PII
Your organization has a new requirement for annual security training. To track trainin
completion, they are using employee social security numbers as record identification.
Are they compliant or non-compliant? – answer non-compliant
Your coworker was teleworking when the agency email system shut down. She had an
urgent deadline so sent you an encrypted set of records containing PII from her
personal email account. Compliant or non? – answer Non-compliant
You are reviewing personnel records containing PII when you notice a record with
missing information. You contact the individual to update the personnel record.
Compliant or non? - answer Compliant
Must report breach 1 hour to US-CERT, 24 hours to Component Privacy Office, 48
hours to the Defense Privacy, Civil Liberties & transparency division – answer DoD
5400.11-R
Organizations can incur what type of PII penalties? - answer Civil
What type of penalties can individuals incur for PII breach? - answer Criminal
T/F phishing is responsible for most of the recent PII breaches? - answer True
T/F Following a breach, organizations must issue a breach notification. - answer True
If you discover PII on the web, immediately close your browser & delete all information
regarding the URL - answerFalse
Organizations can incur civil penalties for failing to uphold their PII responsibilities. -
answerTrue
Individuals are immune to criminal penalities, even if they fail to uphold their PII
responsibilities. - answerFalse
Which type of safeguarding measure involves restricting PII access to people with a
need to know - answerAdministrative
Which law establishes the federal government's legal responsibility for safeguarding
PII? - answerThe privacy act of 1974
Your organization has a new requirement for annual security training. To track trainin
completion, they are using employee social security numbers as record identification.
Are they compliant or non-compliant? – answer non-compliant
Your coworker was teleworking when the agency email system shut down. She had an
urgent deadline so sent you an encrypted set of records containing PII from her
personal email account. Compliant or non? – answer Non-compliant
You are reviewing personnel records containing PII when you notice a record with
missing information. You contact the individual to update the personnel record.
Compliant or non? - answer Compliant
Must report breach 1 hour to US-CERT, 24 hours to Component Privacy Office, 48
hours to the Defense Privacy, Civil Liberties & transparency division – answer DoD
5400.11-R
Organizations can incur what type of PII penalties? - answer Civil
What type of penalties can individuals incur for PII breach? - answer Criminal
T/F phishing is responsible for most of the recent PII breaches? - answer True
T/F Following a breach, organizations must issue a breach notification. - answer True
If you discover PII on the web, immediately close your browser & delete all information
regarding the URL - answerFalse
Organizations can incur civil penalties for failing to uphold their PII responsibilities. -
answerTrue
Individuals are immune to criminal penalities, even if they fail to uphold their PII
responsibilities. - answerFalse
Which type of safeguarding measure involves restricting PII access to people with a
need to know - answerAdministrative
Which law establishes the federal government's legal responsibility for safeguarding
PII? - answerThe privacy act of 1974
