Personally Identifiable Information: Difference between revisions

From CAPipedia
No edit summary
No edit summary
Line 9: Line 9:


=== Responsibilities ===
=== Responsibilities ===
==== Commanders/Directors ====
==== a. Commanders/Directors ====
# Only require the collection of personal information that is absolutely necessary to conduct CAP business (see paragraph 3a below).
# Only require the collection of personal information that is absolutely necessary to conduct CAP business (see paragraph 3a below).
# Ensure that all personnel within their area of responsibility understand the need to protect PII.
# Ensure that all personnel within their area of responsibility understand the need to protect PII.
==== Members ====
==== b. Members ====
# Protect PII that has come into their possession during the normal conduct of CAP business IAW paragraph 3b below.
# Protect PII that has come into their possession during the normal conduct of CAP business IAW paragraph 3b below.

Revision as of 18:40, 14 August 2018

Personally Identifiable Information (PII)

CAP Regulation 1-2

This regulation defines rules for protecting Personally Identifiable Information (PII), collected, generated, or maintained by Civil Air Patrol (CAP), from unauthorized disclosure and emphasizes the role of CAP users in ensuring that the appropriate physical and technical safeguards are in place to protect all CAP systems (both hard copy and electronic) that contain PII. This regulation applies to all CAP members.

General

Personally identifiable information (PII) is CAP confidential information about an individual that can be used to distinguish or trace that individual’s identity. Examples of PII include, but are not limited to, social security number; age; marital status; race; date and place of birth; telephone numbers; other demographic, medical history, personal, medical and financial information. Unauthorized access to the PII of members/employees must be prevented to the maximum extent possible. PII shall only be made available to those individuals who have a specific need to have such information and shall be provided for official CAP business only.

Responsibilities

a. Commanders/Directors

  1. Only require the collection of personal information that is absolutely necessary to conduct CAP business (see paragraph 3a below).
  2. Ensure that all personnel within their area of responsibility understand the need to protect PII.

b. Members

  1. Protect PII that has come into their possession during the normal conduct of CAP business IAW paragraph 3b below.