Identifying and Safeguarding PII DS-IF101.06

0.0(0)
studied byStudied by 2 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/15

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

16 Terms

1
New cards

True or false? An individual whose PII has been stolen is susceptible to identity theft, fraud, and other damage.

***True
False

2
New cards

True or false? Information that has been combined with other information to link solely to an individual is considered PII.

***True
False

3
New cards

True or false? A System of Records Notice (SORN) is not required if an organization determines that PII will be stored using a system of records.

***True
False

4
New cards

What law establishes the public's right to access federal government information?

DoD 5400.11-R: DoD Privacy Program
OMB Memorandum M-17-12: Preparing for and Responding to a Breach of Personally Identifiable Information
The Privacy Act of 1974
***The Freedom of Information Act (FOIA)

5
New cards

Which action requires an organization to carry out a Privacy Impact Assessment?

Storing paper-based records
Collecting any CUI, including but not limited to PII
***Collecting PII to store in a new information system
Collecting PII to store in a National Security System

6
New cards

An organization with an existing system of records decides to start using PII for a new purpose outside the "routine use" defined in the System of Records Notice (SORN). Is this a permitted use?

Yes
***No

7
New cards

Which of the following are examples of PII?

***Social Security Number (SSN)
***Driver's License Number
***Fingerprint
First Pet's Name

8
New cards

Identify each law or regulation

This regulation governs the DoD Privacy Program. - DoD 5400.11-R: DoD Privacy Program
This law establishes the public's right to access federal government information. - FOIA
This guidance identifies federal information security controls. - OMB M-17-12
This law establishes the federal government's legal responsibility for safeguarding PII. - Privacy Act of 1974

9
New cards

The individual to whom the record pertains has submitted a written request for the information in question.

***This use/disclosure is authorized.
This use/disclosure is NOT authorized.

10
New cards

Your organization seeks to use the record for a routine use, as defined in the SORN.

***This use/disclosure is authorized.
This use/disclosure is NOT authorized.

11
New cards

Your organization is using existing records for a new purpose and has not yet published a SORN.

This use/disclosure is authorized.
***This use/disclosure is NOT authorized.

12
New cards

Which of the following is responsibile for most of the recent PII data breaches?

Physical breaking and entry
***Phishing
Insider Threat
Reconstruction of improperly disposed documents

13
New cards

Within what timeframe must DoD organizations report PII breaches to the United States Computer Emergency Readiness Team (US-CERT) once discovered?

24 hours
48 hours
***1 hour
12 hours

14
New cards

Your organization has a new requirement for annual security training. To track training completion, they are using employee Social Security Numbers as record identification. Is this compliant with PII safeguarding procedures?

Yes
***No

15
New cards

Officials or employees who knowingly disclose PII to someone without a need-to-know may be subject to which of the following?

***Criminal penalties
Civil penalties
Both civil and criminal penalties
Neither civil nor criminal penalties

16
New cards

Which of the following is an example of a physical safeguard that individuals can use to protect PII?

Follow the National Archives and Records Administration's (NARA's) guidelines for document disposal
Use cover sheets, the appropriate postal class, and wrapping procedures for transport
Apply appropriate markings to PII documents
***All of the above