Information about http://www.uscg.mil/foia/Protecting/Protecting_and_Handling_Personnel_Related_Data.pdf

Protecting & Handling Personnel-Related Data ­ Quick Reference Guide…

Tags: cordless phones, e mail, electronic format, file cabinet, heightened awareness, information security systems, information system security, landline phones, office chief, polices, poor security, quick reference guide, removable media, security manager, security practices, security violation, supervisor program, supervisors office, unauthorized disclosures, verbal communication,
Pages: 1
Language: english
Created: Thu Sep 20 08:22:06 2007
Display cached document
Page 1
image
Protecting & Handling Personnel-Related Data ­ Quick Reference Guide
Do make sure all personnel-related data is marked "For Official Use Only" or "Privacy
Data."
Do protect personnel-related data according to the privacy and security safeguarding
polices.
Do report any unauthorized disclosures of personnel-related data to your supervisor,
Program Manager, or Information System Security Manager.
Do immediately report any suspected security violation or poor security practices relating
to personnel-related data.
Do lock up all notes, documents, removable media, laptops, and other material containing
personnel-related data when not in use and/or under the control of a person with a need to
know.
Do log off, turn off, or lock your computer whenever you leave your desk to ensure that
no personnel-related data is compromised.
Do encrypt all personnel-related data documents sent via e-mail.
Do destroy all personnel-related data in your possession when no longer needed and
continued retention is not required.
Do be conscious of your surroundings when discussing personnel-related data. Protect
verbal communication with the same heightened awareness as you would paper or
electronic personnel-related data.
Don't leave personnel-related data unattended. Secure it in a locked drawer, locked file
cabinet, or similar locking enclosure, or in a room or area where access is controlled and
limited to persons with a need to know.
Don't take personnel-related data home, in either paper or electronic format, without
written permission of your supervisors, office chief, or Information Security Systems
Manager, as required.
Don't discuss or entrust personnel-related data to individuals who do not have a need to
know.
Don't discuss personnel-related data on wireless or cordless phones unless absolutely
necessary. Unlike landline phones, these phones can be more easily intercepted.
Don't put personnel-related data in the body of an e-mail. It must be password-protected
as an attachment.
Don't dispose of personnel related data in recycling bins or regular trash unless it has
first been shredded.