The Navy’s CIO office has posted a reminder regarding responsibilities of Navy civilian and military personnel to protect personal information and to report the actual or suspected loss or compromise of such information.
While security measures have been improved, “the number of incidents where the loss or compromise of personally identifiable information occurs remains unacceptably high”–an average of one reported breach per day–it said.
Breaches of PII “affect all DON personnel, whether military, civilian or support contractor. Eighty percent of all breaches are caused by human error. The majority of breaches involve the loss, theft or compromise of SSNs [Social Security Numbers]. And while identity fraud linked to the loss of DON information remains low, the number of PII breaches must be reduced.”
The notice stresses that all personnel are responsible to protect such information and to immediately report any actual or suspected loss to their supervisor or privacy official. Commands in turn must have persons designated for reporting to higher authorities within one hour; a command also may initiate an investigation and where appropriate the Naval Criminal Investigative Service may pursue a criminal investigation.
The posting also describes further steps to be taken by the CIO’s office, including notification of affected persons and providing identity theft protection services if required. “If such services are provided, the accountable command is responsible for all costs incurred,” it adds.