Back to AI Flashcard MakerInformation Technology /Understanding Personally Identifiable Information (PII)
Understanding Personally Identifiable Information (PII)
This deck covers key concepts related to Personally Identifiable Information (PII), including privacy impact assessments, legal responsibilities, and safeguarding measures.
Which action requires an organization to carry out a Privacy Impact Assessment?
Collecting PII to store in a new information system
Tap or swipe ↕ to flip
Swipe ←→Navigate
1/21
Key Terms
Term
Definition
Which action requires an organization to carry out a Privacy Impact Assessment?
Collecting PII to store in a new information system
What is the purpose of a Privacy Impact Assessment (PIA)?
Determine whether the collection and maintenance of PII is worth the risk to individuals
T or F? Information that can be combined with other information to link solely to an individual is considered PII.
T or F? Information that can be combined with other information to link solely to an individual is considered PII.
What guidance identifies federal information security controls?
OMB Memorandum M-17-12: Preparing for and Responding to a Breach of Personally Identifiable Information
An organization that fails to protect PII can face consequences including:
All of the above
If someone tampers with or steals and individual's PII, they could be exposed to which of the following?
All of the above
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
Which action requires an organization to carry out a Privacy Impact Assessment? | Collecting PII to store in a new information system |
What is the purpose of a Privacy Impact Assessment (PIA)? | Determine whether the collection and maintenance of PII is worth the risk to individuals |
T or F? Information that can be combined with other information to link solely to an individual is considered PII. | T or F? Information that can be combined with other information to link solely to an individual is considered PII. |
What guidance identifies federal information security controls? | OMB Memorandum M-17-12: Preparing for and Responding to a Breach of Personally Identifiable Information |
An organization that fails to protect PII can face consequences including: | All of the above |
If someone tampers with or steals and individual's PII, they could be exposed to which of the following? | All of the above |
Which of the following is not an example of PII? | Pet's nickname |
What law establishes the federal government's legal responsibility for safeguarding PII? | The Privacy Act of 1974 |
An organization with existing system of records decides to start using PII for a new purpose outside the 'routine use' defined in the System of Records Notice (SORN). Is this a permitted use? | No |
Which of the following is responsible for the most recent PII data breaches? | Phishing |
Which of the following is not an example of an administrative safeguard that organizations use to protect PII? | List all potential future uses of PII in the System of Records Notice (SORN) |
Within what timeframe must DoD organizations report PII breaches to the United States Computer Emergency Readiness Team (US-CERT) once discovered? | 1 hour |
Officials or employees who knowingly disclose PII to someone without a need-to-know may be subject to which of the following? | Criminal penalties |
Your organization has a new requirement for annual security training. To track training completion, they are using employee Social Security Numbers as a record identification. Is this compliant with PII safeguarding procedures? | No |
Identify if a PIA is required: | PII records are being converted from paper to electronic. & A new system is being purchased to store PII. |
Which of the following is NOT included in a breach notification? | Articles and other media reporting the breach. |
T or F? Misuse of PII can result in legal liability of the individual. | True |
Which regulation governs the DoD Privacy Program? | DoD 5400.11-R: DoD Privacy Program |
T or F? Using a social security number to track individuals' training requirements is an acceptable use of PII. | False |
T or F? Misuse of PII can result in legal liability of the organization. | True |
Which type of safeguarding measure involves restricting PII access to people with a need-to-know? | Administrative |