Reporting Breach of Personally Identifiable Information (PII)

Report possible and confirmed breaches of PII IAW TRADOC Reg 1-8, paragraphs 2-2a(43) and 3-1e.

Personal information. Information about an individual that identifies, links, relates, or is unique to, or describes him or her, for example, a social security number (SSN); age; military rank; civilian grade; marital status; race; salary; home/office phone numbers; other demographic, biometric, personnel; medical; and financial information, etc. Such information is also known as PII (that is, information which can be used to distinguish or trace and individual’s identify such their name, SSN, date and place of birth, mother’s maiden name, and biometric records including any other personal information which is linked or linkable to a specified individual). This information can be in hard copy (paper copy files) or electronic format, stored on personal computers, laptops, and personal electronic devices such as blackberries and found within databases. This includes but is not limited to, education records, financial transactions, medical files, criminal records, or employment history.
PII breach. A loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or any similar term referring to situations where persons other than authorized users and for an other than authorized purpose have access or potential access to personally identifiable information, whether physical or electronic. This includes, but it not limited to, posting PII on public-facing websites; sending via e-mail to unauthorized recipients; providing hard copies to individuals without a need to know; loss of electronic devices or media storing PII (for example, laptops, thumb drives, compact discs, etc.); use by employees for unofficial business; and all other unauthorized access to PII.