Think before you hit send

Protecting Personal Identification Information is a key topic in the United States Air Force Reserve every fiscal year. PII can be anything such as social security numbers, passwords, or other personal information, and these items cannot be sent to a distribution, group or non-.mil address. To protect any PII, you must first encrypt your email, type FOUO at the front of the subject line, and include a Privacy Act Statement at the beginning of the email. (U.S. Air Force photo by Senior Airman Justyne Obeldobel)

Photo Details / Download Hi-Res

Safeguarding PII

Published April 16, 2014
By Capt. Jennifer M. Pearson
911th Airlift Wing Public Affairs

Pittsburgh IAP ARS -- The 911th Airlift Wing is cracking down on Personal Identification Information (PII) violations as a part of an overall Air Force Reserve Command initiative to protect Airmen.

"Protecting privacy information is the responsibility of every federal employee, military member and contractor who handles SOR or PII contained in any AF records," states The Air Force Privacy and Civil Liberties Program, AFI 33-332, para. 9.1.

Safeguarding PII is to protect Airmen because if the information is compromised it can have serious impacts. Violations can occur by transmitting one or a combination of PII elements.

Transmitting information via e-mail is the most common form of PII violations. When e-mailing information that can include PII, ensure it is from a .mil to a .mil and the e-mail is encrypted. E-mails to or from a civilian e-mail account should not include PII.

When transmitting personal information over e-mail, encrypt and add "For Official Use Only" ("FOUO") to the beginning of the subject line and apply the following statement at the beginning of the e-mail:
"This e-mail contains For Official Use Only (FOUO) information which must be protected under the Freedom of Information Act (5 U.S.C 552) and/or the Privacy Act of 1974 (5 U.S.C. 552a). Unauthorized disclosure or misuse of this PERSONAL INFORMATION may result in disciplinary action, criminal and/or civil penalties. Further distribution is prohibited without the approval of the author of this message unless the recipient has a need to know in the performance of official duties. If you have received this message in error, please notify the sender and delete all copies of this message."

If you have to transmit PII here are some tips:
DO: ensure the e-mail is encrypted and digitally signed
DO: ensure the person at the other end has a need to know
DO: add "For Official Use Only" in the subject line and Privacy Act disclaimer at beginning of e-mail
DO: send only .mil to .mil
DO NOT: send information from your .mil to a civilian account or civilian account to a .mil
DO NOT: send information in an e-mail, attachment or any other format unencrypted
DO NOT: Do not indiscriminately apply Privacy Act statement to e-mails. If you're not transmitting PII, there's no need to use FOUO/PA statements.

PII is unique information about an individual that identifies, links, relates, is unique to, or describes him or her.

Non-releasable Personal Information includes the following: Social Security Number;
Home Address/Phone Number/e-mail address; Age/Date of Birth/Place of birth; Marital Status (single, divorced, widowed, separated) ; Number/Sex of Dependents; Race/ethnic origin; Home of Record; Education Level; Military Gross Salary including BAQ and VHA; School/Year of Graduation; Civilian Educational Degrees and Major Area of Study; Present and Future Overseas Assignments; Mother's maiden name; Biometric records like digitized fingerprints, palm prints, retina scans, voice patterns, face scans, voice patterns, handwriting, digitized signatures.

When e-mail encryption is not available there are currently two methods approved by Air Force to transmit PII safely. Visit https://safe.amrdec.army.mil/SAFE2/ for more information.

This system allows you to send PII to an off base email address through secure means. (.com, aol, yahoo, G-mail, etc.) http://www.spi.dod.nil/ewizard.htm

Encryption Wizard protects data on your network, while stored on media and during transmission across the Internet. It is available for use on DoD and Commercial systems. E-mails are monitored by the 68th Network Warfare Squadron at Lackland Air Force Base, Texas. When PII is intercepted, it is reported to AFRC/OPSEC, and AFRC FOIA/PA Office for Breach processing.

DO NOT risk sending PII to your home email address unsecure. Violators beware of the penalties.

Unfortunately Breaches happen, and when they do, act quickly!

Breaches must be reported to the servicing Privacy Manager by anyone discovering it!
Within one hour of the discovery of the PII breach, the servicing Privacy Manager will ensure the United States Computer Emergency Readiness Team (US-CERT) has been notified in accordance with the requirements and guidance at: www.us-cert.gov .

Within 24 hours of the PII breach the Privacy Manager will notify the senior-level individual in the chain of command of the unit where the incident occurred and simultaneously notify the MAJCOM Privacy Manager by official unencrypted e-mail attaching the completed Defense Privacy and Civil Liberties Office Breach Preliminary Report.

PII Incident Reports must be completed on DPCLO Breach Report Template provided by the Defense Privacy Civil Liberties Office. Privacy Act managers will continue to follow instructions until closed.

For any questions concerning PII and Privacy Act information refer to Air Force Instruction 33-332, or contact your unit PA monitor, or base PA manager, Christopher White at 412-474-8547 or e-mail christopher.white.24@us.af.mil .

Think before you hit send