Amid a shift to telework due to the COVID-19 pandemic, the U.S. Air Force (USAF) is urging its Reserve Citizen Airmen to stay laser focused on Personally Identifiable Information (PII) breach reduction while working from home.
“All Reserve Citizen Airmen, including civilians, must be especially vigilant while handling and disseminating PII, like Social Security numbers, birthdays, marital status, addresses and so on, while teleworking,” USAF said in a statement.
While USAF remains concerned about PII breaches, Karen Frey, Air Force Reserve Command (AFRC) Freedom of Information Act and Privacy manager, said that there has been a downward trend in PII breaches since 2017.
“In 2018, the Air Force implemented a privacy campaign that created new procedures for handling and disseminating digital PII,” Frey said. “One of those procedures was the email prompt requiring users to select FOUO (for official use only) or PII in the email privacy settings. They also required major command-level privacy managers like me to send monthly newsletters out to the wings, educating Airmen on PII breach reduction down at the lowest levels.”
For context, the AFRC said that 32,000 Reserve Citizen Airmen – nearly half the entire AFRC work force – were affected by PII breaches in 2017. Following the privacy campaign and the deployment of an email sniffer that checks emails looking for nine-digit numbers or other identifiers, that number has dropped to just over 2,000 this year.
AFRC has also identified its remaining pain point in further dropping PII breaches – personnel who cannot send or receive encrypted emails.
“After Outlook detects potential PII, it suggests encrypting it,” Frey explained. In instances where a breach is happening, “the member will then unselect it because they can’t send it encrypted for whatever reason, and that is a problem. Depending on the nature of the breach and the total number of personnel affected, it may have to be routed up to the Air Force Privacy Office, and then to DoD, to be cleared. That can be extremely taxing of time and resources and cause potential problems for all of those affected.”
Despite the drop in PII breaches, Frey urged Airmen to remain vigilant as they telework and ensure they are protecting all digital PII sent on and off the AFRC network.