Individuals who inappropriately store and transmit Personally Identifiable Information over the Air Force Network will now have their accounts locked in response to the violation.
“We are taking several steps to improve notification and reporting of PII incidents,” said General William L. Shelton, the Commander of Air Force Space Command. “My intent is to increase awareness within the Air Force as part of my responsibility to ensure the security and defense of the AFNET and its users. †PII violations create both a personal and operational risk for all†of us.”
The 68th Network Warfare Squadron and 352nd Network Warfare Squadron, as the Cyberspace Defense Analysis Weapon System, are actively monitoring the AFNET for PII breaches and violations. When a PII breach is identified, it is reported to the 624th Operations Center and the formal reporting process is initiated.
The 624th OC, as the Cyber Command and Control Mission System Weapon System, then reports the AFNET PII breach to the 24th Air Force Commander, which will result in locking the violator’s AFNET account and notification to the individual’s wing commander.
“Beginning Oct. 24, we began locking out the AFNET account of individuals who were found to be inappropriately transmitting PII data via the AFNET,” explained Major General J. Kevin McLaughlin, the Commander of 24th Air Force and Air Forces Cyber. “A violator’s account will only be unlocked once the first O-6 in their chain of command certifies that the individual has accomplished all necessary actions, to include remedial training.”
These new actions are in addition to, and do not circumvent or replace, the normal Privacy Act notification process which is already in place throughout the Air Force. Air Force Instruction 33-332 governs the PII breach reporting process as well as the consequences for PII violations.
PII is any information about an individual that can be used directly, or in connection with other data, to identify, contact or locate that person and can include such information as: full name, address, Social Security number, medical, educational, financial, legal and employment records.
A PII breach is defined as a loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access or any similar term referring to situations where persons other than authorized users, and for an other than authorized purpose, have access or potential access to PII, whether physical or electronic.
Encrypting PII allows secure transmission. Additional information on protecting PII can be found of the Air Force Portal under the Cyber Threats and Information tab as well as at http://dpclo.defense.gov/privacy/.