Back to AI Flashcard MakerInformation Technology /Personally Identifiable Information Part 2
Personally Identifiable Information Part 2
This deck covers key concepts related to the protection and management of Personally Identifiable Information (PII), including common threats, compliance requirements, and safeguarding measures.
Which of the following is responsible for the most recent PII data breaches? A. Physical breaking and entry B. Insider threat C. Phishing D. Reconstruction of improperly disposed documents
C. Phishing
Tap or swipe ↕ to flip
Swipe ←→Navigate
1/15
Key Terms
Term
Definition
Which of the following is responsible for the most recent PII data breaches?
A. Physical breaking and entry
B. Insider threat
C. Phishing
D. Reconstruction of improperly disposed documents
C. Phishing
Which of the following is not an example of an administrative safeguard that organizations use to protect PII?
A. Conduct risk assessments
B. Reduce the volume and use of Social Security Numbers
C. List all potential future uses of PII in the System of Records Notice (SORN)
D. Ensure employees are trained to properly use and protect electronic records
C. List all potential future uses of PII in the System of Records Notice (SORN)
Within what timeframe must DoD organizations report PII breaches to the United States Computer Emergency Readiness Team (US-CERT) once discovered?
A. 1 Hour
B. 24 Hours
C. 48 Hours
D. 12 Hours
A. 1 Hour
Officials or employees who knowingly disclose PII to someone without a need-to-know may be subject to which of the following?
A. Civil penalties
B. Criminal penalties
C. Both civil and criminal penalties
D. Neither civil nor criminal penalties
B. Criminal penalties
Individuals, who maintain a system of records without publishing the required public notice in the federal register may be subject to which of the following?
A. Civil penalties
B. Criminal penalties
C. Both civil and criminal penalties
D. Neither civil nor criminal penalties
C. Both civil and criminal penalties
Your organization has a new requirement for annual security training. To track training completion, they are using employee Social Security Numbers as a record identification. Is this compliant with PII safeguarding procedures?
A. Yes
B. No
B. No
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
Which of the following is responsible for the most recent PII data breaches?
A. Physical breaking and entry
B. Insider threat
C. Phishing
D. Reconstruction of improperly disposed documents | C. Phishing |
Which of the following is not an example of an administrative safeguard that organizations use to protect PII?
A. Conduct risk assessments
B. Reduce the volume and use of Social Security Numbers
C. List all potential future uses of PII in the System of Records Notice (SORN)
D. Ensure employees are trained to properly use and protect electronic records | C. List all potential future uses of PII in the System of Records Notice (SORN) |
Within what timeframe must DoD organizations report PII breaches to the United States Computer Emergency Readiness Team (US-CERT) once discovered?
A. 1 Hour
B. 24 Hours
C. 48 Hours
D. 12 Hours | A. 1 Hour |
Officials or employees who knowingly disclose PII to someone without a need-to-know may be subject to which of the following?
A. Civil penalties
B. Criminal penalties
C. Both civil and criminal penalties
D. Neither civil nor criminal penalties | B. Criminal penalties |
Individuals, who maintain a system of records without publishing the required public notice in the federal register may be subject to which of the following?
A. Civil penalties
B. Criminal penalties
C. Both civil and criminal penalties
D. Neither civil nor criminal penalties | C. Both civil and criminal penalties |
Your organization has a new requirement for annual security training. To track training completion, they are using employee Social Security Numbers as a record identification. Is this compliant with PII safeguarding procedures?
A. Yes
B. No | B. No |
You are tasked with disposing of physical copies of last year's grant application forms. These documents contain PII so you use a cross cut shredder to render them unrecognizable and beyond reconstruction. Is this compliant with PII safeguarding procedures? | Yes |
Identify if a PIA is required:
A. PII records are only in paper form.
B. PII records are being converted from paper to electronic.
C. A National Security System is being used to store records.
D. A new system is being purchased to store PII.
E. All of the above.
F. B and D
G. A, B, and D | F. B and D |
Which of the following is NOT included in a breach notification?
A. Articles and other media reporting the breach.
B. What happened, date of breach, and discovery.
C. Point of contact for affected individuals.
D. Whether the information was encrypted or otherwise protected. | A. Articles and other media reporting the breach. |
You are reviewing personnel records containing PII when you notice a record with missing information. You contact the individual to update the personnel record. Is this compliant with PII safeguarding procedures? | Yes |
T or F? Misuse of PII can result in legal liability of the individual. | True |
Which regulation governs the DoD Privacy Program?
A. DoD 5400.11-R: DoD Privacy Program
B. FOIA
C. OMB-M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information
D. The Privacy Act of 1974 | A. DoD 5400.11-R: DoD Privacy Program |
T or F? Using a social security number to track individuals' training requirements is an acceptable use of PII. | False |
T or F? Misuse of PII can result in legal liability of the organization. | True |
Which type of safeguarding measure involves restricting PII access to people with a need-to-know?
A. Administrative
B. Physical
C. Technical
D. All of the above | A. Administrative |