Personally Identifiable Information (PII) & Data Collection

Do you collect contact form data? If so, are you aware that much of that content could possibly be considered personally identifiable information (PII)?  This guide will help navigate PII and Army Regulations and policies.

General Data Collection SOP

All data collected must not to be of a sensitive nature, or facilitate the gathering of Personally Identifiable Information (PII).  Some kinds of data are prohibited to use or ask for in forms or surveys created in the website’s CMS.

PII and Prohibited Information

PII is information which can be used to identify a person uniquely and reliably, including but not limited to name, date of birth, social security number (SSN), home address, home telephone number, home e-mail address, mother’s maiden name, etc. This includes any form of data that may lead to identity theft or any information related crime.

It is not allowed to create forms that require more than one sensitive item for example; full name and date of birth. Forms should only require first names and personal/commercial e-mail (non-military) information at most for identification. Further sending/receiving of personal information should be managed through other means external to the website.  Do not place PII on local drives, shared drives, e-mail folders, multi-access calendars, or the Intranet unless it is password protected or encrypted.

Approved Online Form Example


Example 2:

Approved Form2.jpg

Examples of unapproved forms


Collecting Other Data

Other data besides identification or e-mail addresses can be collected with certain restrictions.

Online forms should only collect choices regarding the facility service or event at hand. For example: the time and the number of objects (i.e. equipment, chairs, tables, etc).  If any information is considered sensitive or that may cause the facility a problem, such as inventory, include a disclaimer that advises the customer to contact the office by telephone or in person.  List your office’s phone number and building location on the form.

Each form must have the proper disclaimer (FOUO and Privacy Act Statements) attached at the top for users to read before filling out any information. The FOUO and Privacy Act Statements can be copied from this document’s appendix and customized to state the specific purpose of collecting data.

Addresses on Forms

When collecting data .mil or emails with military association should not be published unless they are generic accounts for a program or facility, to avoid exposing a person’s PII. The website can also generate forms which hide the recipient e-mail address, use them when possible. Contact the Web Development Team if you need support on how to create these.

Important: This SOP does not apply to the Webtrac, Rectrac, and CYMS services or their forms of collecting data.

For Official Use Only (FOUO) Statement 

SSNs are personal and unique to each individual. Protect them and other PII by adding the FOUO Statement to websites and documents. Within DOD, do not disclose PII to anyone without an official need to know. Outside DOD, do not release any information without the person’s consent.

For Official Use Only: This information may be disseminated within the DOD components and between officials of the DOD components and DOD contractors, consultants, and grantees as necessary in the conduct of official business. FOUO information may also be released to officials in other departments and agencies of the executive and judicial branches in performance of a valid government function. (DoD Directive 5400.11, "Department of Defense Privacy Program," May 8, 2007.)

Privacy Act Statement
When collecting PII from the individual, include the following on the collection form or on a separate form that can be retained by the individual (popularly referred to as the Privacy Act Statement)

Authority: The legal authority, that is, the U.S.C. or Executive Order authorizing the program the business process, system and collection it supports. In general terms, 10 USC 3013 in overall Secretary of the Army authority; and EO 9397 authorizes use of SSNs.

Principal Purpose: The reason you are collecting the information and what you intend to do with it.

Routine Use(s): Indicate agencies/entities along with where and why the information will be disclosed outside the Department of Defense.

Example: Information you provide will also be furnished to the Department of Veteran Affairs in order to validate authorized benefits.

Disclosure: Voluntary or Mandatory. Disclosure is almost always Voluntary. Use Mandatory only when disclosure is required by law and the individual will be penalized for not providing information. Whether Voluntary or Mandatory, include any consequences of nondisclosure in nonthreatening language.

Example: Furnishing information is Voluntary; however, failure to provide required information will result in disapproval of your training request.

The Privacy Act Statement is not required if PII is not collected.

Printed Materials and FAX Machines

Within your office files, maintain only information about an individual that is relevant and necessary to accomplish your mission.

Verify printer location prior to sending a document containing PII to the printer, and promptly pick up all copies of the documents as soon as they are printed.
Locate your office FAX machine in a secure location, away from foot traffic and unauthorized personnel.
Ensure all printed documents with PII are properly marked with “FOUO – Privacy Sensitive.”
Use DD Form 2923, “Privacy Act Data Cover Sheet” for all documents containing PII

Personally Identifiable Information (PII)

IMCOM MWR Enterprise Web is an Army website that conforms to regulations regarding Personally Identifiable Information (PII). Garrison MWR websites on this system will not publish what the Army considers PII. This includes an individual’s:

  • Name
  • E-mail address
  • Postal home address
  • Personal telephone numbers
  • Social Security Number
  • Family information within personal biographies
  • Photographs
  • Personal schedules
  • Rank
  • Official title
  • Rosters with names
  • Telephone directories with names
  • Charts with names
  • Pay information
  • Marital status
  • Names, gender or number of dependents
  • Online forms developed in the Enterprise Web may not contain more than 2 personally identifiable items. Please refer to "General Data Collection SOP" for specific guidance.

Government employees and contractors who have access to work on the IMCOM MWR Enterprise Web must complete the Web Content and OPSEC Certificate Training Course and be able to provide the Web Team with their certificate.

This required training is located at and is entitled Web Content and OPSEC Certification.

Download and view Army policies and OPSEC training screenshots regarding the use of PII on the web and consequences of violating them:


2024 Third Quarter Analytics

Added by JessJuly 16, 2024

How many new pages of content did installations create last quarter? Web managers created a total of 362  new pages on EPW in the last quarter. It's important to note that the total excludes data from the EPW Page Report, calendar...


2024 First Quarter Analytics

January 15, 2024

July 11, 2023

2023 Third Quarter Analytics

How many new pages of content did installations create last quarter? Web managers have created 359 new pages on EPW in the last quarter....

June 12, 2023


Q: What is Google Analytics 4? A: Google Analytics 4 (GA4) is Google's latest analytics platform, designed to provide...

December 09, 2022

Stripe Impressions Tool

This instructional video shows you what Stripes are, how they are tracked, and finally how to create a report. 

December 09, 2022

Tracking QR codes with UTM Parameters in Analytics

This article will teach you how to craft QR codes that use URLs that contain UTM parameters that allow you to track specific QR codes in analytics...

August 17, 2022

Historical Documents and Videos

We love to share ideas, no matter what year they are from!

February 15, 2022

BOSS Executive Summary (EXSUM)

  DA Executive Summary Directorates Executive Summary April 2022 April...

November 04, 2021

Life Skills

Life Skills events are designed specifically to educate or certify Soldiers in a wide variety of abilities for adaptive and positive behavior....