While policy changes are underway to help prevent loss of personally identifiable information held by the Navy, the human element is not being overlooked, according to a blog posting on that agency’s CIO site.
“Because most DON breaches are caused by simple human error or failure to follow policy, we have increased significantly our training and awareness efforts. This includes updating and refining the annual privacy training course,” it said.
The required training can now be accessed via a PII awareness app, and information is posted at the Navy CIO site and others.
The post further said that the unauthorized disclosure of Social Security numbers are responsible for approximately 80 percent of all “high risk” PII breaches that could cause harm to the affected individual. The Navy has responded by removing those numbers from its forms, official letters and certain other documents.
Other steps the Navy has taken or is in the process of taking, it said, include hardening laptops containing PII with “data at rest” encryption; eliminating the use of thumb drives; limiting the situations in which PII is sent via fax; and implementing a hard drive destruction program for discarded computers and storage devices.
