OCR of the Document

View the Document >>

Louis F. Giles, Assistant Director for Policy and Records, National Security Agency, EXECMessage-151, "Protection of PII on NSA/CSS Information Systems - Recent Incidents Highlight Concerns," November 26, 2006. Unclassified/For Official Use Only

Posted on November 26 2006 U EXECMessage-151 Protection of PH on NSA CSS Information Systems Recent Incidents Highlight Concerns Distribution Senior Executive Message to the Workforce POC Anne E HmI ____ b 3 -P L 86-36 U POUS Senior Executive Message from Louis F Giles Associate Director for Policy and Records U JFOU In an Agencyall message dated 7 June 2006 b 3 -P L 86-36 we informed you of the importance of protecting privacy information on Agency infonnation systems This is to inform you that there have recently been several incidents in which the names and social security numbers of NSA CSS personnel have been made accessible on classified and unclassified systems in violation of the Privacy Act and NSA CSS Policy 1-22 Protecting Privacy on NSA CSS Electronic Information Systems Files containing information such as names and social security numbers were placed in public domains rather than private domains and did not have the proper access controls in place leaving them accessible to the NSA CSS workforce not just those who might need the information for their official duties Fortunately there is no indication that the information was used inappropriately Nevertheless these incidents highlight the importance of careful adherence to the laws and policies requiring that we protect personal information against unauthorized disclosure U Personally Identifiable Information PII includes but is not limited to social security numbers date and place of birth medical information education employment history and financial transactions The compromise of this information can result in substantial harm embarrassment and inconvenience to individuals and may lead to identity theft or other fraudulent use of the information All Agency employees contractors and military assignees are responsible to ensure that PII is properly safeguarded from unauthorized access U Personal information residing on NSA Electronic Information Systems to include both the classified and unclassified systems --- - -- - - ---- - - - - pproved 1 of2 for Release by NSA on 08-22-2016 FOIA Case# 56155 1200s 2 s4 PM b 3 -P L 86-36 must have the proper access controls in place to ensure that only those individuals who have a need to know the information in order to perform their official duties can access those files folders See Policy 1-22 for additional information on protecting personal information on NSA CSS information systems b 3 -P L 86-36 U i'f OU As noted above we have no evidence that the information was improperly used However we will be providing individual notifications to personnel whose information was involved in these incidents along with information describing protective action they can take to mitigate the chance of identity theft Thank you for your cooperation in helping us ensure compliance with these policies and avoid any future incidents of this type For any privacy questions or concerns you may contact the Privacy Advocate Anne Hill aehill@nsa at 963-5827 Louis F Giles Associate Director for Policy and Records 2 of2 6 13 2008 2 54 PM