by Lt. Col. Corey Ramsby
375th Communications Squadron commander
What is Personally Identifiable Information, or PII? It is information about an individual that identifies or describes them their social security number, age, rank, marital status, race, office and personal phone numbers and other demographic, biometric, personnel, medical and financial information.
The release of PII to unauthorized individuals places total force Airmen at risk for identity theft and potential cyber crimes. This can also threaten the operational integrity of our government networks through phishing schemes and other malicious activity. The SSN is the one of the most misused pieces of personal information, and as with all PII, it should be properly protected and shared when necessary.
As a result of the increasing personal and government risks, senior leaders in the Air Force are engaging on the issue. Undersecretary of the Air Force John Fanning said in a recent memo that “Safeguarding PII is everyone’s responsibility. We must have zero tolerance for failing to adhere to Air Force policies and guidance.” I echo the undersecretary’s call for greater diligence in managing PII, and expect all Airmen to understand PII requirements and comply with standards for protecting PII across the service.
One of the most prevalent ways a PII breach occurs is through the use of email. Sending PII to a personal e-mail account is strictly prohibited. All emails containing PII or other sensitive information must be encrypted. When encryption is not used, there’s always the potential for compromise and possible targeting by hackers and identity thieves. The unnecessary compromise of PII exposes risk to individuals and the Air Force.
To help enforce PII rules, 24th Air Force communications specialists monitor e-mail being sent from .mil to .com accounts. When violations are discovered, government accounts are locked until members are retrained and have a reactivation request signed by the first O-6 in their chain of command.
Unfortunately, individual monitoring and other automated tools alone can’t prevent PII breaches. It is our shared responsibility to protect each other’s information. If you have any questions or need to report suspected loss, theft or compromise of PII, immediately contact your unit privacy act monitor and wing privacy act manager.