PII Training

What is Personally Identifiable Information (PII)?

What DoD Instruction governs the protection of PII within the Department of Defense?

What is the difference between PII and Protected Health Information (PHI)?

Give three examples of stand-alone PII that can identify someone without additional context.

What is 'linked' versus 'linkable' PII?

What federal law requires agencies to safeguard records containing PII and gives individuals the right to access and amend their records?

What is a System of Records Notice (SORN)?

What must you do if you discover a potential PII breach?

What is the DoD reporting timeline for a suspected PII breach to US-CERT?

What encryption standard does DoD require for PII stored on mobile devices and removable media?

How should paper documents containing PII be disposed of?

How should electronic media containing PII be disposed of when no longer needed?

What is a Privacy Impact Assessment (PIA)?

What is the 'minimum necessary' rule regarding PII?

What is social engineering in the context of PII threats?

What is pretexting and how does it threaten PII?

How does phishing target PII?

What is spear phishing and why is it more dangerous than regular phishing?

What are 'tailgating' and 'shoulder surfing' in the context of PII protection?

What role does HIPAA play in DoD PII protection?

What are the HIPAA Privacy Rule's key requirements for PHI?

Can a supervisor access a service member's medical records without consent?

What is the penalty for willful unauthorized disclosure of PII under the Privacy Act?

What are common indicators that an email may be a phishing attempt targeting PII?

What is 'PII confidentiality impact level' and what are the three levels?

Give examples of PII that would be rated 'High' confidentiality impact.

What safeguards should be used when emailing PII?

What is Controlled Unclassified Information (CUI) and how does it relate to PII?

What should you do if you receive a misdirected email containing someone else's PII?

What is the DoD Breach Response Plan requirement?

When must individuals be notified of a PII breach?

What is the role of the Component Senior Official for Privacy (CSOP)?

How does the Freedom of Information Act (FOIA) interact with PII protections?

What are 'Privacy Act Statements' and when are they required?

What is 'data masking' and when should it be used for PII?

What physical safeguards protect PII in an office environment?

What is the 'two-person integrity' rule for handling sensitive PII?

How should PII be handled when teleworking?

What is the difference between a PII 'incident' and a PII 'breach'?

What should a PII breach notification letter to affected individuals include?