PCI-DSS is a set of security standards created to protect cardholder data. Federal Information Security Modernization Act; OMB Circular A-130, Want updates about CSRC and our publications? Access Control; Audit and Accountability; Identification and Authentication; Media Protection; Planning; Risk Assessment; System and Communications Protection, Publication: The course reviews the responsibilities of the Department of Defense (DoD) to safeguard PII, and explains individual responsibilities. Captain Padlock: Personally Identifiable Information (PII) isinformation used to distinguish or trace an individual's identity, such as name, social security number, mother's maiden name, and biometric records. PII stands for personally identifiable information. Keep personal information timely, accurate, and relevant to the purpose for which it was collected. Safeguard DOL information to which their employees have access at all times. Controlled Unclassified Information (CUI) Program Frequently Asked The act requires that covered entities take reasonable steps to safeguard the confidentiality of protected health information and limits the disclosure of protected health information without consent. Product Functionality Requirements: To meet technical functionality requirements, this product was developed to function with Windows operating systems (Windows 7 and 10, when configured correctly) using either Internet Explorer . xref PII, or personally identifiable information, is any piece of data that someone could use to figure out who you are. This information can be maintained in either paper, electronic or other media. This is a potential security issue, you are being redirected to https://csrc.nist.gov. ol{list-style-type: decimal;} Guidance on the Protection of Personal Identifiable Information This interactive presentation reviews the definition of personally identifiable information (PII), why it is important to protect PII, the policies and procedures related to the use and disclosure of PII, and both the organization's and individual's responsibilities for safeguarding PII. Washington, DC 202101-866-4-USA-DOL1-866-487-2365www.dol.gov, Industry-Recognized Apprenticeship Programs (IRAP), Bureau of International Labor Affairs (ILAB), Employee Benefits Security Administration (EBSA), Employees' Compensation Appeals Board (ECAB), Employment and Training Administration (ETA), Mine Safety and Health Administration (MSHA), Occupational Safety and Health Administration (OSHA), Office of Administrative Law Judges (OALJ), Office of Congressional and Intergovernmental Affairs (OCIA), Office of Disability Employment Policy (ODEP), Office of Federal Contract Compliance Programs (OFCCP), Office of Labor-Management Standards (OLMS), Office of the Assistant Secretary for Administration and Management (OASAM), Office of the Assistant Secretary for Policy (OASP), Office of the Chief Financial Officer (OCFO), Office of Workers' Compensation Programs (OWCP), Ombudsman for the Energy Employees Occupational Illness Compensation Program (EEOMBD), Pension Benefit Guaranty Corporation (PBGC), Veterans' Employment and Training Service (VETS), Economic Data from the Department of Labor, Guidance on the Protection of Personal Identifiable Information. COLLECTING PII. The GDPR imposes significant fines for companies that violate its provisions, including up to 4% of a companys global annual revenue or 20 million (whichever is greater), whichever is greater. PII ultimately impacts all organizations, of all sizes and types. Sensitive PII is information that can be utilized to identify an individual and that could potentially be used to harm them if it fell into the wrong hands. , b@ZU"\:h`a`w@nWl Properly Safeguarding PII - Social Security Administration PII is any personal information which is linked or linkable to a specified individual. This includes information like names and addresses. /*-->*/. Biology Mary Ann Clark, Jung Choi, Matthew Douglas. Everything's an Argument with 2016 MLA Update University Andrea A Lunsford, University John J Ruszkiewicz. Center for Development of Security Excellence, Defense Counterintelligence and Security Agency, Identifying and Safeguarding Personally Identifiable Information (PII) DS-IF101.06, My Certificates/Digital Badges/Transcripts, My Certificates of Completion for Courses, Controlled Unclassified Information (CUI) Training, Personally Identifiable Information (PII) Training, Hosted by Defense Media Activity - WEB.mil, Define PII and Protected Health Information, or PHI, a significant subset of PII, and the significance of each, as well as the laws and policy that govern the maintenance and protection of PII and PHI, Identify the responsibilities for safeguarding PII and PHI on both the organizational and individual levels, Identify use and disclosure of PII and PHI, State the organizational and individual penalties for not complying with the policies governing PII and PHI maintenance and protection. You have JavaScript disabled. PPTX Safeguarding PIITraining Course - United States Army Department of Labor (DOL) contractors are reminded that safeguarding sensitive information is a critical responsibility that must be taken seriously at all times. Handbook for Safeguarding Sensitive Personally Identifiable Information .paragraph--type--html-table .ts-cell-content {max-width: 100%;} PHI is one of the most sought-after pieces of data that a cybercriminal has in their sights. Course Launch Page - Cyber The definition of PII may vary from jurisdiction to jurisdiction but typically includes any information that can be used to identify an individual. The Department of Energy defines PII as any information collected or maintained by the department about an individual that could be used to distinguish or trace their identity. PDF Personally Identifiable Information and Privacy Act Responsibilities Thieves may use it to open new accounts, apply for loans, or make purchases in your name. The Freedom of Information Act (FOIA) is a federal law that gives individuals the right to access certain government records. The Privacy Act of 1974 is a federal law that establishes rules for the collection, use, and disclosure of PII by federal agencies. This course was created by DISA and is hosted on CDSE's learning management system STEPP. %PDF-1.5 % This information can include a persons name, Social Security number, date and place of birth, biometric data, and other personal information that is linked or linkable to a specific individual. Companies are required to provide individuals with information about their rights under the GDPR and ensure that individuals can easily exercise those rights. PII must only be accessible to those with an "official need to know.". PII can be collected in a combination of methods, including through online forms, surveys, and social media. 0000002651 00000 n Only individuals who have a "need to know" in their official capacity shall have access to such systems of records. The act requires that federal agencies make their records available to the public unless the records are protected from disclosure by one of the acts exemptions. The Cyber Excepted Service (CES) Orientation is an eLearning course designed to familiarize learners with the core tenets of the DoD CES personnel system. SP 800-122, Guide to Protecting the Confidentiality of PII | CSRC - NIST %%EOF The document also suggests safeguards that may offer appropriate levels of protection for PII and provides recommendations for developing response plans for incidents involving PII. This lesson is to prepare HR Professionals to guide supervisors and employees covered under CES for transition to the new personnel system with an overview of the background and history of the Cyber Excepted Service. Topics, Erika McCallister (NIST), Tim Grance (NIST), Karen Scarfone (NIST). DOL contractors having access to personal information shall respect the confidentiality of such information, and refrain from any conduct that would indicate a careless or negligent attitude toward such information. Erode confidence in the governments ability to protect information. Secure .gov websites use HTTPS Training Catalog - DoD Cyber Exchange Industry tailored BEC Protection, Email authentication and DMARC enforcement. 0000001903 00000 n Identifying and Safeguarding PII V4.0 (2022);TEST OUT Qs & Final Test Damage to victims can affect their good name, credit, job opportunities, possibly result in criminal charges and arrest, as well as cause embarrassment and emotional stress. 0 Identifying and safeguarding personally identifiable information #views-exposed-form-manual-cloud-search-manual-cloud-search-results .form-actions{display:block;flex:1;} #tfa-entry-form .form-actions {justify-content:flex-start;} #node-agency-pages-layout-builder-form .form-actions {display:block;} #tfa-entry-form input {height:55px;} PII is any information which can be used to distinguish or trace an individuals identity. For example, they may not use the victims credit card, but they may open new, separate accounts using the victims information. Lead to identity theft which can be costly to both the individual and the government. A full list of the 18 identifiers that make up PHI can be seen here. A lock () or https:// means you've safely connected to the .gov website. In the event their DOL contract manager is not available, they are to immediately report the theft or loss to the DOL Computer Security Incident Response Capability (CSIRC) team at dolcsirc@dol.gov. This is information that can be used to identify an individual, such as their name, address, or Social Security number. Documentation View more DoD Cyber Workforce Framework (DCWF) Orientation is an eLearning course designed to familiarize learners with the fundamental principles of the DCWF. How to Identify PII Loss, 1 of 2 How to Identify PII . In terms of the protection of PHI, HIPAA and the related Health Information Technology for Economic and Clinical Health Act (HITECH) offer guidelines for the protection of PHI. When approval is granted to take sensitive information away from the office, the employee must adhere to the security policies described above. This course may also be used by other Federal Agencies. Safeguarding Personally Identifiable Information (PII) - United States Army The purpose of this course is to identify what Personally Identifiable Information (PII) is and why it is important to protect it. Privacy Statement, Stuvia is not sponsored or endorsed by any college or university, Pennsylvania State University - All Campuses, Rutgers University - New Brunswick/Piscataway, University Of Illinois - Urbana-Champaign, Essential Environment: The Science Behind the Stories, Everything's an Argument with 2016 MLA Update, Managerial Economics and Business Strategy, Primates of the World: An Illustrated Guide, The State of Texas: Government, Politics, and Policy, IELTS - International English Language Testing System, TOEFL - Test of English as a Foreign Language, USMLE - United States Medical Licensing Examination. CDSE courses are intended for use by Department of Defense and other U.S. Government personnel and contractors within the National Industrial Security Program. .manual-search ul.usa-list li {max-width:100%;} DOD Mandatory Controlled Unclassified Information (CUI) Training Identifying and Safeguarding Personally Identifiable Information (PII) (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). To be considered PII, the data must be able to be used to distinguish or trace an individuals identity. Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA), 1995 Data Protection Directive (95/46/E.C. PHI is defined by the Health Insurance Portability and Accountability Act (HIPAA) and is made up of any data that can be used to associate a persons identity with their health care. PII is any information that can be used to identify a person, such as your name, address, date of birth, social security number, and so on. Safeguards are used to protect agencies from reasonably anticipated. The purpose of this document is to assist Federal agencies in protecting the confidentiality of personally identifiable information (PII) in information systems. PII is regulated by a number of laws and regulations, including the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, and the Health Insurance Portability and Accountability Act. The following are some examples of information that can be considered PII: Several merchants, financial institutions, health organizations, and federal agencies, such as the Department of Homeland Security (DHS), have undergone data breaches that put individuals PII at risk, leaving them potentially vulnerable to identity theft. Because DOL employees and contractors may have access to personal identifiable information concerning individuals and other sensitive data, we have a special responsibility to protect that information from loss and misuse. This interactive training explains various types of social engineering, including phishing, spear phishing, whaling, smishing, and vishing. In addition to the forgoing, if contract employees become aware of a theft or loss of PII, they are required to immediately inform their DOL contract manager. The document explains the importance of protecting the confidentiality of PII in the context of information security and explains its relationship to privacy using the the Fair Information Practices, which are the principles underlying most privacy laws and privacy best practices. When collecting PII, organizations should have a plan in place for how the information will be used, stored, and protected. Terms of Use Avoid compromise and tracking of sensitive locations. PII is information that can be used to identify or contact a person uniquely and reliably or can be traced back to a specific individual. Major legal, federal, and DoD requirements for protecting PII are presented. Identifying and Safeguarding Personally Identifiable Information (PII Identifying and Safeguarding PII V4.0 (2022) 4.5 (2 reviews) Which of the following must Privacy Impact Assessments (PIAs) do? Retake Identifying and Safeguarding Personally Identifiable Information (PII). Local Download, Supplemental Material: PII is a person's name, in combination with any of the following information: Mother's maiden name Driver's license number Bank account information Credit card information Relatives' names Postal address IDENTIFYING & SAFEGUARDING PII Which of the following are risk associated with the misuse or improper disclosure of PII? With these responsibilities contractors should ensure that their employees: Contractors should ensure their contract employees are aware of their responsibilities regarding the protection of PII at the Department of Labor. (Answered) IDENTIFYING & SAFEGUARDING PII Test 2022|2023. The launch training button will redirect you to JKO to take the course. The purpose of this document is to assist Federal agencies in protecting the confidentiality of personally identifiable information (PII) in information systems. PDF How to Safeguard Personally Identifiable Information - DHS Safeguarding refers to protecting PII from loss, theft, or misuse while simultaneously supporting the agency mission. The information they are after will change depending on what they are trying to do with it. The purpose of Lesson 1 is to provide an overview of Cyber Excepted Service (CES) HR Elements Course in general. div#block-eoguidanceviewheader .dol-alerts p {padding: 0;margin: 0;} Identifying and Safeguarding Personally Identifiable Information (PII) This training starts with an overview of Personally Identifiable Information (PII), and protected health information (PHI), a significant subset of PII, and the significance of each, as well as the laws and policy that govern the maintenance and protection of PII and PHI. FM0T3mRIr^wB`6cO}&HN 4$>`X4P\tF2HM|eL^C\RAl0) . The Information Security (INFOSEC) Program establishes policies, procedures, and requirements to protect classified and Controlled Unclassified Information (CUI) that, if disclosed, could cause damage to national security. 0000001199 00000 n PII includes, but is not limited to: Social Security Number Date and place of birth endstream endobj startxref PII should be protected from inappropriate access, use, and disclosure. Ensure that the information entrusted to you in the course of your work is secure and protected. A .gov website belongs to an official government organization in the United States. Any organization that processes, stores, or transmits cardholder data must comply with these standards. Some examples you may be familiar with: Personally Identifiable Information (PII) Sensitive Personally Identifiable Information (SPII) [CDATA[/* >