-->

PII Outline

1. Welcome

2. PII Defined

3. Other Information

4. Minimum Standards

5. Disclosure

6. PII on Paper

7. Electronic PII

8. Transmission

9. Closing the Loop

10. Review

11. Credit

 

 

Are you sure?

You've elected to skip the training because you're absolutely sure you don't work with or help protect PII in your job.

If your job responsibilities ever change, make sure you come back here to complete this training.

You will still be given credit, but you'll miss all the stuff about what your responsibilities are if you touch PII.

If you clicked here in error, RETURN to the regular training.

 

Breach Reporting:

Even if you never handle PII, it's possible you may be the first one to detect an inappropriate disclosure.

It is a requirement to report any suspected or known breaches of PII as quickly as possible to cppm@lbl.gov . Do not provide significant details in the email. After you report it stop using email to communicate about it. Instead, use the phone and paper to ensure that information about the suspected breach is appropriately managed until the investigation is complete.

Quick reporting helps protect those whose data we have, and also limits the liability of the Lab under California law.

One word about email:

Even people who never process or manage PII may occasionally be sent PII in an email.

What if someone emails me PII?

First, if this is ongoing problem, consult with your management to explore ways to stop or minimize this business practice.

When someone emails you PII (assuming it is information on a single individual), you should take the following steps.

1.Reply by creating a new message, not by using the reply button or the forward button.


2.Add text like the following to your new message: Thank you for contacting us. For your protection, your personally identifiable information has been removed from the message. LBL policy prohibits the transmission of (social security numbers) in email. If you need to send this information to us again in the future, please use fax or telephone (contact information).

3.Record the piece of information (if you need it) either on paper or in an approved business system (HRIS, FMS).

4.Delete the email from your email folders and empty the trash.

If you ever receive a collection of PII in email, consult with the Computer Protection Program for help with cleaning up.

Reminder: Email is never acceptable for the transmission of even one piece of PII.

OK, if you're absolutely sure you don't process or manage PII and you're ready to skip the remainder of the course and get credit, click here. Otherwise, one last chance to return to the regular training.