PII: Protecting the force

  • Published
  • By Senior Airman Sean Husebo
  • 633rd Communications Squadron
Recently, Joint Base Langley-Eustis experienced a marked increase in the number of personally identifiable information breaches. So far, the reported number of breaches for this year is eight violations, with five confirmed. The number is significantly higher than 2012, with four reported.

Primarily, these recent incidents involved personnel sending unencrypted emails containing PII from their government e-mail accounts to their personal e-mail accounts.

When this happens, the first action to take is to determine if the breach would gain media attention, and the impact on the base. The chain of command is then notified, and an investigation is conducted to determine the intent. Finally, the individual involved is notified and training is done.

Any information used to trace a person's identity, such as name, social security number, date and place of birth, home phone numbers, addresses and any other information associated with the individual is considered PII. This information is sensitive in nature and can be used against Service members for identity theft and social engineering.

All e-mail traffic that goes beyond the boundary of the JBLE Air Force network is now scanned and monitored daily in an effort to reduce the amount of PII disclosed, including attachments. Sending home social security numbers or passwords from government accounts, especially in attachments, through unencrypted means, is a poor security practice. It can jeopardize the integrity of the network and ultimately place Service members and their families at risk.

We can protect ourselves and our fellow personnel through easy practices while fulfilling the mission:
· Members should not send PII to distribution lists or organizational accounts.
· Maintain control over who has access to recall rosters by sending them through encrypted means only, and do not post them for the public to see at work or at home.
· Do not maintain any PII (including enlisted/officer performance reports) on home computers.
· Dispose of PII documents properly after use.
· All e-mails sent from government systems containing PII must be encrypted and contain the "For Official Use Only (FOUO)" statement at the beginning of the e-mail, as well as in the subject line.

Members who need to send PII outside the AF network can utilize an authorized site that provides an alternative way to send encrypted files by means other than e-mail. The Safe Access File Exchange (SAFE) is available to both Common Access Card and non-CAC holders. Joint Base Langley-Eustis members can send files up to 2GB in size safely and securely.

When unauthorized disclosures of PII occur, it is the responsibility of members who notice these disclosures to report them. Follow through with immediate supervision and chain of command, and also contact the base privacy act manager, Timothy Lyon. The most effective way to counter PII breaches is to educate current and new members of JBLE. By doing so, we make sure we are doing our part to protect our fellow Service members and the communications structure of our operations.