U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

  1. Home
  2. Opog

Was this page helpful?

Breach Response

Reporting PII Incidents

  • Upon discovery/detection, immediately report a suspected or confirmed PII breach incident to your supervisor/Contract Officer's Representative (COR) and Bureau/Operating Unit (BOU) Computer Incident Response Team (CIRT).
  • Provide details of the PII breach incident.
  • Maintain or document information and/or actions relevant to the PII breach incident.
  • Complete corrective/remedial actions, if appropriate.
  • Chief Privacy Officer (CPO) and BOU CIRT Reporting Offices

Personally Identifiable Information

Personally identifiable information (PII) is information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual.  Because there are many different types of information that can be used to distinguish or trace an individual’s identity, the term PII is necessarily broad.

Determining whether information is PII requires an assessment of the specific risk that an individual can be identified using the information with other information that is linked or linkable to the individual. In performing this assessment, it is important to recognize that information that is not PII can become PII whenever additional information becomes available – in any medium and from any source – that would make it possible to identify an individual.

Employee/Contractor Responsibilities

A Department of Commerce employee/contractor is responsible and accountable for:

  • Knowing what constitutes PII.
  • Handling and protecting PII.
  • Following Federal laws, rules, regulations, and Departmental privacy policy regarding PII.
  • Recognizing a PII breach incident and immediately reporting it upon discovery/detection.
  • Successfully completing training relative to safeguarding PII.

Ways to Protect PII

  • Use secure methodologies to electronically transmit PII information.
  • Encrypt PII on mobile computers, media, and other devices.
  • Lock or log off of unattended computer systems.
  • Destroy paper PII by shredding or using burn bags.
  • Delete PII by emptying electronic "recycle bin".
  • Store PII on Federal Government systems only.
  • Secure PII data properly while away from your desk or at the end of the day.

    Brochure

    PII Breach Incident Reporting Brochure

    Breach Notification Plan

    Privacy Act (PA), PII and BII Breach Notification Plan