So you’ve just learned how to prevent the 4 most common privacy incidents at DHS.
Allow me to reiterate the key points for you to remember, and highlight some new points:
Sharing Sensitive PII: It is important to protect Sensitive PII at all times. Share it only with people who have an official “need to know.”
Emailing to the wrong recipient or personal accounts: Never email Sensitive PII to a personal email account. If you need to work on Sensitive PII off site, use a DHS-approved portable electronic device.
Preventing Compromised Mail: If documents can’t be scanned and encrypted or password-protected, mail them in an opaque envelope or container using First Class, Priority Mail, or a traceable commercial delivery service like UPS, the USPS, or FedEx.
Accessing Sensitive PII while away from the office. The best method is to save the Sensitive PII on an encrypted, DHS-approved portable electronic device such as a laptop, Blackberry, CD, or other removable media.
Lost Media: Do not leave any portable electronic devices in a car. If it is stolen or lost, report it as a lost asset following your component reporting procedures.
Lost Hard Copies: Secure Sensitive PII in a locked desk drawer or file cabinet. When using Sensitive PII, keep it in an area where access is controlled and limited to persons with an official “need to know”. Avoid faxing Sensitive PII, if at all possible.
Posting Sensitive PII to websites and shared drives: Do not post Sensitive PII on the DHS intranet, the Internet (including social networking sites), shared drives, or multi-access calendars that can be accessed by individuals who do not have an official “need to know.”