Identifying and Safeguarding Personally Identifiable Information (PII)
This deck covers the essential concepts of Personally Identifiable Information (PII), its importance, and guidelines for safeguarding it, based on the Privacy Act of 1974, OMB M-17-12, and DoD 5400.11-R.
What guidance identifies federal information security controls?
Key Terms
True or False? A System of Records Notice (SORN) is not required if an organization determines that PII will be stored using a system of records.
False
Which of the following are examples of PII?
Social Security Number (SSN), Driver's License Number, and Fingerprint.
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
What guidance identifies federal information security controls? | OMB Memorandum M-17-12: Preparing for and Responding to a Breach of Personally Identifiable Information |
True or False? Information that can be combined with other information to link solely to an individual is considered PII. | True |
If someone tampers with or steals an individual's PII, they could be exposed to which of the following? | All of the above (Embarrassment, Fraud, Identity Theft) |
An organization with an existing system of record decides to start using PII for a new purpose outside the 'routine use' defined in the System of Records Notice (SORN). Is this a permitted use? | No |
True or False? A System of Records Notice (SORN) is not required if an organization determines that PII will be stored using a system of records. | False |
Which of the following are examples of PII? | Social Security Number (SSN), Driver's License Number, and Fingerprint. |
This regulation governs the DoD Privacy Program. | DoD 5400.11-R: DoD Privacy Program |
The individual to whom the record pertains has submitted a written request for the information in question. | This use/disclosure is authorized. |
Your organization seeks to use the record for a routine use, as defined in the SORN. | This use/disclosure is authorized. |
Your organization is using existing records for a new purpose and has not yet published a SORN. | This use/disclosure is NOT authorized. |
Organizations that fail to maintain accurate, relevant, timely, and complete information may be subject to which of the following? | Civil Penalties |
You are reviewing personnel records containing PII when you notice a record with missing information. You contact the individual to update the personnel record. Is this compliant with PII safeguarding procedures? | Yes (Compliant) |
Your organization has a new requirement for annual security training. To track training completion, they are using employee social security numbers as record identification. Is this compliant with PII safeguarding procedures? | No (Non-compliant) |
Which of the following is responsible for most of the recent PII data breaches? | Phishing |
Which of the following is NOT included in a breach notification? | Articles and other media reporting the breach. |