HomeNewsArticle Display

Serious consequences for mishandling personal ID info

SCOTT AIR FORCE BASE, Ill. -- Individuals who inappropriately store and transmit Personally Identifiable Information, or PII, over the Air Force Network will now have their accounts locked in response to the violation.

Patricia Feist, 375th Communications Squadron base records manager, said, "Personally Identifiable Information is information which can be used to distinguish or trace an individual's identity, such as their name, Social Security Number, or biometric records, including any other personal information that is linked or linkable to a specific individual."

A PII breach is defined as "a loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access or any similar term referring to situations where persons other than authorized users and for other than authorized purpose have access or potential access to PII, whether physical or electronic."

Air Force Space Command spokeswoman, Capt. Christina Sukach, said, "These breaches can range from one individual sending a performance report containing a Social Security Number to another military account without encryption, to sending a personnel roster with thousands of pieces of PII to a personal email account, outside of the Air Force Network. These breaches do not necessarily translate to stolen identities or other malicious uses of personal information, but they do increase the risks to individuals and to the Air Force Network.

All DoD personnel are responsible for protecting PII. These new actions are in addition to, and do not circumvent or replace, the normal Privacy Act notification process which is already in place throughout the Air Force. Air Force Instruction 33-332 governs the PII breach reporting process as well as the consequences for PII violations.

"An individual who willingly releases PII can be given remedial actions. Civil remedies include payment of damages, court costs, and attorney fees in some cases. In addition, misdemeanor criminal charges and a fine of up to $5,000 may be imposed, as well as loss of employment," said Feist.

The abuse of such information not only affects individuals, but also poses a threat to the entire Air Force. In many cases in which PII has been compromised, information is released that can be used to steal someone's identity. It is vital for every individual to understand how to properly safeguard their personal information and the information of others.

Feist said, "If you are going to collect PII, you must have an authority to collect the information and should have System of Records Notice listed in the Federal registry. It is of the utmost importance you must protect that information. Identity theft is big."

Encrypting PII allows secure transmission. Additional information on protecting PII can be found on the Air Force Portal under the Cyber Threats and Information tab as well as at http://dpclo.defense.gov/privacy.

Protecting Personally Identifiable Information

Email: ensure there is an official need for the recipient(s) to receive the information. If email is used place FOUO in the subject line, the Privacy act statement "This e-mail contains FOR OFFICIAL USE ONLY (FOUO) information which must be protected under the Freedom of Information Act (5 U.S.C 552) and/or the Privacy Act of 1974 (5 U.S.C. 552a). Unauthorized disclosure or misuse of this PERSONAL INFORMATION may result in disciplinary action, criminal and/or civil penalties. Further distribution is prohibited without the approval of the author of this message unless the recipient has a need to know in the performance of official duties. If you have received this message in error, please notify the sender and delete all copies of this message." Encrypt and digitally sign the email.

Use the Army Missile Research Development and Engineering Center Safe Access File Exchange as an alternate means of transmitting PII.

Ensure personal information stored on EIM or a shared drive is only accessible to individuals who have an official, valid "need-to-know" and is required for day-to-day operations.

Remove personal information maintained within SharePoint or equivalent software programs when no longer needed for daily operations.

If faxing information, use a coversheet and have the person receiving the fax be waiting by the machine.

Paper documents and printed materials that contain PII shall be covered with the AF Form 3227, Privacy Act Cover Sheet or DD Form 2923, Privacy Act Data Cover Sheet when removed from a System of Record.

Don't send sensitive PII on CDs, DVDs, hard drives, flash drives, floppy disks or other removable media by mail or courier sensitive PII unless the data is encrypted (see AFI 33-200, Information Assurance Management).

Don't leave personal information in unsecured vehicles, unattended workspaces, unsecured file drawers, or in checked baggage.

Don't store personal information on personal media.
USAF Comments Policy
If you wish to comment, use the text box below. AF reserves the right to modify this policy at any time.

This is a moderated forum. That means all comments will be reviewed before posting. In addition, we expect that participants will treat each other, as well as our agency and our employees, with respect. We will not post comments that contain abusive or vulgar language, spam, hate speech, personal attacks, violate EEO policy, are offensive to other or similar content. We will not post comments that are spam, are clearly "off topic", promote services or products, infringe copyright protected material, or contain any links that don't contribute to the discussion. Comments that make unsupported accusations will also not be posted. The AF and the AF alone will make a determination as to which comments will be posted. Any references to commercial entities, products, services, or other non-governmental organizations or individuals that remain on the site are provided solely for the information of individuals using this page. These references are not intended to reflect the opinion of the AF, DoD, the United States, or its officers or employees concerning the significance, priority, or importance to be given the referenced entity, product, service, or organization. Such references are not an official or personal endorsement of any product, person, or service, and may not be quoted or reproduced for the purpose of stating or implying AF endorsement or approval of any product, person, or service.

Any comments that report criminal activity including: suicidal behaviour or sexual assault will be reported to appropriate authorities including OSI. This forum is not:

  • This forum is not to be used to report criminal activity. If you have information for law enforcement, please contact OSI or your local police agency.
  • Do not submit unsolicited proposals, or other business ideas or inquiries to this forum. This site is not to be used for contracting or commercial business.
  • This forum may not be used for the submission of any claim, demand, informal or formal complaint, or any other form of legal and/or administrative notice or process, or for the exhaustion of any legal and/or administrative remedy.

AF does not guarantee or warrant that any information posted by individuals on this forum is correct, and disclaims any liability for any loss or damage resulting from reliance on any such information. AF may not be able to verify, does not warrant or guarantee, and assumes no liability for anything posted on this website by any other person. AF does not endorse, support or otherwise promote any private or commercial entity or the information, products or services contained on those websites that may be reached through links on our website.

Members of the media are asked to send questions to the public affairs through their normal channels and to refrain from submitting questions here as comments. Reporter questions will not be posted. We recognize that the Web is a 24/7 medium, and your comments are welcome at any time. However, given the need to manage federal resources, moderating and posting of comments will occur during regular business hours Monday through Friday. Comments submitted after hours or on weekends will be read and posted as early as possible; in most cases, this means the next business day.

For the benefit of robust discussion, we ask that comments remain "on-topic." This means that comments will be posted only as it relates to the topic that is being discussed within the blog post. The views expressed on the site by non-federal commentators do not necessarily reflect the official views of the AF or the Federal Government.

To protect your own privacy and the privacy of others, please do not include personally identifiable information, such as name, Social Security number, DoD ID number, OSI Case number, phone numbers or email addresses in the body of your comment. If you do voluntarily include personally identifiable information in your comment, such as your name, that comment may or may not be posted on the page. If your comment is posted, your name will not be redacted or removed. In no circumstances will comments be posted that contain Social Security numbers, DoD ID numbers, OSI case numbers, addresses, email address or phone numbers. The default for the posting of comments is "anonymous", but if you opt not to, any information, including your login name, may be displayed on our site.

Thank you for taking the time to read this comment policy. We encourage your participation in our discussion and look forward to an active exchange of ideas.