DON CIO Tag Results for Privacy by jtl17221


									                     Home | Policy and Guidance | Products | Ask an Expert | Events | Other Govt Sites | Contact Us


                                                                                                              212 Results
CIO is the Department's Senior Military Component Official for Privacy.
                                                                                         All              212
 vacy laws require agencies to "establish appropriate administrative, technical
 al safeguards to ensure the security and confidentiality of records to protect          Blog             2
y anticipated threats or hazards to their security or integrity." The loss or
se of personally identifiable information can lead to identity theft, which              Events           2
 pacts Department personnel, contractors, retirees and their dependents.                 News             43
  must be applied to IT systems, shared drives, computer networks, email,
rds and web sites to ensure privacy of personal information.                             Policy           36
                                                                                         Products         5
vacy Frequently Asked Questions
vacy Act Resources                                                                       Reference        48
vacy Act System of Records Notices                                                       3rd Party
 Breach-Reporting Resources                                                                               76
A Resources
N Reduction Plan Resources
rd Drive Disposal Resources                                                                                     Sort By
vacy Training Resources
vacy Tips of the Month
 Breach Articles                                                                         Title
vacy Briefs
vacy Recommended Reading
her Privacy Links                                                                                      Ask a Privacy Expert

                                                                                         Your Name:

                                                                                         Your Email:
                                                                                         Your Question:
nformation Must be Handled with Extreme Care
December 28, 2009
ber 2008, I wrote a blog about privacy and the DON CIO's role in developing
wareness of what personally identifiable information (PII) is and why it is
 o properly handle this precious information. While we have accomplished
e then, there is more that we can ...
 with: Blog, Cybersecurity, DONCIO, Privacy
y Dilemma
y, September 24, 2008                                                            Select One:         DON civilian
                                                                                     USN/USMC Active Duty
of the Navy Winter requested that during my tenure as the DON CIO I focus
n both the policy and strategic aspects of privacy to modify the behavior of         Contractor
 ment. As a result, my team has developed strategic actions that provide a set       Other
ons for DON personnel’s ...
                                                                                  Submit Question
 with: Blog, DONCIO, Privacy
                                                                                                 Sign Up for Info Alerts
011 West Coast Conference
11 - Jan 27, 2011                                                                 Enter email
une 21, 2010
                                                                                  Submit Email
tment of the Navy Information Technology Conference will run from Jan. 24
2011, at the San Diego Convention Center in San Diego, Ca.
with: CIP, Cybersecurity, DADMS/DITPR-DON, EA, Emerging Tech, ESI,                  Subscribe to Privacy RSS Feed
 GEN, Privacy, RM, Spectrum, Telecommunications, Web20, Wireless,

  DON IT Conference
010 - May 13, 2010
 ril 30, 2010

 oast Department of the Navy Information Technology Conference will be
 ay, May 10, to Thursday, May 13, 2010, at the Virginia Beach Convention
  conference fee will be assessed, but registration is required. Online
n for this conference is now closed, but attendees may register in person at
 tion center. DON IT Conference registration includes entry to Joint
 g Conference sessions.
 with: CIP, Cybersecurity, DADMS/DITPR-DON, Data Strategy, EA, ESI,
g, KM, NGEN, NNE, Privacy, RM, Services, Spectrum,
unications, Web20, Wireless, Workforce
d Rethink the Use of Recall Rosters
ugust 1, 2010

ll rosters serve a useful and valid purpose, safeguards must be in place to
  the personally identifiable information they contain is properly maintained
ted to prevent inadvertent disclosure. This privacy tip provides specific
 all Department of the Navy personnel should use when creating and sharing
 with: IDManagement, InfoSharing, KM, Privacy
ps of the Month
July 15, 2010

 y Tips of the Month are meant to increase awareness about the privacy issues
t the Department of the Navy by highlighting a specific topic each month.
or suggestions for future topics are welcomed.
 with: Cybersecurity, IDManagement, InfoSharing, Privacy
  Lessons Learned
 July 15, 2010

epartment of the Navy activity reports a personally identifiable information
must include lessons learned in an after-action report. Lessons learned are an
feedback mechanism and are used to shape future DON privacy policy. The
 nformation is a compilation of the most frequently reported lessons learned.
 with: DAR, IA, IDManagement, InfoSharing, PED, Privacy
 Articles from CHIPS Magazine
y, June 9, 2010

ing is a list of CHIPS Magazine articles about personally identifiable
n (PII) breaches based on factual reports sent to the DON CIO Privacy
idents such as these will be reported in each subsequent issue of CHIPS

 with: Cybersecurity, IDManagement, InfoSharing, Privacy
ls and Shared Drives Must Be Continually Monitored
y, June 9, 2010

 ing is a recently reported data breach involving the disclosure of personally
e information (PII) on the Navy Knowledge Online (NKO) website. Names
changed or omitted but details are factual and based on reports sent to the
 Privacy Office.
 with: Privacy
onference Presentations Available
May 24, 2010

 e presentations given during the DON IT Conference in Virginia Beach May
now available by request. Please email Jessica Smith with your request: Also, be sure to mark your calendars for the DON IT
 Coast Conference scheduled for: Jan. 24-27 at the San Diego Convention

 with: CIP, Cybersecurity, EA, ESI, KM, Privacy, RM, Spectrum, Wireless,

 e Copier/Printer May Present Information Security Risks
March 8, 2010

 ing is a recently reported compromise of personally identifiable information
ving the disposal of copiers containing personal information stored on their
s. Incidents such as this will be reported to increase PII awareness. Names
 changed or removed, but details are factual and based on reports sent to the
 Privacy Office.
 with: Cybersecurity, Privacy
 PII on Removable Storage Devices
 February 25, 2010

tment of the Navy, Department of Defense and Office of Management and
MB) have mandated the protection of data at rest (DAR) on all unclassified
 ats/devices. NMCI is implementing a solution using GuardianEdge
  Anywhere and Removable Storage software to meet these requirements. All
mputer storage as well as data written to a removable storage device will be
 This Privacy Tip highlights the need for NMCI users to fully protect privacy
ata on removable storage devices.
 with: Cybersecurity, DAR, KM, Privacy
 e Spot Checks Key to Successful Privacy Program
 uary 1, 2010

70/07 Department of the Navy Personally Identifiable Information (PII)
olicy states that, "Commanders/Commanding Officers/Officers in Charge
  that supervisors conduct a spot check of their assigned area of
 ity, focusing on those areas that deal with PII on a regular basis (e.g., human
personnel support, medical, etc.)." The ALNAV also states that the
e spot check is a semi-annual requirement and should be considered an
ecord maintained by the command Privacy Act Coordinator or other
with: Cybersecurity, IDManagement, Privacy
orage Media Containing PII
ovember 29, 2009

 ing is a recently reported compromise of personally identifiable information
ving the theft of storage media containing personal information. Names have
ged or removed, but details are factual and based on reports sent to the
 t of the Navy Chief Information Officer Privacy Office.
 with: Cybersecurity, IDManagement, Privacy
Federal CIO Council Releases Guidelines for Secure Use of Social Media
November 17, 2009

 social media has become a popular topic within the Department of the Navy,
epartment and across the federal government. As agencies begin to venture
edia, whether it is creating an agency Facebook page or updating constituents
, precautions must be taken and risks should be assessed. While these tools
any avenues for broader communication and collaboration, they also come
s to network security.
with: Cybersecurity, Emerging Tech, Privacy, Web20
cords Management
y, November 4, 2009

 ul command privacy program must include an aggressive records review and
omponent. While hard copy files cannot be ignored, the volume of electronic
s a much larger issue and must be aggressively addressed by local
 with: Cybersecurity, KM, Privacy, RM
nter May Present Information Security Risks
October 6, 2009

t personally identifiable information (PII) breach incidents involving the turn
ductive office equipment highlight the fact that many people do not know
s and printers present information security challenges.
with: Cybersecurity, IDManagement, InfoSharing, Privacy
edders Versus Shredded Services
 eptember 1, 2009

h's Privacy Tip is a summary of input received from information assurance
 security personnel and privacy officials from a variety of commands across
ment of the Navy and Joint Forces Command. The information is intended to
 est business practices and should not be considered DON policy, unless
 with: Privacy, Strategy
Disposal of HR Documents
y, August 19, 2009

ing is a recently reported compromise of personally identifiable information
ving the improper disposal of human resources documents. Names have been
 removed, but details are factual and based on reports sent to the DON CIO
 with: IDManagement, Privacy
ur Personal Information: It's Valuable
une 1, 2009

d you protect your personal information? To an identity thief, it can provide
ess to your financial accounts, your credit record and your other personal
ou think that no one would be interested in your personal information, think

 with: Cybersecurity, IDManagement, Privacy
 Cell Phones and PDAs Against Attack
 y 1, 2009

ones and personal digital assistants (PDAs) become more technologically
attackers are finding new ways to target victims. By using text messaging or
 ttacker could lure you to a malicious site or convince you to install malicious
 ur portable device.
 with: Cybersecurity, IDManagement, PED, Privacy
 ted Email With NSPS Information
y, April 22, 2009

 ing is a recently reported compromise of personally identifiable information
ving the transmission of an un-encrypted e-mail which contained National
ersonnel System (NSPS) performance ratings of employees within a Navy
mes have been changed or removed, but details are factual and based on
t to the DON CIO Privacy Office.
 with: Cybersecurity, Privacy
Privacy Tips
April 7, 2009

h's Privacy Tip provides a list of things you should know about the Interal
ervice (IRS) and identity theft.
 with: Cybersecurity, InfoSharing, KM, Privacy
ncers: Robert Carey
 rch 13, 2009

ncers is a continuing series of profiles of the people who shape federal
nt information security and privacy policy. View entire article.
 with: Cybersecurity, DONCIO, Privacy, Web20
 he Use of SSNs is Key to Securing PII
 rch 6, 2009

artment of the Navy eliminated the use of Social Security numbers (SSN)
  , forms, documents and electronic information technology systems, 80
 the personally identifiable information (PII) breaches reported in 2008 would
   occurred. The March Privacy Tip of the Month explores the relationship
 SNs and identity theft. It also provides approaches to reducing the display,
 and/or transmission of SSNs within the DON.
 with: Cybersecurity, IDManagement, InfoSharing, Privacy
 bruary 20, 2009

 ing is a reported loss or breach of personally identifiable information (PII)
a Department of the Navy information system with lessons learned from the
mes have been changed or removed, but details are factual and based on
 t to the DON Privacy Office.
 with: Cybersecurity, IDManagement, Privacy
 rprise Data At Rest Solution For All Non-NMCI Assets Is Awarded
 ebruary 2, 2009

 tment of the Navy enterprise solution for protection of sensitive Data at Rest
 non-NMCI assets is now available. Implementation of this solution enables
 e with DoD and DON requirements associated with protection of personally
 e information (PII) and other types of sensitive DAR on mobile computing
 d portable storage media.
  with: Cybersecurity, DAR, Privacy
 I Loss by Proper Disposal/Sanitization of Unclass Equipment
 ebruary 1, 2009

  past year, the Department of the Navy has experienced problems relating to
 excess information technology and office equipment that contain personally
 e information (PII).
  with: Cybersecurity, IDManagement, InfoSharing, Privacy
 ps for Identity Theft Victims
 January 1, 2009

  past year, the Department of the Navy has experienced a few documented
 entity theft linked to the loss of government privacy information. The
  2008 Privacy Tip focused on how thieves steal identities, what they do with
 al information they obtain, and general information about identity theft. This
™s Privacy Tip is reproduced from Department of Justice guidance found on
 . It provides information about how to prevent identity theft, as well as what
 u become a victim of identity theft.
  with: Cybersecurity, Privacy
  Should Know About Identity Theft
December 1, 2008

  past year, the Department of the Navy has experienced a few documented
 entity theft linked to the loss of government privacy information. This
™s Privacy Tip focuses on how thieves steal identities and what they do with
 al information, as well as general information about identity theft.
 with: Cybersecurity, IDManagement, Privacy
 ust be Considered When Using Web 2.0 Tools
 November 1, 2008

 d in a recently published memo, the Department of the Navy endorses the
 of Web 2.0 tools to enhance collaboration, streamline processes and foster
 with: Cybersecurity, InfoSharing, Privacy, Web20
 y, October 29, 2008

  ing is the July 2008 summary of recently reported losses or breaches of
  identifiable information (PII) involving laptops or thumb drives. Laptop
  ntinues to be the foremost vulnerability in the Department of the Navy.
 ve been changed or removed, but details are factual and based on reports sent
 artment of the Navy Privacy Office.
  with: Privacy
 licy on DON Publicly Accessible Websites
 y, October 1, 2008

 et is specifically designed to be open and accessible to a global audience.
  global accessibility makes it a powerful public information tool and
  roductivity in the conduct of daily business, it also presents a potential risk
  rsonnel, assets and operations if inappropriate information is published on
  with: Cybersecurity, InfoSharing, Privacy, Services
 rds BPA for Credit Monitoring Services
  eptember 8, 2008

General Services Administration awarded Blanket Purchase Agreements
 assist Federal agencies in protecting the confidentiality of personal credit and
nformation, as well as providing a fast and effective solution for Federal
eeding commercial-off-the-shelf credit monitoring services, according to its

  with: Cybersecurity, Privacy
  ng PII on the Command Shared Drive
 eptember 1, 2008

 sonally identifiable information (PII) breach reports highlight the need to
 arches of shared drives throughout the Department to protect employees’
 formation and reduce the risk of identity theft. PII is found most often in
  related to awards, medals, legal issues, medical records and financial data.
 with: Cybersecurity, InfoSharing, Privacy
 I in Electronic and Paper Files
 y, August 6, 2008

 ing is a synopsis of a recently reported loss or breach of personally
e information (PII) that highlights common mishandling mistakes made by
s within the Department of the Navy. Names have been changed, but details
 and based on reports sent to the DON Privacy Office.
 with: Cybersecurity, Privacy
 ation of Cyber Crime: It's a Job
 y, August 6, 2008

me is fast-growing and lucrative … and increasingly easier using
 ed automated tools

was cold and gray as Joe slipped on his coat and swallowed the last bit of
t night’s research was profitable for his bank account and beneficial to
ny. He was glad he followed that tip from his buddy on a new toolkit. It
cost much and he more than got his money back with his bonus check.

 he longed for the good old days as a command line commando. But, now
™s more mature, he likes that the tools allow him to have a personal life with
ble daily routine. He stepped through the door into the damp mist and headed

 with: Cybersecurity, Privacy
 to-Peer File Sharing Is Not a Good Idea
 gust 1, 2008

er (P2P) networks, which link computers directly, allowing users to swap
vies, music and files with other users without centralized security controls or

 with: Cybersecurity, InfoSharing, Privacy
 Provides Cyber Crime Prevention Tips
 uly 28, 2008

 ly released Department of the Navy Cyber Crime Handbook provides an
of the definitions, criminal techniques, electronic laws, incident reporting and
regarding cyber threats to DON personnel and the Department's global
 with: Cybersecurity, Privacy
Updated for DAR Compliance Effort on Non-NMCI Networks
y 11, 2008

ise solution to encrypt DON data-at-rest (DAR) for non-Navy Marine Corps
 MCI) networks is anticipated to be available this fall from the Department of
nterprise Software Initiative/SmartBUY Enterprise Software Agreements.
with: Cybersecurity, DAR, Data Strategy, Privacy
Caught by Phishing
uly 1, 2008

  a criminal activity in which an adversary attempts to fraudulently acquire
nformation by impersonating a trustworthy person or organization. Examples
 ctices include manipulated emails that appear to be from the Department of
Navy Federal Credit Union, Navy Knowledge Online or other recognizable

with: Cybersecurity, Privacy
ose Laptops
ne 13, 2008

ue to carelessness or theft, the loss of laptops and other portable electronic
pecially thumb drives), continues to be one the top contributors to the loss of
identifiable information (PII).
with: Cybersecurity, Privacy
n Privacy Professional Certification Available
une 9, 2008

ational Association of Privacy Professionals' (IAPP) mission is to define,
nd improve the privacy profession globally and is the world's largest
  of privacy professionals representing more than 5,000 members from
 overnment and academia across 32 countries. It is the first organization to
ducational and testing credentials for information privacy, i.e., the Certified
n Privacy Professional (CIPP) and the Certified Information Privacy
al Government (CIPP/G). View information on how you can become an
 ber and a certified information privacy professional.
 with: Cybersecurity, Privacy, Workforce
o Shelf Life
y, May 14, 2008

 ing synopsis of a recently reported loss or breach of personally identifiable
n (PII) highlights common mishandling mistakes made by individuals within
ment of the Navy. Names have been changed, but details are factual and
eports sent to the DON Privacy office.
 with: Cybersecurity, Privacy
on With Wi-Fi
May 13, 2008

 io: You are at the airport waiting for your flight. With time to kill, you are
  connecting your laptop to the airport’s Wi-Fi to check your office e-
 me personal banking or shop for a gift for your spouse.

chances are there is a hacker sitting nearby with a laptop attempting to
rop― on your computer to obtain personal data that will provide access to
y or to your company’s sensitive information.
with: Cybersecurity, Privacy
Postings of PII
bruary 8, 2008

 ing is a synopsis of a recently reported loss or breach of personally
e information (PII) that highlights common mishandling mistakes made by
s within the Department of the Navy. Names have been changed, but details
 and based on reports sent to the DON Privacy Office.
 with: Cybersecurity, Privacy
est Frequently Asked Questions
y, September 26, 2007

 ed from the September podcast on data at rest with Department of the Navy
rmation Officer, Robert Carey.
 with: Cybersecurity, DAR, Data Strategy, IDManagement, NMCI, PKI,

 deral Regulations (32 CFR Part 701)
ptember 10, 2010

A, B, C and D of 32 CFR Part 701 issue policies and procedures for
 ing the Freedom of Information Act (FOIA) (5 U.S.C. 552) and Department
  Directive 5400.7–R series (the DoD FOIA Program), as well as promote
  in the Department of the Navy FOIA Program.

 implements the Privacy Act (PA) of 1974 (5 U.S.C. 552a) and provisions of
  irective 5400.7-R series.
 and G implement the PA (5 U.S.C. 552a) and DoD Directives 5400.11
5400.11–R series, and provide DON policies and procedures to ensure that
 ilitary members and civilian/contractor employees are made fully aware of
  and responsibilities under the provisions of the PA; to balance the
nt's need to maintain information with the obligation to protect individuals
warranted invasions of their privacy stemming from the DON's collection,
ce, use and disclosure of personally identifiable information; and to require
anagement practices and procedures be employed to evaluate privacy risks in
 cessible DON websites and unclassified non-national security information

rt 701 is broken down as follows:
A: DON FOIA Program
B: FOIA Definition and Terms
C: FOIA Fees
D: FOIA Exemptions
E: Indexing, Public Inspection, and Federal Register Publication of DON
and Other Documents Affecting the Public
F: DON Privacy Program
G: Privacy Act Exemptions
with: IA, InfoSharing, Privacy, RM
 of Magnetic Hard Drive Storage Media for Disposal
ugust 22, 2010

  message applies to all DON commands and organizations using classified
 only) and unclassified (genser) internal and removable magnetic hard drives.
des, but is not limited to, storage area network devices, servers, workstations,
tebooks, printers, copiers, scanners, and multi-function devices with internal
s, removable hard drives and external hard drives. This policy is also
 to all IT resources with magnetic hard drives, whether it is DON-owned,
 urchased as a service by DON commands and organizations.
 with: Cybersecurity, IDManagement, Privacy
al Security Number Reduction Plan for Forms Phase One
uly 19, 2010

d use of the Social Security number has reached unacceptable levels and
Department-wide effort to eliminate or reduce the collection, use, display and
this sensitive data element. As a result, the Chief of Naval Operations,
ant of the Marine Corps and Department of the Navy Chief Information
 initiating procedures for a review of all official and non-official forms that
Ns. This Naval message provides the process that will be used to conduct this

with: Forms/Reports, IA, IDManagement, Privacy
ng Personally Identifiable Information
bruary 12, 2010

o conveys the seriousness the Under Secretary of the Navy places on personal
d the safe management of Department of the Navy personally identifiable
n (PII) and his intention to make eradicating further PII breaches a
 tal priority. This includes implementing a DON-wide plan to reduce the
and use of Social Security numbers.
 with: Cybersecurity, Privacy
acy Program and Appointment of the Senior Military Component Official for

tober 30, 2009

o designates the Department of the Navy Chief Information Officer as the
 itary Component Official for Privacy for the Department of the Navy,
 he responsibility for oversight of the Department's implementation of the
ct of 1974.
 with: DONCIO, Privacy
acy Impact Assessment Guidance
May 18, 2009

  message implements the Department of Defense Privacy Impact
 t (PIA) guidance of Feb. 12, 2009, for the Department of the Navy. The
 s highlighted:

e guidance expands PIA coverage from just members of the public to include
deral personnel, Federal contractors, and Foreign Nationals employed at U.S.
 itary facilities abroad.
As are required for legacy systems and electronic collections where a PIA had
  previously been completed.
As are required to be reviewed and updated as necessary at least every three
 rs in conjunction with the certification and accredidation cycle.
e new DoD PIA form must now be completed and signed for all DON IT
 tems whether they collect PII or not (i.e, a partial PIA verifying that the IT
 tem does not collect PII or a full PIA for those that do).

 with: Cybersecurity, IDManagement, InfoSharing, Privacy
cy Impact Assessment Guidance
February 12, 2009

ction establishes policy and assigns responsibilities for completion and
f privacy impact assessments to analyze and ensure personally identifiable
n in electronic form is collected, stored, protected, used, shared and managed
 r that protects privacy.
 with: Cybersecurity, IDManagement, InfoSharing, Privacy
rprise Data At Rest Solution For All Non-NMCI Assets
 anuary 31, 2009

  message announces the availability of the Department of Navy Data At Rest
Solution for Non-NMCI assets and ends the moratorium on DAR software
 Implementation of this solution enables compliance with Department of
oint Task Force-Global Network Operations and DON policy mandates for
 of sensitive information on mobile computing devices and portable storage

 with: Cybersecurity, DAR, Privacy
onally Identifiable Information Training Requirement
December 18, 2008

 message emphasizes that personally identifiable information (PII) annual
training is foundational to the safeguarding of PII and key to understanding
ment's breach reporting responsibilities. It explains how DON leadership
nually reinforce PII awareness, through training, so that personnel properly
privacy sensitive information in order to improve business processes.
with: Cybersecurity, Privacy
Personally Identifiable Information on DON Shared Drives and Application
November 20, 2008

 message reinforces current Department of the Navy policy aimed at
he number and potential impact of lost, stolen or compromised personally
e information (PII) to Sailors, Marines, government personnel, dependents
 with: Cybersecurity, Privacy
Utilizing New Web Tools
October 20, 2008

se of this memo is to provide initial guidance for all Navy and Marine Corps
  regarding the use of emerging web tools to facilitate collaboration and
 n sharing in the Department ofthe Navy. These tools, described in enclosure
 wikis, blogs, mash ups, web feeds (such as, Really Simple Syndication and
Summary (RSS) feeds), and forums, which are often referred to as
 s of "Web 2.0" and can significantly enhance mission effectiveness through
 on. The Department endorses the secure use of Web 2.0 tools to enhance
 ation, collaboration and information exchange; streamline processes; and
 uctivity improvements. However, their application must not compromise
dentiality and integrity.
 with: Cybersecurity, Emerging Tech, InfoSharing, Privacy, Services, Web20
cy Updates for Personal Electronic Devices Security and Application of
nature and Encryption
 tober 3, 2008

  message provides updates to the DON policy for digital signature and
 of email. It also provides updated budget guidance for procurement and use
 ard Reader technology to support digital signature and encryption of email
 nal Electronic Devices.
 with: Cybersecurity, PED, Privacy
 l Security Number Reduction Plan
 rch 28, 2008

tive-Type Memorandum establishes the Department of Defense policy for
 he Social Security number and guidance for reducing its unnecessary use.
with: Forms/Reports, IA, IDManagement, Privacy
rsonally Identifiable Information Reporting Process
bruary 29, 2008

 message announces the updated reporting process to be used when there is a
 uspected loss of Department of the Navy personally identifiable information.
 new and existing requirements for incident reporting recently issued by the
Management and Budget and the Department of Defense.

e: Since the release of this message, the Defense Privacy Office (DPO) email
s changed from DOD.PRIVACY@OSD.MIL to

ple breach notification letter. View reporting and after action forms.
 with: Cybersecurity, Privacy
 yption of Sensitive Unclassified Data at Rest Guidance
October 9, 2007

 message provides guidance regarding the move to choose an enterprise
 encrypt sensitive Data at Rest (DAR) and states that commands should hold
 hasing DAR products and services until an enterprise solution is identified.
 with: Cybersecurity, DAR, IDManagement, Privacy
onally Identifiable Information Annual Training Policy
October 4, 2007

AV message stresses the seriousness of safeguarding personally identifiable
n (PII) across the Department by establishing an annual PII awareness
quirement, as well as completing semi-annual command level PII compliance

 pot Check Form.
 with: Cybersecurity, Privacy
d Civil Liberties
gust 3, 2007

excerpt from PUBLIC LAW 110-53-AUG. 3, 2007, "Implementing
ndation of the 9/11 Commission Act of 2007," specifically Sections 801
ion of Authorities Relating to Privacy and Civil Liberties Oversight Board)
 rivacy and Civil Liberties Officers).
 with: Civil Liberties, Privacy
ng Personally Identifiable Information from Unauthorized Disclosure
uly 23, 2007

 message defines personally identifiable information (PII) and emphasizes
ance of its proper handling following more than 100 incidents of PII loss
past 18 months.
 with: Cybersecurity, IDManagement, Privacy
 ng Personally Identifiable Information
April 17, 2007

  message establishes interim policy for the handling of personally
e information when stored on government furnished laptop computers, other
mputing devices and removable storage media (e.g., removable hard drives,
 es, blackberries, personal digital assistants, compact discs and DVDs).
 with: Cybersecurity, IDManagement, PED, Privacy
Access Card Eligibility for Foreign National Personnel
 rch 9, 2007

o authorizes the issuance of CACs to foreign national partners who have been
etted and who require access to a DoD facility or network logon access to
D mission. This would apply to DoD sponsored foreign national military,
nt, and contractor personnel.
 with: Cybersecurity, IDManagement, Privacy
September 7, 2006

o provides guidance regarding the use of recall rosters for the management of
and addresses what personal information may be included.
 with: IA, IDManagement, Privacy
 Incidents Involving Personally Identifiable Information and Incorporating the
ecurity in Agency IT Investments
ne 23, 2006

o provides update guidance on the reporting of security incidents involving
 identifiable information. It also restates existing requirements and explains
 with: Cybersecurity, IDManagement, Privacy
DON Privacy Impact Assessment Guidance
ne 16, 2006

o and enclosures prescribe the Department of Defense and Department of the
acy Impact Assessment guidance for IT systems that contain information in
e form.
 with: Cybersecurity, Privacy
 of Sensitive Department of Defense Data at Rest on Portable Computing

April 18, 2006

o provides suggestions on technical means to protect unclassified sensitive
n on portable computing devices used within DoD. The measures are in
 the normal physical security required for such devices so that, if they fall
 ong hands for any reason, access to the sensitive DoD information they
ll be more difficult.
 with: Cybersecurity, DAR, IDManagement, PED, Privacy
ementation Guide for Transitional PIV II SP 800-73 v1
y, March 1, 2006

 specifies technical details for implementing interagency PIV I and PIV II
nstitute of Standards and Technology Special Publication 800-73v1
nts in the DoD CAC environment. It documents how the DoD common
d and middleware are implemented with PIV.
 with: CAC, Cybersecurity, IDManagement, Privacy
 ormation Processing Standard 201-1: Personal Identity Verification of
mployees and Contractors
y, March 1, 2006

ard specifies the architecture and technical requirements for a common
 on standard for Federal employees and contractors. The goal is to achieve
e security assurance for multiple applications by efficiently verifying the
entity of individuals seeking physical access to Federally controlled
nt facilities and electronic access to government information systems.
 with: Cybersecurity, IDManagement, Privacy
ndustrial Security Program Operating Manual
 ebruary 28, 2006

al prescribes requirements, restrictions, and other safeguards that are
o prevent unauthorized disclosure of classified information and to control
 disclosure of classified information.
with: Cybersecurity, IDManagement, Privacy
acy Program
y, December 28, 2005

 NST 5211.5E implements the Privacy Act of 1974 per the Department of
 ivacy Program Directive and Regulation ensuring that all DON military
 nd civilian/contractor employees are made fully aware of their rights and
 ities with regards to privacy. The program attempts to balance the
nt’s need to maintain information with the obligation to protect
s against unwarranted invasions of their privacy stemming from the
s collection, maintenance, use and disclosure of Personally Identifiable
 n (PII). The program requires that privacy management practices and
  be employed to evaluate privacy risks in publicly accessible DON web sites
 sified non-national security information systems.
 with: Cybersecurity, IDManagement, Privacy
pliance with Electronic Biometric Transmission Specification
December 15, 2005

o forwards memorandum from the Department of Defense Biometrics
Agent that mandates all new acquisitions or upgrades of electronic biometric
systems used by DoD components conform with the DoD electronic
 ransmission specifications.
 with: Cybersecurity, Privacy
ng of Information that Personally Identifies DoD Personnel
September 1, 2005

 ons outside the Federal Government often approach Department of Defense
 o obtain updated contact information for their publications, which are then
 able to the public. The information sought usually includes names, job titles,
ons, phone numbers and room numbers. The DoD director of Administration
gement issued a policy memo Nov. 9, 2001, that provided greater protection
rsonnel in the aftermath of the Sept. 11 terrorist attacks. The memo required
 n that personally identifies DoD personnel to be more carefully scrutinized
d. This memo reinforces the original memo.
 with: Cybersecurity, IDManagement, Privacy
acy Impact Assessment Format Guidance
y, October 27, 2004
mary provides the Department of the Navy format for system assessors to use
 ucting a Privacy Impact Assessment.
 with: Cybersecurity, IDManagement, Privacy
 ic Key Infrastructure Implementation Guidance
 tober 8, 2004

  message provides amplifying public key infrastructure implementation

 with: Cybersecurity, IDManagement, PKI, Privacy
 a Common Identification Standard for Federal Employees and Contractors
 gust 27, 2004

eland Security Presidential Directive establishes a government-wide standard
and reliable forms of identification issued by the Federal Government to its
 and contractors (including contractor employees). This standard will result
 d security, increased Government efficiency, reduced identity fraud, and
 of personal privacy.
 with: Cybersecurity, IDManagement, Privacy
ct Program Update
 ebruary 10, 2003

o directs Navy activities to be proactive with regards to complying with the
ct of 1974 and SECNAVINST 5211.5 series, DON Privacy Program. The
vides Privacy Act coordinators good general guidance and addresses areas
 l important today, i.e., protecting personally identifiable information,
he use of Social Security numbers, the proper marking of documents
 PII, system of records notices, training and identity theft.
 with: IDManagement, InfoSharing, KM, Privacy
 s on Complying with President's Memorandum of May 14, 1998: "Privacy
 al Information in Federal Records"
 January 7, 1999

orandum provides instructions to agencies on how to comply with the
 Memorandum of May 14, 1998, on "Privacy and Personal Information in
 cords." In his memo, the president directed Federal agencies to review their
ormation practices and ensure that they are being conducted in accordance
cy law and policy. The president also directed the Office of Mangaement and
 ssue instructions to the agencies on how to conduct this review.

 t A: Privacy and Personal Information in Federal Records
 t B: Instructions for Complying with the President's Memorandum of May
 Privacy and Personal Information in Federal Records"
 t C: Governmentwide Systems of Records
 with: IA, IDManagement, KM, Privacy
ct of 1974
eptember 1, 1974

 y Act of 1974, 5 U.S.C. § 552a, establishes a code of fair information
hat governs the collection, maintenance, use and dissemination of personally
e information about individuals that is maintained in systems of records by
 ncies. A system of records is a group of records under the control of an
 m which information is retrieved by the name of the individual or by some
 ssigned to the individual. The Privacy Act requires that agencies give the
 ce of their systems of records by publication in the Federal Register. The
ct prohibits the disclosure of information from a system of records absent the
nsent of the subject individual, unless the disclosure is pursuant to one of 12
xceptions. The act also provides individuals with a means by which to seek
 nd amendment of their records, and sets forth various agency record-keeping
 with: IA, IDManagement, Privacy, RM
 Identifiable Information Posters
 uary 9, 2009

tment of the Navy Chief Information Officer has created press-quality
help communicate the importance of protecting and properly handling
 identifiable information (PII).
 with: Cybersecurity, IDManagement, Privacy
 Identifiable Information Training
December 1, 2008

based training identifies what Personally Identifiable Information (PII) is and
mportant to protect PII. It reviews a Department of Defense (DoD)
on's responsibilities for safeguarding PII and explains individual
 ities for PII recognition and protection.
 with: Privacy
T Strategic Plan Mid Cycle Update, FY 2008-2009
y, October 1, 2008

tment of the Navy Information Management and Information Technology
 lan Mid Cycle Update provides updated objectives, plans and contact
n to the DON IM/IT Strategic Plan for FY 2008-2009. The strategic plan
course for our future, providing the mission, vision, governing principles,
supporting objectives for IM/IT. The plan articulates our collective vision for
abilities that will enable transformation throughout the DON.
 with: CCA, CIP, Cybersecurity, DADMS/DITPR-DON, Data Strategy,
 EA, ESI, Investment Management, KM, MDA, NGEN, NMCI, NNE,
ce Measurement, Privacy, RM, Services, Spectrum, Standards, Strategy,
unications, Wireless, Workforce
er Crime Handbook
July 10, 2008

tment of the Navy Cyber Crime Handbook contains an overview of the
, criminal techniques, electronic laws, incident reporting and responses
he cyber threats to Department personnel and the global infrastructure we

 with: Cybersecurity, Privacy
otection in the Information Age
December 20, 2007

inues to affect the way in which personal information can be compromised
mber of identity theft cases continues to rise, DON personnel must take steps
hemselves against this serious crime. This tool provides the necessary
o do so.

 t to raise privacy awareness in the DON and in general, the Department
everal facets of privacy on this instructional CD-ROM, including: Legal and
y Guidance, Identity Theft, Privacy Technology, and Privacy Links and

 with: Cybersecurity, IDManagement, Privacy
 Privacy Act Systems of Records You May Be Using
ptember 24, 2010

 Act (PA) system of records notice is the authority that allows you to collect,
nd disseminate information that is retrieved by an individual's name and
 entifier. Because many activities maintain similar types of records, we have
neric or "umbrella" PA systems of records notices to cover activities that
 lection of those types of records.
 with: IA, IDManagement, KM, Privacy
btain Copies of Military Personnel Records
ptember 17, 2010

 ing processes are provided for active duty military members, former military
family members, and other individuals wishing to obtain copies of military
 with: IA, IDManagement, KM, Privacy
ct Exemptions
ptember 17, 2010

ment is a copy of the Code of Federal Regulations, Title 32, Volume 5,
 of July 1, 2008 (32 CFR 701.128), "Privacy Act Exemptions for Specific
ord Systems."
 with: IA, IDManagement, KM, Privacy
 ecklist for Conducting Privacy Act Assessment/Staff Visits
ptember 17, 2010

 ing checklist is provided for use by Privacy Act coordinators and should be
 a command's specific needs.
 with: IA, IDManagement, KM, Privacy
When to Write a Privacy Act Statement
September 16, 2010

 Privacy Act Statement required?

anization requests that an individual furnish personal information (name,
 h, Social Security number, etc.) for a system of records, regardless of the
ed to collect the information (e.g., forms, personal or telephonic interview,
a Privacy Act Statement (PAS) is required. If the information requested will
uded in a system of records, then a PAS is not required.
 with: IDManagement, InfoSharing, KM, Privacy
cy Program Resources
y, September 15, 2010

 se Privacy Program Homepage provides resources related to the Privacy
Privacy Impact Assessments and the Freedom of Information Act.
 with: IA, IDManagement, KM, Privacy
ake a Privacy Act Request
y, September 15, 2010

 Privacy Act (PA) request, label the request itself and the envelope:
Y ACT REQUEST." Identify the specific PA system of records notices you
ve searched. (See index of PA System of Records Notices and submit your
cording to the requirements set forth under "Record Access Procedures.") PA
 ust be signed, so we cannot accept email requests.
 with: IDManagement, InfoSharing, KM, Privacy, RM
s for Using WinZip to Encrypt Files
y, September 15, 2010
ment below provides step-by-step instructions to encrypt files using WinZip.
with: IA, IDManagement, KM, Privacy
of the Privacy Act of 1974 (2010 Edition)
y, September 15, 2010

view of the Privacy Act of 1974," prepared by the Department of Justice's
rivacy and Civil Liberties (OPCL), is a discussion of the Privacy Act's
prohibition, its access and amendment provisions, and its agency
ing requirements.
with: IA, IDManagement, KM, Privacy
 ortal Procedures for Safeguarding PII
y, September 15, 2010

ices for use with Command Shared Drives and Web Portals

ment below is the Program Executive Officer, Enterprise Information
PEO EIS) Portal Procedures for Safeguarding Personally Identifiable
 n (PII) and should be used as a best practice. The Department of the Navy
enced numerous breaches across the enterprise in which PII was improperly
 hared drives and web portals resulting in unauthorized disclosure.
 with: IA, IDManagement, KM, Privacy
ct Desk Reference Guide
y, September 15, 2010

he Privacy Act?

 y Act (PA) pertains to records the Department of the Navy is maintaining
 More than 150 types of PA System of Records Notices (SORNs) have been
 hat allow the DON to collect, maintain, use and disseminate information
viduals affiliated with the Department. View a complete list of approved

 with: IA, IDManagement, KM, Privacy
elated OMB Memoranda
y, September 15, 2010

 ing list of Office of Management and Budget memoranda pertains to privacy
 ided to assist personnel as they conduct their daily privacy-related functions.
 with: IA, IDManagement, KM, Privacy
 Accounting Form (OPNAV 5211/9 (MAR 1992))
 eptember 13, 2010
 accounting allows an individual to determine what agencies or persons have
ded information from the system of records about them, enables Department
y activities to advise prior recipients of the system of records of any
 amendments or statements of dispute concerning the system of records, and
n audit trail of the DON's compliance with the Privacy Act of 1974.
with: IA, IDManagement, KM, Privacy
urpose Privacy Act Statement (OPNAV FORM 5211/12)
 eptember 13, 2010

ndividual is requested to furnish personally identifiable information for
clusion in a system of records, a Privacy Act Statement (PAS) must be
o the individual, regardless of the method used to collect the information
s, personal, telephonic interview, IT system, etc). If the information
will not be included in a system of records, a PAS is not required.
 with: IA, IDManagement, KM, Privacy
 Reduction Review Form SECNAV 5213/1 (Jul 2010)
ptember 3, 2010

sage DTG 192101Z Jul 10: "DON Social Security Number Reduction Plan
Phase One" requires the use of SECNAV 5213/1 to review and justify the
collection of Social Security numbers on all Department of the Navy forms.
with: Forms/Reports, IDManagement, Privacy
 t of Defense SORN Training Materials
y, August 25, 2010

 documents were provided by the Defense Privacy Office.
 with: IA, Privacy, RM
ct Resources
August 16, 2010

ing resources are intended to supplement SECNAVINST 5211.5E: "DON
ogram" and should prove useful to Privacy Act coordinators. Please send any
s for additions to this list to Steve Daughety,
with: IDManagement, KM, Privacy, RM
ct System of Records Notices
August 16, 2010

y Act allows executive branch agencies to collect, maintain and disseminate
n on individuals affiliated with that agency. The Department of the Navy
aintain information about individuals who have never been affiliated with
s inventory of Privacy Act System of Records Notices (SORNs) identifies
 mptions claimed for this system" those systems that are exempt from access
provisions of the Privacy Act. A listing of the DON's exempt system of
tices is located at 32 Code of Federal Regulations, Part 701.
 with: IDManagement, Privacy, RM
e Disposal Resources
August 5, 2010

 ing hard drive disposal resources provide current Department of the Navy
 guidance with regard to degaussing, destruction, and turn-in of DON-owned
ard drives. It also includes the waiver process. Note: The DON policy
n this subject is in draft and will be posted as soon as it is released.
with: Privacy
or Hard Drive/Disk Destruction
August 5, 2010

ing guidelines are provided for the proper destruction of Department of the
with: Cybersecurity, IA, Privacy
ction Plan Resources
ugust 1, 2010

ing resources are provided to help implement the Department of the Navy's
urity Number Reduction Plan.
with: Forms/Reports, IA, IDManagement, Privacy
Use Cases for Systems Collecting SSNs
uly 12, 2010

 ing is a list of 12 approved use cases for systems requesting the use of Social
 with: IA, IDManagement, Privacy, RM
nded Facebook Privacy Settings
ne 25, 2010

 provides step-by-step instructions to Facebook users to help them create a
tween safeguarding their privacy and enjoying the benefits of social
g online. It was developed by the Department of the Navy Chief of
 with: IDManagement, InfoSharing, Privacy, Web20
oject Identifiers for FY2010
ne 11, 2010
 ttached below provides FY2010 Unique Project Identifiers (UPIs) for
 t of the Navy information technology systems. The UPI is required when
g a Privacy Impact Assessment (PIA).
 with: Cybersecurity, IDManagement, InfoSharing, Privacy
of DON Systems With Completed Privacy Impact Assessments
May 18, 2010

8 of the E-Government Act of 2002 establishes government-wide
nts for conducting, reviewing and publishing Privacy Impact Assessments
  PIA directs agencies to conduct reviews of how privacy issues are
  when creating or purchasing new information technology (IT) systems or
ating new electronic collections of information in identifiable form. A PIA
privacy factors for all new or significantly altered IT systems or projects that
 intain or disseminate personal information from members of the public and
 ary, civilian, or contractor personnel. PIAs are conducted and maintained for
at meet that criteria.
 with: Cybersecurity, IDManagement, Privacy
e Physical Destruction Resources
y, April 14, 2010

ed is a list of vendors that provide hard drive degaussing and destruction
d products. GSA contract vehicle numbers are also provided. This list is not
 e. It is simply meant to provide a starting point for obtaining these types of
d products.
with: Privacy
 Identifiable Information Spot Check Form
November 9, 2009

is an internal document and is to be used by command leadership to assess
f compliance in the handling of personally identifiable information (PII) as
 by law and/or specific DoD/DON policy guidance.
 with: Cybersecurity, Privacy
 s Guide to Personally Identifiable Information
 November 5, 2009

tment of the Navy Users Guide to Personally Identifiable Information (PII) is
s a convenient desk reference that can be printed as a brochure and
 to increase awareness throughout the Department.
with: Cybersecurity, IDManagement, InfoSharing, Privacy
 commended Reading List
 une 23, 2009
o the Department of the Navy Chief Information Officer Privacy Team
ded reading list. This list will be periodically updated.
with: Cybersecurity, IDManagement, Privacy
aining and Compliance
une 22, 2009

 ing resources are provided to support the Department of the Navy's annual
 ining and semi-annual compliance spot-check requirements. Note: The
 IN (DTG 181905Z DEC 08) training requirement supercedes the ALNAV
 ning requirement. The compliance spot check requirements of the ALNAV
 with: Cybersecurity, DAR, IDManagement, InfoSharing, PED, Privacy
 CIO IM/IT PIA Workshop Brief
ne 19, 2009

 y Impact Assessment (PIA) brief attached below was presented during the
 rtment of the Navy IM/IT Conference and is provided as a reference and for
eloping other PIA presentations.
 with: Cybersecurity, IDManagement, InfoSharing, KM, Privacy
ne 19, 2009

nally identifiable information (PII) brief attached below was presented at the
 rtment of the Navy IM/IT Conference and is provided as a reference and for
eloping other PII presentations.
 with: Cybersecurity, IDManagement, InfoSharing, Privacy
 IM/IT Conference Identity Theft Brief
ne 19, 2009

y theft brief attached below was presented at the May 2009 Department of
M/IT Conference and is provided as a reference and for use in developing
with: Cybersecurity, IDManagement, Privacy
 pact Assessment Signature Routing Guidance
 y 29, 2009

 ing provides the proper routing for Navy and Marine Corps Privacy Impact
 ts (PIAs). The last two signature blocks on the DoD PIA Template (DD
30 NOV 2008) are reserved for (1) the DON Privacy Act Program Manager
or USMC Privacy Act/FOIA Officer and (2) the DON CIO.
 with: Cybersecurity, IDManagement, InfoSharing, Privacy
May 18, 2009

 ing privacy presentations are provided for reference and use in developing
 entations and briefings.
 with: Cybersecurity, IDManagement, Privacy
rmation Collection Number
March 2, 2009

 of Management and Budget (OMB) Information Collection Number is
 hen collecting information from 10 or more members of the public in a 12-
 od and is used in completing the Privacy Impact Assessment (PIA)

 with: Cybersecurity, IDManagement, InfoSharing, Privacy
 pact Assessment Resources
March 2, 2009

 ing resources are provided to assist with the privacy impact assessment
n process.
 with: Cybersecurity, IDManagement, Privacy
 pact Assessment Template "Gouge"
bruary 20, 2009

ment attempts to address the common issues encountered as a privacy impact
t moves its way through the review and approval process. Consider this a
 cument and help us improve its content and usefullness.
 with: Cybersecurity, IDManagement, InfoSharing, Privacy
 pact Assessment Template Risk Mitigation Question Responses
bruary 20, 2009

ment provides examples of possible responses to the privacy impact
t (PIA) template questions that deal with the risks associated with the
collection of personally identifiable information and the ways to mitigate
 with: Cybersecurity, IDManagement, InfoSharing, Privacy
 ON Privacy Quiz!
 uary 23, 2009

Privacy Quiz highlights basic personally identifiable information (PII)
  and policy information that all DON personnel should be familiar. It is
ded that command/unit privacy officials use this quiz (attached below) as a
d that can be specifically tailored to local use. Any feedback on how to make
 r tool is appreciated.
 with: Cybersecurity, IDManagement, InfoSharing, Privacy
  Reporting Resources
 y, January 21, 2009

 ing breach-related resources are provided to aid in reporting the loss or
 oss of personally identifiable information (PII).
 with: Cybersecurity, IDManagement, Privacy
Safeguarding PII Presentation
anuary 20, 2009

 ed brief provides background information, the resultant responses and best
 eveloped by the Bureau of Naval Personnel related to the sensitivity to the
 sonally identifiable information of DON personnel. Also attached is a
 rom the presentation.
  with: Cybersecurity, InfoSharing, Privacy
 formation and Resources
 cember 19, 2008

  to the privacy resources and information available on the DON CIO web
 llowing list of web sites provide further information on privacy and identity
  with: Cybersecurity, IDManagement, PED, Privacy
 equently Asked Questions
 December 18, 2008

  ing is a list of questions that are frequently asked of the DON CIO Privacy
 ponses have been provided and, in many cases, there are added references to
 ce that is cited. Please provide the Privacy Team additional questions so they
 ded to the list.
  with: Cybersecurity, Forms/Reports, IDManagement, Privacy
 cy Impact Assessment Template
 y, November 26, 2008

  epartment of Defense Privacy Impact Assessment Template has been
 and is available for use by Army, Navy, Air Force, DISA, OSD/JS, DLA,
 DFAS. The link provides access to the Word and fillable PDF versions of
M 2930 on the DoD forms web site.
  with: Cybersecurity, InfoSharing, Privacy
 Reporting Forms
August 18, 2008

 forms are available for use in accordance with DTG 291652Z FEB 08: Loss
 lly Identifiable Information Reporting Process.

211/13:DON Loss or Compromise of Personally Identifiable Information
ch Reporting Form is used for initial and supplemental breach reporting.
211/14:DON Loss or Compromise of Personally Identifiable Information
 Action Reporting Form is for after-action breach reporting. Email buttons
ed with built-in distribution lists. When an email button is selected, an email
ill open with the form as an attachment. Here you can add additional
 and text. The subject line should indicate “PII Breach Report for
d Name - US-CERT number if available].― These forms can also be found
al Forms Online web site.
 with: Cybersecurity, Privacy
 PII Breach Notifications
 gust 15, 2008

s reporting a loss or suspected loss of personally identifiable information
 e contacted by the Department of the Navy Chief Information Officer
 am to determine if individual notifications are required. The decision to
 be based on the nature of the PII compromised and the resultant level of risk
 theft. If the command is faced with notifications and cannot locate the
dresses of those impacted, please contact Steve Daughety at or Steve Muck at for points of
assist in locating the individuals in question.
 with: Cybersecurity, Privacy
Consequences for Failing to Safeguard PII
 uly 22, 2008

Table of Potential Consequences and Penalties for the Mishandling/Improper
 ng of PII was developed with legal assistance from the Department of the
s Office of Civilian Human Resources and its Workforce Relations and
tion Division, the Office of the Judge Advocate General, and the Office of
 with: Cybersecurity, IDManagement, Privacy
                         Third Party News
Technology for Information Security
nt Computer News
y, September 22, 2010

 starting an effort to enhance privacy and security safeguards for its

 with: Cybersecurity, Privacy
 uard Bureau Tells What not to Write on Facebook
nt Computer News
gust 20, 2010

nal Guard Bureau is giving advice to guard members on what to write -- and
- on social media sites.
 with: Cybersecurity, IDManagement, InfoSharing, Privacy, Web20
op Facebook Friends From Tracking You
nt Computer News
August 19, 2010

s new Places feature allows others to tag your locations, and Facebook has
n by default. Here's how to turn it off.
 with: Cybersecurity, IDManagement, InfoSharing, Privacy, Web20
EO Exposes Dark Side of Social Networking
 y, August 18, 2010

EO Eric Schmidt fears that too much information is shared online, and
 at people will one day change their name and reinvent themselves in order to
 r digital past. That point of view might be extreme, but it is true that social
g has forced us to more closely examine and redefine the concepts of privacy
 with: IDManagement, InfoSharing, Privacy, Web20
 est Cyber-Crime Suspect for U.S.
 ngton Post
 August 12, 2010

 of one of the world's most sophisticated Internet sites for trafficking stolen
  information has been arrested by French police based on a U.S. criminal
 , the U.S. Secret Service and Justice Department announced.
 with: Cybersecurity, Privacy
m Builds for Federal Rules on Internet Privacy
 ngton Post
 uly 27, 2010

hn Kerry (D-Mass.), chairman of the Communications Subcommittee, said
l introduce an online privacy bill that will create standards for how consumer
ected and used for marketing.
 with: IDManagement, Privacy
Changes App Permissions, But Critics Say It's Not Enough
t Journal
y, June 30, 2010
on Wednesday rolled out changes to its permission settings for third-party
un on the social networking site and often access information about users and
 with: IDManagement, Privacy, Web20
 s Federal Agency Decade-Long Cookie Ban
 une 28, 2010

Management and Budget Director Peter Orszag, who issued the guidance,
fice is sensitive to citizens' concerns and use of cookies by federal agencies
ompromise or invade personal privacy.
 with: Cybersecurity, IA, IDManagement, InfoSharing, Privacy, Web20
 cosystem' To Replace Passwords, Draft Strategy Suggests
  mputer Week
 ne 25, 2010

 ministration releases a draft plan that would radically change the standard
 o online identity authentication -- if it works.
 with: Cybersecurity, IA, IDManagement, Privacy, Strategy
 s Agencies How To Treat Their Online 'Friends'
  mputer Week
 ne 25, 2010

 y overhauled policy on using third-party websites and applications and web
 ent and customization technologies.
  with: Cybersecurity, InfoSharing, Privacy, Web20
 ad Security Breach Reveals Vulnerability of Mobile Devices
  ngton Post
  une 12, 2010

 vices are slick, powerful and convenient, but the news this week that AT&T
 data breach on thousands of iPads highlighted another quality: They're
  with: Cybersecurity, Privacy
  cebook and Western Civilization's Decline
 y, June 2, 2010

work providers can be as reckless as the users who Tweet and Facebook their
 ackers' hands. Bill Brenner lists some examples in this latest edition of
Wisdom Watch.
 with: Emerging Tech, InfoSharing, Privacy, Web20
Launches Criminal Investigation of Google
 May 20, 2010

osecutors have launched a criminal investigation over whether Google broke
tion regulations when it collected fragments of Wi-Fi data while shooting
r its mapping application.
with: Emerging Tech, Privacy, Web20, Wireless
 Works to Expose Government Secrets, but Site's Sources a Mystery
ngton Post
May 20, 2010

anization dedicated to exposing secrets, WikiLeaks keeps a close hold on its
s. Its website doesn't list a street address or phone number, or the names of
 s. Officially, it has no employees, headquarters or even a post office box.
 with: InfoSharing, Privacy, Web20
h Blasted by Congressman
May 18, 2010

 sman is citing the recent theft of an unencrypted laptop containing health
 n on 616 veterans as evidence that the Department of Veterans Affairs is not
ugh to protect information.
 with: IDManagement, Privacy
IDs Hacker Who Tried to Sell 1.5M Accounts
May 13, 2010

has identified the hacker named Kirllos who tried to sell 1.5 million
accounts recently in underground hacking forums.
 with: Cybersecurity, Emerging Tech, IDManagement, InfoSharing, Privacy,

ata of Reservists, Veterans at Risk in Recent Thefts
n Technology
May 13, 2010

 incidents, thieves stole laptop computers containing personal information on
and veterans.
 with: Cybersecurity, IDManagement, Privacy
leases Data on Governments' Demands for User Data, Site Censorship
ngton Post
y, April 21, 2010

s aren't the only ones hungry for data on online users. So are U.S. and foreign
nts, according to Internet giant Google.
 with: IDManagement, Privacy
 shes Online List of Patient Data Breaches
 nt Computer News
April 19, 2010

h and Human Services Department has started publishing an online list of
 and breaches that affect the health data of more than 500 patients.
 with: Cybersecurity, Privacy
st Threats to Security are Sitting Next to You
nt Computer News
ril 16, 2010

 ter survey of IT decision-makers, nearly 58 percent of security incidents
 sulted from employees losing a computing device or accidentally posting
 with: Cybersecurity, Privacy, Workforce
 ties Groups Fight Biometric IDs
mputer Week
y, April 14, 2010

U and other civil liberties groups oppose two senators' plan that includes a
nt for biometric Social Security cards.
 with: Civil Liberties, IDManagement, Privacy
assword is... Obvious
nt Computer News
 ril 2, 2010

recently surveyed computer users on their use of passwords and found that a
y are still pretty sloppy about it. Is your password still "password"?
 with: Cybersecurity, IDManagement, Privacy
Calls for Update of Privacy Act
April 1, 2010

 question of how best to balance privacy and security in the 21st century has
answer, what is clear is that our federal electronic privacy laws are woefully
Sen. Patrick Leahy says.
with: IDManagement, Privacy
 sruptions Raise Tensions for Google in China
 ngton Post
 April 1, 2010

 ernet disruptions in Asia this week portend what could be a long standoff
 hina and foreign search giants.
 with: Cybersecurity, Privacy
urity: The Invisible Problem in Plain Sight
nt Computer News
April 1, 2010

 s look to cut costs, improve efficiency, go green and improve security —
 n't these days? — better management of a specific common technology is a
ow-hanging fruit that has largely gone ignored.
 with: Cybersecurity, GreenIT, Privacy
et International Cyber Criminals
March 29, 2010

 tion introduced in both houses would require the president to provide a
 ssment of identity threats from abroad and work with other countries to
n on their own cyber criminals.
with: Cybersecurity, IDManagement, Privacy
Says 3.3M Student Loan Records Stolen
March 29, 2010

3 million borrowers was stolen from a nonprofit company that helps with
n financing.
with: Cybersecurity, IDManagement, Privacy
Hacker Sentenced to 20 Years
March 29, 2010

e in the Heartland Payment Systems data breach, convicted hacker Albert
on Friday received a second 20-year prison sentence.
 with: Cybersecurity, IDManagement, Privacy
cil Considers New Privacy Guidance
nt Computer News
March 25, 2010

o work with the federal enterprise architecture could soon get additional
 or building privacy protections into systems.
 with: EA, Privacy
 olutions, GoDaddy Cease Registering Web Sites in China
 ngton Post
 March 25, 2010

  Internet domain name registration companies have ceased registering web
 ina in response to intrusive new government rules that require applicants to
 tensive personal data, including photographs of themselves.
 with: IDManagement, Privacy
Hacker to be Sentenced
March 23, 2010

notorious hacker in history faces sentencing this week for the Heartland
 ystems, TJX and other major data breaches.
 with: Cybersecurity, Privacy
rclays Programmer Gets Four Years for Role in TJX Attacks
 rch 12, 2010

Barclays Bank programmer who helped launder money for the mastermind
 data thefts at TJX Companies Inc. and other retailers, was sentenced to four
ison by a federal court in Boston.
 with: Cybersecurity, IDManagement, Privacy, Workforce
% Have Experienced ID Theft
y, March 10, 2010

ercent of Americans have experienced an identity theft crime directly or
 immediate family member, a new survey shows.
 with: IDManagement, Privacy
 es Personal Data to Tailor Up to 20% of Searches
 t Journal
 y, March 3, 2010

 een paying attention over the years, you've probably noticed that more and
gle searches are being tailored to your personal information. Now we know
 with: Emerging Tech, IDManagement, Privacy, Web20
Configuration Controls Essential to Cybersecurity
 nt Computer News
y, February 17, 2010

ecurity remains impossible but disciplined configuration controls can thwart
f attacks, says former Air Force CIO.
 with: Cybersecurity, Privacy, Strategy
to Congress: Time to Seed Cloud Computing
nt Computer News
January 21, 2010

curity, and international sovereignty issues need congressional attention,
Smith, senior Microsoft executive.
with: Cloud, Cybersecurity, Emerging Tech, Privacy
Breach Shows Why Compliance is not Enough
y, January 6, 2010

ear after Heartland Payment Systems disclosed what turned out to be the
ach involving payment card data, the incident remains a potent example of
liance with industry standards is no guarantee of security.
 with: Compliance, Cybersecurity, Privacy
Launches Tech Policy Web Site
mputer Week
y, January 6, 2010

today announced that it has launched a new web site to engage the public in
 about major technology policy issues including privacy, security, cloud
 and intellectual property rights.
 with: Cloud, Cybersecurity, Privacy
phic Showdown, Round 2: NIST Picks 14 Hash Algorithms
nt Computer News
anuary 5, 2010

eliminated 37 algorithms that had been submitted in a contest to choose the
ographic hash. Now, 14 contenders remain.
 with: Cybersecurity, Privacy
Computer Network Defense Command Delayed by Congressional Concerns
 ngton Post
 nuary 3, 2010

gon's plan to set up a command to defend its global network of computer
 s been slowed by congressional questions about its mission and possible
ncerns, according to officials familiar with the plan.
 with: Cybersecurity, Governance, Infrastructure, Privacy
 th Personal Data About Thousands Stolen from Army Employee
 mputer Week
 cember 18, 2009

ment laptop containing names and personally identifiable information of more
 0 patrons of childcare and recreational facilities at Fort Belvoir in Virginia
  was stolen on Nov. 28.
 with: Cybersecurity, Privacy
 TOs Want Government to Lead on Identity, Standards
 nt Computer News
 December 10, 2009

e interests and concerns of the leading software-makers: Creating the next
 of innovators; making sure the right incentives for intellectual property
 are in place to foster innovation; figuring out how the IT industry can help
 S. economy out of the recession; and determining the extent to which the
vernment should engage in those issues.
 with: IDManagement, Privacy, Standards
Outlines Privacy Changes
t Journal
y, December 9, 2009

said Wednesday that its previously announced privacy changes, which it said
ay with some settings and simplify others, will start rolling out today.
 with: IDManagement, InfoSharing, Privacy, Web20
s On Online Privacy
 t Journal
December 7, 2009

vacy, or the lack of it, was center stage at the FTC Monday.
 with: Cybersecurity, Privacy
eal Electronic Data From Top Climate Research Center
ngton Post
November 21, 2009

 oke into the electronic files of one of the world's foremost climate research
s week and posted an array of e-mails in which prominent scientists engaged
discussion of global warming research and disparaged climate-change

 with: Cybersecurity, Privacy
 Data on 103,000 Va. Adult Ed Students Misplaced
 ngton Post
 October 15, 2009

 ve containing the personal information of more than 103,000 former adult
 students in Virginia was misplaced last month, state education officials
  with: Cybersecurity, Privacy
bama Close to Appointing White House Cybersecurity Chief
y, September 9, 2009

 three months after establishing a new White House office for cybersecurity,
Barack Obama may finally be close to appointing someone to head the office.
 with: Cybersecurity, Governance, IDManagement, Privacy
 al Fails, Another Pending Today for E-Verify
  mputer Week
  eptember 8, 2009

Chamber of Commerce and other plaintiffs have filed another appeal in
 stop the E-Verify rule from going into effect today for federal contractors,
 to a media report.
  with: Cybersecurity, IDManagement, Privacy
urity Boosts Agencies' Use of Wireless Devices
 nt Computer News
August 24, 2009

 olicies and practices overcome concerns about mobile communications.
 with: Cybersecurity, Privacy, Telecommunications, Wireless
 ed a U.N. Cyber Security Council?
 mputer Week
 gust 21, 2009

 attacks that plagued Georgia's online communications infrastructure in
 08 have prompted some observers to call for an international body to deal
  with: Cybersecurity, Governance, Privacy, Strategy
 tles with Web 2.0
 mputer Week
August 10, 2009

 ew to tackle security, privacy concerns.
 with: Cybersecurity, InfoSharing, Privacy, Strategy, Web20
Gov't Cookie Policy Change Prompts Concerns
August 10, 2009

l change in the U.S. government's policy that would permit the broad use of
 es on government sites could "allow the mass collection of personal
n," according to the American Civil Liberties Union.
 with: Privacy, RM, Strategy
each Revives Cloud Security Fears
August 10, 2009

h of a hosted Google Apps application used by Twitter employees has
  concerns over the security of cloud computing systems.
 with: Cybersecurity, GreenIT, InfoSharing, Privacy, Web20
xperts Scramble to Decipher Twitter Attack
gust 7, 2009

nalysts scrambled to find a motive behind the distributed denial-of-service
t brought down Twitter for several hours, and also hit Facebook, Google and
 with: Cybersecurity, InfoSharing, Privacy, Web20
an Twitter, MySpace, Facebook
August 3, 2009

Marine Corps has banned Twitter, Facebook, MySpace and other social media
its networks, effective immediately.
 with: Cybersecurity, Governance, InfoSharing, Privacy, Standards, Strategy,
unications, Web20, Workforce
Could Add Biometrics
 mputer Week
 y 31, 2009

es Schumer (D-N.Y.) has begun laying the groundwork for adding a
— most likely a fingerprint — to the E-Verify federal employment
n system
 with: Cybersecurity, Privacy, RM
isks Evolve Alongside Social Media
 mputer Week
y 24, 2009
and Twitter make it possible for government agencies to communicate and
th the public in ways not possible just two years ago. But these social media
create new types of security risks that agencies must anticipate and plan for.
 with: Cybersecurity, Privacy, Web20
 Bill That Would Increase Cybersecurity Oversight
mputer Week
July 23, 2009

ommittee has approved a bill that would require the president to notify
 bout existing and new cybersecurity programs that involve personally
e information.
 with: Cybersecurity, Privacy
to Debate Over Real ID, PASS ID
mputer Week
y, July 15, 2009

 a new driver's license security program say the current Real ID program's
equirements are unnecessary and won't work for states.
with: Cybersecurity, Privacy
weep up More Data on Employees, Contractors
 mputer Week
y, July 1, 2009

tment of Homeland Security says it is expanding the types of personal
n it will collect on employees and contractors who require long-term access.
with: Cybersecurity, Privacy
ks Biometrics in DHS 2010 Spending Bill
mputer Week
June 25, 2009

 endorsed a spending increase on DHS' largest biometrics program in the
 spending bill it has passed.
 with: Cybersecurity, IDManagement, Privacy
ernment Initiative May Increase Security Woes
 mputer Week
une 23, 2009

a administration's Open Government Initiative to make government
n more accessible could lead to the inadvertent exposure of sensitive data.
with: Cybersecurity, InfoSharing, Privacy, Web20
es Identity Management RFI
y, June 17, 2009

ts to learn more about emerging access control technologies that can simplify
nt and interoperability.
with: Cybersecurity, IDManagement, Privacy
ernment Could Lead to Data Leaks
une 15, 2009

a administration's goal of making government data more open and accessible
g the need for standardized data classification and information management
s across federal agencies, security experts say.
 with: Cybersecurity, InfoSharing, KM, Privacy
nformation Protection Remains Tough
mputer Week
une 15, 2009

nment is exploring policy and technology solutions to improve the way it
sitive but unclassified terrorism-related information with state, local and
 with: Cybersecurity, InfoSharing, Privacy
o Handheld Security
mputer Week
une 15, 2009

of handheld devices in government has vastly expanded during the past eight
ave the security risks. Agencies need to know the risks and take steps to
sitive data and communications.
with: Cybersecurity, InfoSharing, Privacy, Telecommunications, Wireless
Push to Open Government Elevates Risk of Data Leaks
une 8, 2009

a Administration's push to make government data more open and easily
is elevating the need for standardized data classification and information
nt approaches across federal agencies, security experts say.
with: Cybersecurity, InfoSharing, Privacy, Web20
 ory Panel Calls for New Privacy Rules
 y 29, 2009
l government needs to rewrite the rules it has been using for 35 years to
use of personal data by focusing on new technologies for storing and
data, a government advisory board recommended.
with: Cybersecurity, Privacy
rive Had no Original Clinton Records, says National Archives
y, May 20, 2009

l Clinton administration records were stored on an external hard drive
the U.S. National Archives and Recording Administration (NARA), the
d this afternoon.
with: Cybersecurity, Privacy, RM
ffers Data Breach
 mputer Week
y, May 20, 2009

nal Archives and Records Administration is missing an external hard drive
ersonally identifiable information of some Clinton administration officials
 House visitors.
 with: Cybersecurity, Privacy, RM
n-Sharing Platform Hacked
mputer Week
y, May 13, 2009

icial confirmed that the department's platform for sharing sensitive but
d information with partner organizations was recently hacked.
with: Cybersecurity, Privacy
mands $10M Ransom for Data
mputer Week
May 7, 2009

nd state authorities are investigating a case in which a hacker wants $10
 the return of sensitive information, according to media reports.
 with: Cybersecurity, IDManagement, InfoSharing, Privacy
D Present Privacy Risks?
 mputer Week
May 5, 2009

acy advocates are concerned that thieves could steal information from RFID-
edentials, but others say the fears are overblown.
 with: Cybersecurity, Privacy, Spectrum, Wireless
ases Guidance on Securing Electronic Health Data
 mputer Week
April 20, 2009

ment issues guidelines on encryption and destruction to protect sensitive
ealth records.
 with: Cybersecurity, Privacy
 to Explore Social-Media Privacy
 mputer Week
April 20, 2009

land Security Department's Privacy Office will hold a conference to explore
 vernment's use of social media affects privacy.
with: Cybersecurity, Privacy, Web20
Corporate Social Media on Network Security
March 12, 2009

 ncreasingly communicative world, businesses face a dilemma. They have to
 o be more engaging and communicate more directly to their customers and
 while retaining close control of sensitive information.
 with: Privacy, Web20

To top