Personally Identifiable Information (PII) & Data Collection

Do you collect contact form data? If so, are you aware that much of that content could possibly be considered personally identifiable information (PII)?  This guide will help navigate PII and Army Regulations and policies.

General Data Collection SOP

All data collected must not to be of a sensitive nature, or facilitate the gathering of Personally Identifiable Information (PII).  Some kinds of data are prohibited to use or ask for in forms or surveys created in the website’s CMS.

PII and Prohibited Information

PII is information which can be used to identify a person uniquely and reliably, including but not limited to name, date of birth, social security number (SSN), home address, home telephone number, home e-mail address, mother’s maiden name, etc. This includes any form of data that may lead to identity theft or any information related crime.

It is not allowed to create forms that require more than one sensitive item for example; full name and date of birth. Forms should only require first names and personal/commercial e-mail (non-military) information at most for identification. Further sending/receiving of personal information should be managed through other means external to the website.  Do not place PII on local drives, shared drives, e-mail folders, multi-access calendars, or the Intranet unless it is password protected or encrypted.

Approved Online Form Example

good-form.jpg

Example 2:

Approved Form2.jpg

Examples of unapproved forms

badform.jpg

Collecting Other Data

Other data besides identification or e-mail addresses can be collected with certain restrictions.

Online forms should only collect choices regarding the facility service or event at hand. For example: the time and the number of objects (i.e. equipment, chairs, tables, etc).  If any information is considered sensitive or that may cause the facility a problem, such as inventory, include a disclaimer that advises the customer to contact the office by telephone or in person.  List your office’s phone number and building location on the form.

Each form must have the proper disclaimer (FOUO and Privacy Act Statements) attached at the top for users to read before filling out any information. The FOUO and Privacy Act Statements can be copied from this document’s appendix and customized to state the specific purpose of collecting data.

Addresses on Forms

When collecting data .mil or emails with military association should not be published unless they are generic accounts for a program or facility, to avoid exposing a person’s PII. The website can also generate forms which hide the recipient e-mail address, use them when possible. Contact the Web Development Team if you need support on how to create these.

Important: This SOP does not apply to the Webtrac, Rectrac, and CYMS services or their forms of collecting data.

Appendix
For Official Use Only (FOUO) Statement 

SSNs are personal and unique to each individual. Protect them and other PII by adding the FOUO Statement to websites and documents. Within DOD, do not disclose PII to anyone without an official need to know. Outside DOD, do not release any information without the person’s consent.

For Official Use Only: This information may be disseminated within the DOD components and between officials of the DOD components and DOD contractors, consultants, and grantees as necessary in the conduct of official business. FOUO information may also be released to officials in other departments and agencies of the executive and judicial branches in performance of a valid government function. (DoD Directive 5400.11, "Department of Defense Privacy Program," May 8, 2007.)

Privacy Act Statement
When collecting PII from the individual, include the following on the collection form or on a separate form that can be retained by the individual (popularly referred to as the Privacy Act Statement)

Authority: The legal authority, that is, the U.S.C. or Executive Order authorizing the program the business process, system and collection it supports. In general terms, 10 USC 3013 in overall Secretary of the Army authority; and EO 9397 authorizes use of SSNs.

Principal Purpose: The reason you are collecting the information and what you intend to do with it.

Routine Use(s): Indicate agencies/entities along with where and why the information will be disclosed outside the Department of Defense.

Example: Information you provide will also be furnished to the Department of Veteran Affairs in order to validate authorized benefits.

Disclosure: Voluntary or Mandatory. Disclosure is almost always Voluntary. Use Mandatory only when disclosure is required by law and the individual will be penalized for not providing information. Whether Voluntary or Mandatory, include any consequences of nondisclosure in nonthreatening language.

Example: Furnishing information is Voluntary; however, failure to provide required information will result in disapproval of your training request.

The Privacy Act Statement is not required if PII is not collected.

Printed Materials and FAX Machines

Within your office files, maintain only information about an individual that is relevant and necessary to accomplish your mission.

Verify printer location prior to sending a document containing PII to the printer, and promptly pick up all copies of the documents as soon as they are printed.
Locate your office FAX machine in a secure location, away from foot traffic and unauthorized personnel.
Ensure all printed documents with PII are properly marked with “FOUO – Privacy Sensitive.”
Use DD Form 2923, “Privacy Act Data Cover Sheet” for all documents containing PII

Personally Identifiable Information (PII)

IMCOM MWR Enterprise Web is an Army website that conforms to regulations regarding Personally Identifiable Information (PII). Garrison MWR websites on this system will not publish what the Army considers PII. This includes an individual’s:

  • Name
  • E-mail address
  • Postal home address
  • Personal telephone numbers
  • Social Security Number
  • Family information within personal biographies
  • Photographs
  • Personal schedules
  • Rank
  • Official title
  • Rosters with names
  • Telephone directories with names
  • Charts with names
  • Pay information
  • Marital status
  • Names, gender or number of dependents
  • Online forms developed in the Enterprise Web may not contain more than 2 personally identifiable items. Please refer to "General Data Collection SOP" for specific guidance.

Government employees and contractors who have access to work on the IMCOM MWR Enterprise Web must complete the Web Content and OPSEC Certificate Training Course and be able to provide the Web Team with their certificate.

This required training is located at https://iatraining.us.army.mil/ and is entitled Web Content and OPSEC Certification.

Download and view Army policies and OPSEC training screenshots regarding the use of PII on the web and consequences of violating them:

Tracking QR codes with UTM Parameters in Analytics

December 09, 2022

(window.NREUM||(NREUM={})).init={ajax:{deny_list:["gov-bam.nr-data.net"]}};(window.NREUM||(NREUM={})).loader_config={licenseKey:"cbe04b4f50",applicationID:"124718668"};/*! For license information please see nr-loader-rum-1220.min.js.LICENSE.txt...

Take_2.png

Historical Documents and Videos

Added by SSG Mackall, Cody - DA BOSS RepresentativeAugust 17, 2022

We love to share ideas, no matter what year they are from!

February 15, 2022

BOSS Executive Summary (EXSUM)

  DA Executive Summary Directorates Executive Summary April 2022 April...

November 04, 2021

Life Skills

Life Skills events are designed specifically to educate or certify Soldiers in a wide variety of abilities for adaptive and positive behavior....

October 18, 2021

Soldier Showdown Resources

Click here for all Soldier Showdown Social Media Content and Links to Registration!

October 06, 2021

Continuity Book

These resources will allow you to take the products provided below, and make them fit to your Garrison!  There are many different documents,...

October 06, 2021

Resources

Click here for a full list of useful resources pertaining to BOSS!

October 04, 2021

Post Restaurant Survey

The following survey has been designed to gather information from our customers to assist in making better business decisions. The survey is...

October 01, 2021

BPAA Bowling Training

The following training  links are Army Bowling Center Managers. There are presentations, sample handouts, and marketing materials to help...

March 30, 2020

Home Based Business (HBB)

People are Always My #1 Priority. -          General James C. McConville, Army Chief of...