ROBINS AIR FORCE BASE, Ga. -- For most Reserve Citizen Airmen, partial or full-time telework has become the “new normal” during the COVID-19 pandemic. Since telework poses a slew of potential information security risks, Reserve Command officials are encouraging all members of the Reserve team to stay focused on Personally Identifiable Information breach reduction while working from home.
All Reserve Citizen Airmen, including civilians, must be especially vigilant while handling and disseminating PII, like Social Security numbers, birthdays, marital status, addresses and so on, while teleworking.
Karen Frey, AFRC Freedom of Information Act and Privacy Manager, said that despite the increase in teleworking, there has been a downward trend in PII breaches since 2017.
“In 2018, the Air Force implemented a privacy campaign that created new procedures for handling and disseminating digital PII,” Frey said. “One of those procedures was the email prompt requiring users to select FOUO (for official use only) or PII in the email privacy settings. They also required major command-level privacy managers like me to send monthly newsletters out to the wings, educating Airmen on PII breach reduction down at the lowest levels.”
So far, the campaign, along with an email sniffer that digs through messages looking for nine-digit numbers or other identifiers, has drastically reduced the number of PII breaches.
In 2017, more than 32,000 Reserve Citizen Airmen – nearly half the entire AFRC work force – were affected by PII breaches. With more stringent countermeasures in place, that number has been drastically reduced to just over 2,000 this year.
“The majority of violations we see are from personnel who can’t send or receive encrypted emails,” Frey said. “After Outlook detects potential PII, it suggests encrypting it. The member will then unselect it because they can’t send it encrypted for whatever reason, and that is a problem. Depending on the nature of the breach and the total number of personnel affected, it may have to be routed up to the Air Force Privacy Office, and then to DoD, to be cleared. That can be extremely taxing of time and resources and cause potential problems for all of those affected.”
Even though there is a downward trend in PII breaches, Frey said Airmen must remain vigilant in protecting all digital PII sent on and off the network. That means Airmen who can’t send or receive encrypted emails need to use CAC-required file transfer sites like DoD Safe (formerly AMRDEC SAFE) (CAC Required) to safely encrypt and transmit files between end-to-end users.
Reforming the way we protect all sensitive information, not just digital PII, improves the way we care for our Airmen and their families, and ultimately has a direct impact on operational readiness and mission capabilities, Frey said.
For more information on PII safeguarding techniques, contact your wing privacy manager or visit the Air Force Privacy Act website.