AMC takes PII breaches seriously

by Master Sgt. Kimberly Spinner
Air Mobility Command

11/21/2013 - SCOTT AIR FORCE BASE, Ill.  -- Recently, 42 Air Mobility Command personnel suffered the consequences of incorrectly storing or transmitting personally identifiable information over the Air Force Network.

"All Airmen are responsible for the safe storage and transmittal of PII," said Gen. Paul Selva, Air Mobility Command commander. "These latest breaches have the potential to significantly impact our Airmen personally and professionally and ultimately our mission."

A PII breach is a loss of control, compromise, unauthorized disclosure, acquisition or access where persons other than authorized users have access or potential access to physical or electronic PII.

Those who inappropriately store and transmit personally identifiable information over the Air Force network are now, at a minimum, locked out of their AFNET accounts until information protection training is re-accomplished.

"Beginning Oct. 24, we began locking out the AFNET account of individuals who were found to be inappropriately transmitting PII data via the AFNET," explained Maj. Gen. J. Kevin McLaughlin, 24th Air Force and Air Forces Cyber commander." A violator's account will only be unlocked once the first O-6 in their chain of command certifies that the individual has accomplished all necessary actions, to include remedial training."

PII can include but is not limited to information such as a name, address, social security number, medical record, financial record, or any other data that can be used directly to identify, contact or locate a person.

"Protecting our fellow Airmen's PII is critical to our mobility mission and our Air Force," said Selva. "It takes just one distracted Airman who's had their personal information compromised to potentially jeopardize a mission."

The Privacy Act authorizes both civil and criminal penalties for individual violations of the statute. In addition, a PII violation of AFI 33-332 could result in administrative action, nonjudicial punishment or court-martial under Article 92 of the Uniform Code of Military Justice.

Installation privacy managers and the appointed inquiry official will conduct a legal review with the installation judge advocate general to determine if disciplinary action or a further criminal investigation is warranted. Ultimately, disciplinary actions are at the discretion of the unit commander where the breach occurred.

To avoid a breach, items such as performance reports, rosters, orders, or travel vouchers should not be stored in an area that could result in loss or theft of the information. Do not place PII on public websites or SharePoint. All emails that containing PII must be encrypted and include the FOUO statement. And finally, emails containing PII should not be sent to non .mil email accounts.

Protect PII and your wingmen.