R 232026Z JUL 07 FM SECNAV WASHINGTON DC TO ALNAV BT UNCLAS ALNAV 057/07 MSGID/GENADMIN/SECNAV WASHINGTON DC/-/JUL// SUBJ/SAFEGUARDING PERSONALLY IDENTIFIABLE INFORMATION (PII) FROM UNAUTHORIZED DISCLOSURE// RMKS/1. I WANT ALL MILITARY AND CIVILIAN PERSONNEL OF THE DEPARTMENT OF THE NAVY TO UNDERSTAND THE SERIOUSNESS I PLACE ON THE LOSS OF PERSONALLY IDENTIFIABLE INFORMATION (PII). 2. DURING THE PAST 18 MONTHS, THE DON HAS REPORTED OVER 100 INCIDENTS INVOLVING THE LOSS OF PII, IMPACTING OVER 200,000 NAVY AND MARINE CORPS PERSONNEL, INCLUDING RETIREES, CIVILIANS, AND THEIR DEPENDENTS. THE MOST COMMON CAUSES OF LOSS/COMPROMISE HAVE BEEN THE LOSS OR THEFT OF LAPTOP COMPUTERS, THUMB DRIVES, AND OTHER PORTABLE REMOVABLE MEDIA; MATERIAL BEING ERRONEOUSLY POSTED TO DON WEB SITES; DOCUMENTS BEING MISPLACED OR STOLEN; EMAILS WITH ATTACHMENTS BEING IMPROPERLY FORWARDED; AND DOCUMENTS PLACED INTO RECYCLING AND TRASH BINS PRIOR TO BEING RENDERED UNRECOGNIZABLE (I.E., BEYOND RECONSTRUCTION). THESE LOSSES AND ASSOCIATED POTENTIAL/ACTUAL COMPROMISES ARE COSTLY, TIME CONSUMING, AND INTERFERE WITH THE DEPARTMENT S MISSION. THEY ALSO CREATE UNNECESSARY RISK OF IDENTITY THEFT FOR OUR WARFIGHTERS AND THE DON WORKFORCE AND COULD ADVERSELY IMPACT DON S REPUTATION. 3. OUR SAILORS, MARINES, AND CIVILIANS ENTRUST US WITH PII ROUTINELY, AND IT IS OUR CHARGE TO ENSURE THAT THE SYSTEMS AND PROCESSES WE EMPLOY SAFEGUARD THIS SENSITIVE INFORMATION. UNFORTUNATELY, NUMEROUS NAVAL MESSAGES, MEDIA ATTENTION, AND CHANGES TO POLICY, HAVE HAD ONLY A LIMITED IMPACT ON IMPROVING OUR HANDLING AND SAFEGUARDING OF PII, AND LOSS HAVE CONTINUED. 4. THE CHIEF OF NAVAL OPERATIONS, THE COMMANDANT, AND I ARE REVIEWING INITIATIVES TO IMPROVE CONTROLS OVER PII. WHILE IMPROVEMENTS ARE BEING INSTITUTIONALIZED, ALL OF US MUST TAKE ACTION TO ENSURE WE WORK TO ELIMINATE MISHANDLING OF PII. WE NEED TO BE CONSTANTLY AWARE OF THE NATURE AND IMPORTANCE OF PII, COLLECT ONLY WHAT WE ABSOLUTELY NEED, AND TAKE CARE THAT WE HANDLE, SAFEGUARD, AND DISPOSE OF PII PROPERLY. JUST AS WE DO NOT TOLERATE LOSS OF CLASSIFIED INFORMATION, WE CANNOT TOLERATE THE LOSS OF PII. 5. OVER THE NEXT 12 MONTHS, YOU WILL SEE POLICY CHANGES AIMED AT SHAPING BEHAVIOR AND INSTITUTION CONSISTENT ACCOUNTABILITY. SENIOR LEADERSHIP MUST ENSURE THAT PROPER SAFEGUARDS ARE IN PLACE, AND WHEN EXISTING GUIDANCE IS NOT ENOUGH, TAKE ACTION AS THE SPECIFIC CIRCUMSTANCE DICTATES. WHEN LOSSES DO OCCUR, COMMANDS MUST COMPLY WITH NOTIFICATION PROCEDURES AND ASSIST THOSE INDIVIDUALS AFFECTED BY THE PII LOSS. CERTAIN INSTANCES OF PII LOSS MAY EVEN CALL FOR ADMINISTRATIVE AND/OR DISCIPLINARY ACTION. 6. WE CANNOT CONTROL ALL EVENTS THAT CAUSE THESE INCIDENTS, BUT WE CAN IMPROVE INTERNAL CONTROLS OVER THE HANDLING AND DISPOSAL OF PII, AND BETTER TRAIN AND EDUCATE OUR PEOPLE. AWARENESS AND PARTICIPATION AT ALL LEVELS OF THE CHAIN OF COMMAND MUST OCCUR. SPECIFIC ACTIONS WILL BE DETAILED IN A SUBSEQUENT NAVAL MESSAGE. 7. ADDITIONAL GUIDANCE, AS WELL AS TRAINING AND OTHER PRIVACY RESOURCES, ARE AVAILABLE ON THE NAVY S PRIVACY WEB SITE AT HTTP://PRIVACY.NAVY.MIL. GUIDANCE AND TOOLS ON IMPLEMENTING ENCRYPTION OF DATA AT REST IS ALSO FORTHCOMING. 8. THE DEPARTMENT HAS A PROUD TRADITION AND A SUPERB REPUTATION FOR TAKING CARE OF ITS PEOPLE AND THEIR FAMILIES. I AM CONFIDENT THAT, THROUGH YOUR PERSONAL INVOLVEMENT, WE WILL SUCCEED IN SAFEGUARDING THE PRIVACY INFORMATION OF THE PEOPLE WHO SERVE. WE OWE NO LESS TO OUR DEDICATED PERSONNEL. 9. PRIVACY ACT POINTS OF CONTACT: SECNAV STAFF/DIRECT-REPORTS AND NAVY: MS. DORIS LAMA, COMM: 202-685-6545, DSN: 325-6545 OR DORIS.LAMA@NAVY.MIL. USMC: MS. TERESA ROSS, COMM: 703-614-4008, DSN: 224-4008 OR TERESA.D.ROSS@USMC.MIL. DON CIO: STEVE MUCK, COMM: 703- 602-4412 OR STEVEN.MUCK@NAVY.MIL. 10. RELEASED BY THE HONORABLE DONALD C. WINTER, SECRETARY OF THE NAVY.// BT NNNN