Show:
Handling PII
PII responsibilities
What’s going on in the DON?
PIAs and SORNs
Use of the DoD ID Number
100
What are three alternatives to transmitting data by fax: A. Send encrypted/digitally signed email Use Safe Access File Extension (SAFE) Use United States Postal Service B. Send unencrypted/digitally signed email Use Safe Access File Exchange (SAFE) Use United States Postal Service C. Send encrypted/digitally signed email Use Safe Access File Exchange (SAFE) Use United States Postal Service D. Send encrypted/digitally signed email Use Safe File Exchange (SFE) Use United States Postal Service
C. Send encrypted/digitally signed email Use Safe Access File Exchange (SAFE) Use United States Postal Service
100
What is the definition of PII? A. information about an individual that may or may not identify, link, relate, or describes him, never her, such as his SSN; age; rank; grade; marital status; race; salary; home/office phone numbers; other demographic, biometric, personnel, medical and financial information. B. information about an individual that identifies, links, relates, or is unique to, or describes him or her, e.g., a SSN; age; rank; grade; facebook status; race; salary; home/office phone numbers; other business, biography, personnel, medical and financial information. C. information about an individual that identifies, links, relates, or is unique to, or describes him or her, e.g., everything about them! We are not friends, we are coworkers and we do not need to know about each other! D. information about an individual that identifies, links, relates, or is unique to, or describes him or her, e.g., a SSN; age; rank; grade; marital status; race; salary; home/office phone numbers; other demographic, biometric, personnel, medical and financial information.
D. information about an individual that identifies, links, relates, or is unique to, or describes him or her, e.g., a SSN; age; rank; grade; marital status; race; salary; home/office phone numbers; other demographic, biometric, personnel, medical and financial information.
100
What does the new FAX guidance state: A. Do not fax anything ever! B. Do not FAX PII if there is a better alternative C. Who cares, no one uses fax machines anymore D. It's ok to use fax as long as your command approves it
B. Do not FAX PII if there is a better alternative
100
What is a SORN? A. A public notice of an agency’s intent to collect and retrieve PII in a SOR B. A Commanding Officers notice of an agency’s intent to collect and retrieve PII in a SOR C. A private notice of an agency’s intent to collect and retrieve PII in a SOR D. Another thing the Navy created to tell us what to do. I'm pretty sure this sums up the answer
A. A public notice of an agency’s intent to collect and retrieve PII in a SOR
100
What is phase 1 of the DON SSN Reduction Plan: A. Review continued use/collection of SSNs in official Navy/Marine Corps forms B. Continue use/collection of SSNs in official Navy/Marine Corps forms C. Review and justify continued use/collection of SSNs in official Navy/Army forms D. Review and justify continued use/collection of SSNs in official Navy/Marine Corps forms
D. Review and justify continued use/collection of SSNs in official Navy/Marine Corps forms
200
A Privacy Act Statement (PAS) is required if: A. A form collects PII directly from individual B. A form does not collect PII directly from individual C. Both A and B D. How should I know. The Navy is suppose to provide forms already good to go
A. A form collects PII directly from individual
200
Name three of your privacy responsibilities: A. Safeguard PII to prevent authorized disclosure Report a breach/suspected breach to your supervisor Take annual PII awareness training B. Encrypt and digitally sign all email w/ PII Never store PII Collect only the maximum amount of PII to do your job C. Encrypt and digitally sign all email w/ PII Wherever possible, eliminate the use of SSNs Dispose of PII so that it is unrecognizable D. All of the above
C. Encrypt and digitally sign all email w/ PII Wherever possible, eliminate the use of SSNs Dispose of PII so that it is unrecognizable
200
Name three PII Breaches with the Greatest Impact: A. Hackers attacking public facing web sites Access controls to shared drive files Sending unencrypted email with attachments B. Mishandling Combined Federal Campaign forms Mishandling rosters containing Social Security Numbers Access controls to shared drive files C. No file access controls to shared drive files Sending unencrypted email with attachments Mishandling rosters containing Social Security Number D. None of the above
C. No file access controls to shared drive files Sending unencrypted email with attachments Mishandling rosters containing Social Security Number
200
A PIA is required when PII is collected from: A. Existing information systems and electronic collections where a MIA has not previously been completed and that collects PII about civilian personnel and contractors B. Existing information systems and electronic collections where a PIA has not previously been completed and that collects PII about Federal personnel and contractors C. New information systems or electronic collections D. Both B and C
D. Both B and C
200
What are some acceptable uses of the SSN: A. Geneva Conventions Serial Number Confirmation of Employment Eligibility Administration of Federal Worker’s Compensation B. Computer Matching Foreign Travel Legacy System Interface D. Other Cases (with specified documentation) E. All of the above F. A and D
E. All of the above
300
What are some items an official form has on it: A. Authority, purpose, routine use(s), disclosure If form collects PII directly from individual, a Privacy Act Statement (PAS) is required B. Form title (e.g., “PII Breach Report”) Date form created or last updated C. Form number (e.g., OPNAV 5211/13) If form does not collect PII directly from individual, a Privacy Act Statement (PAS) is required D. All of the above E. Both A and B
E. Both A and B
300
What instruction governs PII? A. SECNAV 5211.5D DON Privacy Program B. I don't know but when in doubt I'd choose any answer with OPNAV in it C. BUPERINST 5655.2E DON Privacy Program D. SECNAV 5211.5E DON Privacy Program
D. SECNAV 5211.5E DON Privacy Program
300
SORNs include: A. The safeguards that will be applied to the system The who, what, why, and where of the Sailor Processes for access to office spaces B. The safeguards that will be applied to the system The who, what, why, and where of the system Processes for access and correction of records C. The safeguards that will be applied to the spaces The who, what, why, and where of the system Processes for access and recognition of records D. None of the above D.
B. The safeguards that will be applied to the system The who, what, why, and where of the system Processes for access and correction of records
300
True or False The EDIPI/DoD ID is considered PII only when present with a name. However, it is considered internal government ops related PII (like work phone #, job title) and low risk. No breach if lost, stolen or compromised.
False The EDIPI/DoD ID by itself or with name is considered PII. However, it is considered internal government ops related PII (like work phone #, job title) and low risk. No breach if lost, stolen or compromised.
400
A Privacy Impact Assessment (PIA) is an analysis of how information is handled to: A. Ensure handling conforms to the Commanding Officer's standards B. Determine the risks and effects of collecting, using, maintaining, and disseminating PII in an electronic information system C. Completely eliminate potential privacy risks
B. Determine the risks and effects of collecting, using, maintaining, and disseminating PII in an electronic information system
400
What is phase 3 of the DON SSN Reduction Plan: A. Where possible, substitute the Electron Data Interchange Personal Identifier (EDIPI)/DoD ID number for the SSN in forms and IT systems B. DON can still collect SSNs in rosters C. All letters, memoranda, spreadsheets, electronic and hard copy lists and surveys must meet the acceptable use criteria (1 Oct ‘15) D. Both A and C E. All of the above
D. Both A and C