The document outlines the importance of protecting personally identifiable information (PII) and the measures that must be taken to ensure its confidentiality, as mandated by the Privacy Act of 1974. It specifies what constitutes PII, emphasizes the legal penalties for its mishandling, and provides guidance on best practices for safeguarding such data. Employees and contractors are required to comply with these regulations to prevent identity theft and maintain public trust in governmental data protection.

1. Protecting PII
 Ensure that all personal data is
properly marked “OFFICIAL USE
ONLY” or “PRIVACY ACT DATA”.
 Immediately report any loss or
suspected loss to Cyber Security.
 Lock up PII records, notes, or
materials that may contain
personal data.
 Log off or turn off your computer
whenever you leave your desk
 Determine the need-to-know prior
to disclosing PII.
 Always encrypt (Entrust) personal
data sent by e-mail.
 Destroy by approved methods
(shredder) when personal data is
not required to be retained.
 Be conscious of your surroundings
when discussing PII
Privacy Act
The Privacy Act of 1974 (5 U.S.C. 552a)
establishes controls over what personal
information is collected and maintained
by the Executive Branch and how the
information is used.
“All DOE employees and contractors are
subject to the Privacy Act and must comply
with its provisions. Non-compliance with the
Privacy Act carries criminal and civil
penalties.”
WEMS Security presents…
It’s personal and private
The information
that we are
protecting is
personal and
should be
considered
private. The
loss of PII can
lead to
identity theft or result in adverse
actions being taken against the
employee who loses PII and
ultimately erode confidence in
the Government’s ability to
protect personal information.
Avoid unauthorized disclosures
and report any confirmed or
suspected breaches or misuse
of PII immediately to Cyber
Security at 740-897-3338 or
740-897-3853.
If you have any questions concerning
PII contact WEMS Security at
740-897-3853 or 740-897-2604
Protecting
Personally
Identifiable
Information

2. What is PII?
DOE Order 206.1, Department of Energy
Privacy Program, defines PII as any
information collected or maintained by the
Department about an individual, including
but not limited to, education, financial
transactions, medical history and criminal
or employment history, and information that
can be used to distinguish or trace an
individual’s identity, such as his/her name,
Social Security number, date and place of
birth, mother’s maiden name, biometric
data, and including any other personal
information that is linked or linkable to a
specific individual.
Penalties for Violating the
Privacy Act
 A misdemeanor criminal charge
◦ $5000 for each offense
 Courts may also award civil
penalties
 Loss of employment
DOE Working Examples of PII (what is and what isn’t PII)
WHAT IS PII:
1. Social Security Numbers in any form are PII (includes using just the last four digits)
2. Place of birth associated to an individual
3. Date of birth associated with an individual
4. Mother's maiden name associated with an individual
5. Biometric record associated with an individual
a. Fingerprint
b. Iris scan
c. DNA
6. Medical history information associated with an individual
a. Medical conditions, including history of disease
b. Metric information, e.g., weight, height, blood pressure
7. Criminal history associated with an individual
8. Employment history and other employment information associated with an individual
a. Ratings
b. Disciplinary actions
c. Performance elements and standards (or work expectations) when they are so intertwined with
performance appraisals that their disclosure would reveal an individual's performance appraisal
9. Financial information associated with an individual
a. Credit card numbers
b. Bank account numbers
10. Security clearance history or related info (not including actual clearances held)
WHAT ISN'T PII:
1. Phone numbers (work, home, cell)
2. Street addresses (work and personal)
3. Email addresses (work or personal)
4. Digital pictures
5. Birthday cards or birthday emails
7. Medical information pertaining to work status (X is out sick today)
8. Employment information that is not PII even when associated with a name
a. Resumes, unless it includes SSN
b. Present and past position titles and occupational series
c. Present and past grades
d. Present and past annual salary rates (including performance awards or bonuses, incentive awards,
merit pay amount, Meritorious or Distinguished Executive Ranks, and allowances and differentials)
e. Present and past duty stations and organization of assignment (includes room and phone numbers,
shop designations, work e-mail address, or other identifying information regarding buildings or places