Use and Disclosure of PII
An organization that fails to protect PII can face consequences including
All of the Above<\/p>\n\n\n\n
Use and Disclosure of PII<\/p>\n\n\n\n
True or False?
Information that can be combined with other information to link solely to an individual is considered PII.
True<\/p>\n\n\n\n
Use and Disclosure of PII
Which of the following is NOT a permitted disclosure of PII contained in a system of records?
The purpose is disclosed with a new purpose that is not encompassed by SORN<\/p>\n\n\n\n
Use and Disclosure of PII
What guidance identifies federal information security controls?
OMB Memorandum M-17-12<\/p>\n\n\n\n
Use and Disclosure of PII
Which of the following must Privacy Impact Assessments (PIAs) do?
All of the Above<\/p>\n\n\n\n
Use and Disclosure of PII
What regulation governs the DoD Privacy Program?
DoD 5400.11-R: DoD Privacy Program<\/p>\n\n\n\n
Use and Disclosure of PII
What law establishes the federal government’s legal responsibility for safeguarding PII?
Privacy Act of 1974<\/p>\n\n\n\n
Use and Disclosure of PII
What law establishes the public’s right to access federal government information?
FOIA<\/p>\n\n\n\n
Use and Disclosure of PII
No disclosure of a record in a system of records unless:
The individual to whom the record pertains:<\/p>\n\n\n\n
OR
Includes “routine use” of records, as defined in the SORN<\/p>\n\n\n\n
Safeguarding PII<\/p>\n\n\n\n
Your coworker was teleworking when the agency e-mail system shut down. She had an urgent deadline so she sent you an encrypted set of records containing PII from her personal e-mail account. Is this compliant with PII safeguarding procedures?
No<\/p>\n\n\n\n
If you discover a data breach you should immediately notify the proper authority and also:
document where and when the potential breach was found:
-record URL for PII on the web<\/p>\n\n\n\n
Officials or employees who knowingly disclose PII to someone without a need-to-know may be subject to which of the following?
Both civil and criminal penalties<\/p>\n\n\n\n
Which of the following is NOT an example of an administrative safeguard that organizations use to protect PII?
List all potential future uses of PII in the System of Records Notice (SORN)<\/p>\n\n\n\n
True or False?
Phishing is not often responsible for PII data breaches.
False<\/p>\n\n\n\n
Which of the following must Privacy Impact Assessments (PIAs) do?<\/p>\n\n\n\n
True or False? An Individual whose PII has been stolen is susceptible to identity theft, fraud, and other damage.
True<\/p>\n\n\n\n
What \/ Which guidance identifies federal information security controls?
-The Freedom of Information Act (FOIA)
-The Privacy Act of 1974
-OMB Memorandum M-17-12: Preparing for and responding to a breach of PII
-DOD 5400.11-R: DOD Privacy Program
OMB Memorandum M-17-12<\/p>\n\n\n\n
Which of the following is NOT an example of PII?
-Driver’s License Number
-Pet’s nickname
-Social Security Number
-Fingerprints
Pet’s nickname<\/p>\n\n\n\n
Which of the following is NOT a permitted disclosure of PII contained in a system of records?
-These are all permitted disclosures
-The record is disclosed for a new purpose that is not specified in the SORN
-The record is disclosed for routine use.
-The individual has requested that their record be disclosed.
The record is disclosed for a new purpose that is not specified in the SORN<\/p>\n\n\n\n
PIA is required when organization collects PII from:<\/p>\n\n\n\n
PIA is not required when the information system or electronic collection:<\/p>\n\n\n\n
Within what timeframe must DOD organizations report PII breaches to the United States Computer Emergency Readiness Team (US-CERT) once discovered?
-1 hour
-12 hours
-48 hours
-24 hours
1 hour for US-CERT<\/p>\n\n\n\n
(FYI: 24 hours to Component Privacy Office and 48 hours to Defense Privacy, Civil liberties, and transparency division)<\/p>\n\n\n\n
Your organization has a new requirement for annual security training. To track training completion, they are using employee Social Security Numbers as record identification. Is this compliant with PII safeguarding procedures?<\/p>\n\n\n\n
You are tasked with disposing of physical copies of last year’s grant application forms. These documents contain PII so you use a cross-cut shredder to render them unrecognizable and beyond reconstruction. Is this compliant with PII safeguarding procedures?
-YES or NO
YES<\/p>\n\n\n\n
Organizations that fail to maintain accurate, relevant, timely, and complete information may be subject to which of the following?
-Neither civil nor criminal penalties
-civil penalties
-criminal penalties
-both civil and criminal penalties
Civil Penalties<\/p>\n\n\n\n
True or False? Paper-based PP is involved in data breaches more often than electronic PP documentation?
False- Phishing is responsible for most of the recent PII Breaches<\/p>\n\n\n\n
Which regulation governs the DoD Privacy Program?
-The Freedom of Information Act (FOIA)
-The Privacy Act of 1974
-OMB Memorandum M-17-12: Preparing for and responding to a breach of PII
-DOD 5400.11-R: DOD Privacy Program
-DOD 5400.11-R: DOD Privacy Program<\/p>\n\n\n\n
Which of the following is NOT included in a breach notification?
A. Articles and other media reporting the breach.
B. What happened, date of breach, and discovery.
C. Point of contact for affected individuals.
D. Whether the information was encrypted or otherwise protected.
A. Articles and other media reporting the breach.<\/p>\n\n\n\n
TRUE OR FALSE. A PIA is required if your system for storing PII is entirely on paper.
FALSE<\/p>\n\n\n\n
TRUE OR FALSE. Misuse of PII can result in legal liability of the individual.
TRUE<\/p>\n\n\n\n
TRUE OR FALSE. Misuse of PII can result in legal liability of the organization.
TRUE<\/p>\n\n\n\n
Where is a System of Records Notice (SORN) filed?
A. National Archives and Records Administration
B. Congress
C. Federal Register
D. SORNs are for internal reference only, and don’t need to be filed with a third party.
Federal Register<\/p>\n\n\n\n
Organizations must report to Congress the status of their PII holdings every:
A. Six Months
B. Year
C. Five years
D. Organizations are not required to report to Congress
Year<\/p>\n\n\n\n
Jane Student is delivering a document that contains PII, but she cannot find the correct cover sheet. She should:
A. Mark the document CUI and deliver it without the cover sheet.
B. Mark the document as sensitive and deliver it without the cover sheet.
C. Mark the document CUI and wait to deliver it until she has the cover sheet.
D. None of the above; provided she is delivering it by hand, it does not require a cover sheet or markings.
Mark the document CUI and wait to deliver it until she has the cover sheet<\/p>\n\n\n\n
The acronym PHI, in this context, refers to:
A. Protected Health Information
B. Public Health Institute
C. Public Health Informatics
D. Public Health Intelligence
Protected Health Information<\/p>\n","protected":false},"excerpt":{"rendered":"
Use and Disclosure of PIIAn organization that fails to protect PII can face consequences includingAll of the Above Use and Disclosure of PII True or False?Information that can be combined with other information to link solely to an individual is considered PII.True Use and Disclosure of PIIWhich of the following is NOT a permitted disclosure […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[25],"tags":[],"class_list":["post-119854","post","type-post","status-publish","format-standard","hentry","category-exams-certification"],"_links":{"self":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/posts\/119854","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/comments?post=119854"}],"version-history":[{"count":0,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/posts\/119854\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/media?parent=119854"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/categories?post=119854"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.learnexams.com\/blog\/wp-json\/wp\/v2\/tags?post=119854"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}