Coastal International Security, Inc.

1
Coastal International Security, Inc.

• Safeguarding of Personally Identifiable
  Information (PII)
• Policies Procedures

2
Safeguarding of PII

• Objective
• Provide Info to prevent theft, loss or breach of
  data
• Provide training to the Coastal Staff Managers
• Discuss Policies Procedures

3
Safeguarding of PII Data

• Following topics are relevant to
• Safeguarding
• Promulgation, Definitions, Responsibilities
• Training Plan
• Methods/Policy
• Risk Analysis
• Reviews
• Initial
• Annual
• Incident Reporting

4
Safeguarding of PII Data

• Introduction
• Secretary of Defense Admin Mgt Office has
  issued directive that outlines policies
  procedures for safeguarding of PII Data
• Includes Federal Government contractors
• A copy of Coastals Policy Manual (Appendix A)
  applies
• Work environment information to be safeguarded
• What are the protective methods?
• Disclosure of Info
• See Coastal Disclosure Plan
• We have a responsibility to our employees to
  ensure PII
• data is not breached or compromised!

5
Safeguarding of PII Data

• Body
• Definitions
• PII Data
• Breach of compromise
• Training
• Orientation
• Specialized
• FSOs
• DSS
• DoD Security Systems
• HR (to include E-Verify, WinTeam, etc.)
• Management
• Initial Refresher

6
Safeguarding of PII Data

• Data that requires protection and protection
• methods
• Background checks before access to Coastal data
• Password protection for documents
• Personnel files under lock and key
• Offices locked at all times
• DO NOT share passwords for WinTeam, Outlook,
  E-Verify, etc.
• Disclosure see Coastal Disclosure Plan

7
Safeguarding of PII Data

• Reviews
• Conducted at all sites
• Review of HR corporate personnel files
• Conduct Initial and Annual Reviews while using
  Form at Appendix E of Plan
• Regional or QA Mgr is to conduct ad hoc reviews
• Submit through change of command

8
Safeguarding of PII Data

• Risk Analysis when breach occurs
• Use Appendix F
• Five factors to consider
• Nature of Data Elements breached
• Number of individuals affected
• Likelihood info is Accessible and Usable
• Likelihood Breach May Lead to Harm
• Ability of CIS to Mitigate Risk of Harm

9
Safeguarding of PII Data

• Incident Reporting
• External
• Internal
• Reporting Form
• Appendix G
• Requirements

10
Safeguarding of PII Data

• Conclusions
• Provide best protection possible
• Maintain accountability
• Conduct your own reviews of your area(s)
• Provide feedback to Corporate staff

11
Safeguarding of PII Data

• Questions Answers