervisory chain is and their current duty status (whether they are deployed or not).
This is a very simple example of how Airmen and civilians regularly transmit PII without giving it a second thought or understanding the ramifications of what would happen if that information got into the hands of someone who wanted to cause harm.
"People just don't realize the real danger of exposing PII data," said Johnny Bland, Director of Information Protection for Pacific Air Forces. "You easily place your friends, co-workers, and family at risk in many ways--and this affects our mission readiness as a whole."
Mr. Bland explained that the personal data we use every day is a relative gold mine for thieves and hackers.
"We have seen cases where thieves used stolen data to establish new identity with your information. In one particular case," he said, "thieves used the data from one of our PACAF Airmen to set up a monthly bill payment to a different account."
The Air Force is now taking additional steps to highlight the importance of safeguarding all of our PII. The biggest and most noticeable step is the locking of violators' e-mail accounts. This means that if an Airman inappropriately transmits PII from their Air Force network account--it will be locked.
That got your attention. What's PII again?
PII is any information that identifies links, is unique to, or describes an individual. This includes but is not limited to home addresses and telephone numbers, social security numbers, age, rank, marital status and race, driver license and passport numbers, date and place of birth, even your mother's maiden name.
What happens if an Airman inadvertently sends this information?
The Air Force's Cyberspace Defense Analysis (CDA) weapon system is monitoring all of the Air Force's official e-mail accounts around the clock. According to their fact sheet, the CDA system conducts defensive cyberspace operations by monitoring, collecting, analyzing, and reporting on sensitive information released from friendly unclassified systems, such as computer networks, telephones, email, and USAF websites. CDA is vital to identifying Operations Security (OPSEC) disclosures.
If the CDA identifies a PII breach, the violator's e-mail account will be temporarily locked and their Wing chain of command notified. Only when the violator has completed assigned remedial training and discussed the issue with the first colonel or civilian equivalent in their chain of command will they regain access to their e-mail account.
One of the easiest ways to safeguard PII is by encrypting those e-mails and marking them FOUO. Don't send any e-mail between official and personal e-mail accounts, and never store or transfer official information on external or flash drives.
"Here in PACAF we are intensifying efforts to educate our personnel and change the culture of lackadaisically transmitting PII data," Bland said. "Bottom-line, we cannot afford or allow adversaries to use PII data to impact the mission readiness of our personnel."