Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either target or indirect means. Further, PII is defined as information : ( one ) that immediately identifies an individual ( for example, name, address, social security number or early identify numeral or code, call phone number, electronic mail address, etc. ) or ( two ) by which an agency intends to identify specific individuals in junction with other data elements, i.e., indirect recognition. ( These data elements may include a combination of gender, subspecies, birth date, geographic indicator, and other descriptors ). additionally, information permitting the physical or on-line touch of a particular individual is the like as personally identifiable information. This information can be maintained in either composition, electronic or other media .
Department of Labor ( DOL ) contractors are reminded that safeguarding sensitive information is a critical responsibility that must be taken badly at all times. DOL inner policy specifies the follow security policies for the protection of PII and other sensitive data :
- It is the responsibility of the individual user to protect data to which they have access. Users must adhere to the rules of behavior defined in applicable Systems Security Plans, DOL and agency guidance.
- DOL contractors having access to personal information shall respect the confidentiality of such information, and refrain from any conduct that would indicate a careless or negligent attitude toward such information. Contract employees also shall avoid office gossip and should not permit any unauthorized viewing of records contained in a DOL system of records. Only individuals who have a “need to know” in their official capacity shall have access to such systems of records.
The passing of PII can result in hearty damage to individuals, including identity larceny or early deceitful manipulation of the information. Because DOL employees and contractors may have access to personal identifiable information concerning individuals and other sensitive data, we have a special duty to protect that information from personnel casualty and pervert.
With these responsibilities contractors should ensure that their employees :
- Safeguard DOL information to which their employees have access at all times.
- Obtain DOL management’s written approval prior to taking any DOL sensitive information away from the office. The DOL manager’s approval must identify the business necessity for removing such information from the DOL facility.
- When approval is granted to take sensitive information away from the office, the employee must adhere to the security policies described above.
Contractors should ensure their sign employees are mindful of their responsibilities regarding the protection of PII at the Department of Labor. In addition to the predate, if shrink employees become mindful of a larceny or loss of PII, they are required to immediately inform their DOL shrink coach. In the event their DOL contract coach is not available, they are to immediately report the larceny or personnel casualty to the DOL Computer Security Incident Response Capability ( CSIRC ) team at dolcsirc @ dol.gov .