Privacy Act reminders Published April 17, 2013 By Airman 1st Class Stephan Coleman 81st Training Wing Public Affairs KEESLER AIR FORCE BASE, Miss. -- The purpose of the Privacy Act is to protect individuals from the invasion and exploitation of personal identifying information. Authorization is required for the release of PII that could be considered intimate to Department of Defense individuals, including Social Security number, home address, date of birth, dependents information, race, education information, overseas and deployment information. "This information should be released only to individuals with an official need to know," said Phyllis Pires, 81st Communication Squadron. However, written authorization is not needed to release the names of personnel grades O-6 or civilian equivalent and above, rank, grade, Air Force Specialty Code, job title, base pay and continental United States office, unit address and duty phone. When sending PII over email within DOD, ensure there is an official need, that all addressees are authorized to receive it and that it's protected from unauthorized disclosure, loss or alteration. The subject line of such emails should included "For Official Use Only" in the title and the first line should read: "The information herein is For Official Use Only which must be protected under the Privacy Act of 1974, as amended. Unauthorized disclosure or misuse of this personal information may result in criminal and/or civil penalties." Remember to encrypt and digitally sign these messages. "The majority of the PII breaches are because individuals are sending email messages containing sensitive information to those without an official need to know," said Ruthie Atchley, 81st CS. "Another common error is that email messages containing sensitive information are not being encrypted, which would be a breach even if the message went to an individual with an official need to know." Lastly, don't leave sensitive information lying around. The use of a Privacy Act Cover Sheet is mandatory to cover and protect personal information that you are using in unprotected and accessible office environments. "The most important thing to remember is that protecting PII material is everyone's responsibility," said Pires. "When we don't, individuals lose faith in our protection." After normal duty hours, store personal information to prevent unauthorized access. Locked buildings or rooms may provide adequate after-hours protection if government or government-contract building security is provided. Destroy by any method that prevents compromise, such as tearing, burning or shredding, so long as the personal data is not recognizable and beyond reconstruction. Degauss or overwrite magnetic tapes or other magnetic medium.