Description:This course starts with an overview of Personally Identifiable Information (PII), and Protected Health Information (PHI), a significant subset of PII, and the significance of each, as well as the laws and policy that govern the maintenance and protection of PII and PHI. A .gov website belongs to an official government organization in the United States. trailer #block-googletagmanagerheader .field { padding-bottom:0 !important; } 0000001866 00000 n The act requires that federal agencies make their records available to the public unless the records are protected from disclosure by one of the acts exemptions. Topics, Erika McCallister (NIST), Tim Grance (NIST), Karen Scarfone (NIST). Once you have a set of PII, not only can you sell it on the dark web, but you can also use it to carry out other attacks. Lewis's Medical-Surgical Nursing Diane Brown, Helen Edwards, Lesley Seaton, Thomas . The purpose of this document is to assist Federal agencies in protecting the confidentiality of personally identifiable information (PII) in information systems. Damage to victims can affect their good name, credit, job opportunities, possibly result in criminal charges and arrest, as well as cause embarrassment and emotional stress. #block-googletagmanagerfooter .field { padding-bottom:0 !important; } The following are some examples of information that can be considered PII: Several merchants, financial institutions, health organizations, and federal agencies, such as the Department of Homeland Security (DHS), have undergone data breaches that put individuals PII at risk, leaving them potentially vulnerable to identity theft. This factsheet is intended to help you safeguard Personally Identifiable Information (PII) in paper and electronic form during your everyday work activities. endobj The Federal government requires the collection and maintenance of PII so as to govern efficiently. How to Identify PII Loss, 1 of 2 How to Identify PII . Share sensitive information only on official, secure websites. System Requirements:Checkif your system is configured appropriately to use STEPP. PII is a person's name, in combination with any of the following information: Mother's maiden name Driver's license number Bank account information Credit card information Relatives' names Postal address Skysnag helps busy engineers enforce DMARC, responds to any misconfigurations for SPF or DKIM which increases email deliverability, and eliminates email spoofing and identity impersonation. Which of the following establishes Written for Institution Central Texas College Course All documents for this subject (1) The benefits of buying summaries with Stuvia: Guaranteed quality through customer reviews The .gov means its official. In terms of the protection of PHI, HIPAA and the related Health Information Technology for Economic and Clinical Health Act (HITECH) offer guidelines for the protection of PHI. This is a potential security issue, you are being redirected to https://csrc.nist.gov. Start/Continue Identifying and Safeguarding Personally Identifiable Information (PII). The course reviews the responsibilities of the Department of Defense (DoD) to safeguard PII, and explains individual responsibilities. The Cyber Excepted Service (CES) Orientation is an eLearning course designed to familiarize learners with the core tenets of the DoD CES personnel system. PII must only be accessible to those with an official need to know.. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely. %PDF-1.5 % Captain Padlock: Personally Identifiable Information (PII) isinformation used to distinguish or trace an individual's identity, such as name, social security number, mother's maiden name, and biometric records. It is the responsibility of the individual user to protect data to which they have access. 0000000016 00000 n 0000002158 00000 n The U.S. General Services Administration notes that PII can become more sensitive when it is combined with other publicly available information. The purpose of this course is to identify what Personally Identifiable Information (PII) is and why it is important to protect it. FM0T3mRIr^wB`6cO}&HN 4$>`X4P\tF2HM|eL^C\RAl0) . COLLECTING PII. 0000003055 00000 n The purpose of this lesson is to review the completed course work while reflecting on the role of HR Practitioners in CES organizations. This Handbook provides best practices and DHS policy requirements to prevent a privacy incident involving PII/SPII during all stages of the information lifecycle: when collecting, storing, using, disseminating, or disposing of PII/SPII. Personal Identifiable Information (PII) is defined as: Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. The act requires that federal agencies give individuals notice of their right to access and correct their PII and establish penalties for PII misuse. 0000000516 00000 n This course was created by DISA and is hosted on CDSE's learning management system STEPP. Our Other Offices. PHI is one of the most sought-after pieces of data that a cybercriminal has in their sights. 0000002651 00000 n In some cases, all they need is an email address. 200 Constitution AveNW The Department of Energy defines PII as any information collected or maintained by the department about an individual that could be used to distinguish or trace their identity. This is information that can be used to identify an individual, such as their name, address, or Social Security number. PCI compliance includes taking responsibility for ensuring that financial data is protected at all stages, including when it is accepted, transferred, stored, and processed. %%EOF Ensure that the information entrusted to you in the course of your work is secure and protected. PII is regulated by a number of laws and regulations, including the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, and the Health Insurance Portability and Accountability Act. /*-->*/. 0 With these responsibilities contractors should ensure that their employees: Contractors should ensure their contract employees are aware of their responsibilities regarding the protection of PII at the Department of Labor. The launch training button will redirect you to JKO to take the course. DHS employees, contractors, consultants, and detailees are required by law to properly collect, access, use, share, and dispose of PII in order to protect the privacy of individuals. A lock () or https:// means you've safely connected to the .gov website. Sensitive PII is information that can be utilized to identify an individual and that could potentially be used to harm them if it fell into the wrong hands. The GDPR imposes significant fines for companies that violate its provisions, including up to 4% of a companys global annual revenue or 20 million (whichever is greater), whichever is greater. This includes information like Social Security numbers, financial information, and medical records. The act requires that covered entities take reasonable steps to safeguard the confidentiality of protected health information and limits the disclosure of protected health information without consent. Which of the following are risk associated with the misuse or improper disclosure of PII? We're available through e-mail, live chat and Facebook. #views-exposed-form-manual-cloud-search-manual-cloud-search-results .form-actions{display:block;flex:1;} #tfa-entry-form .form-actions {justify-content:flex-start;} #node-agency-pages-layout-builder-form .form-actions {display:block;} #tfa-entry-form input {height:55px;} Major legal, federal, and DoD requirements for protecting PII are presented. Department of Labor (DOL) contractors are reminded that safeguarding sensitive information is a critical responsibility that must be taken seriously at all times. This information can be maintained in either paper, electronic or other media. PII/PHI Personally Identifiable Information (PII) is information that can be used to distinguish or trace an individual's identity, either alone or when combined with other information that is linked or linkable to a specific individual. This interactive presentation reviews the definition of personally identifiable information (PII), why it is important to protect PII, the policies and procedures related to the use and disclosure of PII, and both the organization's and individual's responsibilities for safeguarding PII. PII should be protected from inappropriate access, use, and disclosure. Lead to identity theft which can be costly to both the individual and the government. Unauthorized recipients may fraudulently use the information. Thieves can sell this information for a profit. Which of the following must Privacy Impact Assessments (PIAs) do? We're available through e-mail, live chat and Facebook. endstream endobj 137 0 obj <. The DoD ID number or other unique identifier should be used in place of the SSN whenever possible. @media only screen and (min-width: 0px){.agency-nav-container.nav-is-open {overflow-y: unset!important;}} ), Health Information Technology for Economic and Clinical Health Act (HITECH), Encrypting all PII data in transit and at rest, Restricting access to PII data to only those who need it, Ensuring that all PII data is accurate and up to date, Destroying PII data when it is no longer needed. The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that protects the privacy of health information. PII can also include demographic, medical, and financial information, or any other information linked or linkable to a specific . `I&`q# ` i . When collecting PII, organizations should have a plan in place for how the information will be used, stored, and protected. .usa-footer .container {max-width:1440px!important;} Essential Environment: The Science Behind the Stories Jay H. Withgott, Matthew Laposata. CUI Program Knowledge Check 1 Impact of CUI Responsibilities ISOO Registry DOD Registry Marking Requirements CUI Basic vs. CUI Specified Minimum Marking Requirements - CUI Only Portion Markings - CUI Only Limited Dissemination Controls - CUI Only Knowledge Check 2 CUI Cover Page and SF902 Label Knowledge Check 3 2 of 2 Reporting a PII Loss; Conclusion, 7 of 7 Conclusion. The course is designed to prepare DOD and other Federal employees to recognize the importance of PII, to identify what PII is, and why it is important to protect PII. The purpose of Lesson 1 is to provide an overview of Cyber Excepted Service (CES) HR Elements Course in general. 157 0 obj <>stream The Privacy Act of 1974 is a federal law that establishes rules for the collection, use, and disclosure of PII by federal agencies. ), which was introduced to protect the rights of Europeans with respect to their personal data. This training is intended for DOD civilians, military members, and contractors using DOD information systems. PII stands for personally identifiable information. Erode confidence in the governments ability to protect information. citizens, even if those citizens are not physically present in the E.U. Think security. Users must adhere to the rules of behavior defined in applicable Systems Security Plans, DOL and agency guidance. Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA), 1995 Data Protection Directive (95/46/E.C. Thieves may use it to open new accounts, apply for loans, or make purchases in your name. Any organization that processes, stores, or transmits cardholder data must comply with these standards. Additionally, physical files such as bills, receipts, birth certificates, Social Security cards, or lease information can be stolen if an individuals home is broken into. SP 800-122 (DOI) The CES DoD Workforce Orientation is a presentation (including a question and answer segment) that has been designed to familiarize the workforce with the core tenets of the DoD CES personnel system. Federal government websites often end in .gov or .mil. College Physics Raymond A. Serway, Chris Vuille. The definition of PII may vary from jurisdiction to jurisdiction but typically includes any information that can be used to identify an individual. Access Control; Audit and Accountability; Identification and Authentication; Media Protection; Planning; Risk Assessment; System and Communications Protection, Publication: Get started with Skysnag and sign up using this link for a free trial today. The course is designed to prepare DOD and other Federal employees to recognize the importance of PII, to identify what PII is, and why it is important to protect PII. .cd-main-content p, blockquote {margin-bottom:1em;} Delete the information when no longer required. Safeguarding refers to protecting PII from loss, theft, or misuse while simultaneously supporting the agency mission. Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) Everything's an Argument with 2016 MLA Update University Andrea A Lunsford, University John J Ruszkiewicz. This lesson is to prepare HR Professionals to guide supervisors and employees covered under CES for transition to the new personnel system with an overview of compensation elements of the CES occupational structure. The document also suggests safeguards that may offer appropriate levels of protection for PII and provides recommendations for developing response plans for incidents involving PII. Safeguard DOL information to which their employees have access at all times. The purpose of this document is to assist Federal agencies in protecting the confidentiality of personally identifiable information (PII) in information systems. hbbd```b``A$efI fg@$X.`+`00{\"mMT`3O IpgK$ ^` R3fM` Whether youre supplementing your training in DCWF Orientation or coming back for a refresher, this learning game is designed to test your knowledge of the Defense Cyber Workforce Framework (DCWF). The GDPR requires companies to get explicit permission from individuals before collecting, using, or sharing their personal data. .agency-blurb-container .agency_blurb.background--light { padding: 0; } These attacks show how cybercriminals can use stolen PII to carry out additional attacks on organizations. PII can be collected in a combination of methods, including through online forms, surveys, and social media. Some accounts can even be opened over the phone or on the internet. Center for Development of Security Excellence, Defense Counterintelligence and Security Agency, Identifying and Safeguarding Personally Identifiable Information (PII) DS-IF101.06, My Certificates/Digital Badges/Transcripts, My Certificates of Completion for Courses, Controlled Unclassified Information (CUI) Training, Personally Identifiable Information (PII) Training, Hosted by Defense Media Activity - WEB.mil, Define PII and Protected Health Information, or PHI, a significant subset of PII, and the significance of each, as well as the laws and policy that govern the maintenance and protection of PII and PHI, Identify the responsibilities for safeguarding PII and PHI on both the organizational and individual levels, Identify use and disclosure of PII and PHI, State the organizational and individual penalties for not complying with the policies governing PII and PHI maintenance and protection. PII can be defined in different ways, but it typically refers to information . Identifying and Safeguarding Personally Identifiable Information (PII) This training starts with an overview of Personally Identifiable Information (PII), and protected health information (PHI), a significant subset of PII, and the significance of each, as well as the laws and policy that govern the maintenance and protection of PII and PHI. 147 0 obj <> endobj View more DoD Cyber Workforce Framework (DCWF) Orientation is an eLearning course designed to familiarize learners with the fundamental principles of the DCWF. Identity thieves are always looking for new ways to gain access to peoples personal information. The act requires that schools give parents and students the opportunity to inspect and correct their educational records and limits the disclosure of educational records without consent. SP 800-122 (EPUB) (txt), Document History: It sets out the rules for the collection and processing of personally identifiable information (PII) by individuals, companies, or other organizations operating in the E.U. .manual-search ul.usa-list li {max-width:100%;} Official websites use .gov PHI is defined by the Health Insurance Portability and Accountability Act (HIPAA) and is made up of any data that can be used to associate a persons identity with their health care. 0000001061 00000 n Think protection. The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student educational records. This course explains the responsibilities for safeguarding PII and PHI on both the organizational and individual levels, examines the authorized and unauthorized use and disclosure of PII and PHI, and the organizational and individual penalties for not complying with the policies governing PII and PHI maintenance and protection. xref It is vital to protect PII and only collect the essential information. .h1 {font-family:'Merriweather';font-weight:700;} Mobile device tracking can geoposition you, display your location, record location history, and activate by default. Managing, safeguarding, and evaluating their systems of records Providing training resources to assure proper operation and maintenance of their system(s) Preparing public notices and report for new or changed systems Skysnags automated software safeguards your domains reputation and keeps your business away from compromised business emails, password theft, and potentially significant financial losses. Developed to be used in conjunction with annual DoD cybersecurity awareness training, this course presents the additional cybersecurity responsibilities for DoD information system users with access privileges elevated above those of an authorized user. Local Download, Supplemental Material: CUI is an umbrella term that encompasses many different markings to identify information that is not classified but which should be protected. [CDATA[/* >