Identity theft can be a real horror Published April 8, 2010 By Col. Paul R. Hardy 95th Communications Group EDWARDS AIR FORCE BASE, Calif. -- By now you are familiar with the horror stories, either personally or through the news, of the impact of identity theft. With the proliferation of electronic records in every aspect of our lives, it is becoming more difficult to escape the risk of exposing ourselves to this type of crime. The impact can be devastating and last for years. Therefore, I'm asking each of you to be diligent in keeping personal identifying information and Privacy Act information protected against unnecessary exposure. You can do this by ensuring proper security controls are in place to limit access to only those with an official need to know in the performance of their official duties. The following are a few ways you can better protect this vital information: *When posting PII or PA information to any share drive or information sharing network, ensure: - the documents are marked and safeguarded as FOUO pursuant to DoDR 5200.1/AFI 31-401 Information Security - Folder is encrypted and or password protected - Access is validated to ensure security controls are implemented and tested to limit access to those with an official need to know in the performance of their official duties *When posting other information to a share drive or information sharing network ensure: - the documents are moved to your official electronic files management systems (Consult your Functional Area Records Manager/Responsibility Center) - review stored records periodically to determine if the documents are still required. If not, delete them - records are official in nature (not championship office pools) (For more information, review AFI 33-322, Records Management Program, AFI 33-332, Air Force Privacy Act Program, and DoDR 5400.11, DoD Privacy Act Program.) *In summary, consider the consequences of poor management of data you store electronically and that you use the following guidelines to keep your focus on doing the right thing: - take privacy protection seriously; ask yourself, "If I do this, will I increase the risk of unauthorized access?" - respect the privacy of others - do not place PII information on shared drives, multi-access calendars, or Intranet or Internet that individuals without an official need-to-know can access - do not keep copies of personnel records (e.g., financial, investigative, medical, adverse actions, etc.) unless they are the official record or a copy is required to perform official duties Colleagues trust you, as you trust them, with personal information. Handle personal information with care. The theft and misuse of any information can spell disaster; personally and professionally. Personally, information carelessly handled, or in the wrong hands, can result in financial ruin and weeks, possibly months of lost work time spent trying to correct errors caused by carelessly handled personal information. Professionally, a career can be jeopardized, and possibly terminated, due to negative information in one's credit report/s. As background checks and security clearance investigations include checking an applicant's credit history, negative entries can cause an applicant to be denied a security clearance, thus preventing them from filling a specific job that requires a security clearance. Protecting personal information, and adhering to the Privacy Act, is everyone's responsibility. The mishandling, and theft of that information, is a recipe for disaster. Handle all information with care; as if national security depends on it, and it does. We are Team Edwards, and safeguarding PII is everyone's responsibility. If you have doubts about sharing data, consult with your supervisor, your records professionals, your information security manager, or the Edwards Privacy office at 7-3015 to get guidance or clarification.