Annual Reminder on Safeguarding

Personally Identifiable Information (PII) for SSA

Employees

Safeguarding sensitive information has been an important issue ever since the creation of
Social Security. In 1937, the first regulation adopted by the Social Security Board
outlined the rules regarding privacy and disclosure of Social Security records. Through
the years, other regulations and the Privacy Act have further defined our responsibilities
to ensure the confidentiality of the information we collect and hold.

The prevalence of identity theft in the world today, makes the efforts of employees to
ensure the protection of the personal information entrusted to them as an SSA employee
more important than ever.

The term "personally identifiable information" refers to information which can be used to
distinguish or trace an individual's identity, such as his/her name, social security number,
biometric records etc., alone, or when combined with other personal or identifying
information which is linked or linkable to a specific individual such as date and place of
birth, mother's maiden name, etc.

Each SSA employee is responsible for properly safeguarding PII from loss, theft or
improper disclosure, including inadvertent disclosure, and to immediately notify his/her
supervisor of any breach, loss or potential loss of PII in any form.

The responsibility to protect PII applies to all SSA employees whether they are officially
on duty or not on duty, at their official duty station, another official work location or an
alternate duty station.

All employees must:

Know, understand and follow all Agency policies and directives on security,
privacy and confidentiality practices;

Know, understand and follow all Agency policies and directives for safeguarding
PII and ensure that all policies and directives are adhered to;

Safeguard and secure all electronic and paper records that contain PII; and

Report the loss or suspected loss of PII immediately to their supervisor.

Whenever an employee has doubts about a specific situation involving the responsibility
for safeguarding PII, that individual should consult his/her supervisor.
Employees who fail to adequately safeguard PII or who violate Agency policies for
safeguarding PII may be subject to disciplinary action up to and including removal from
Federal service or other actions in accordance with applicable law and Agency policy. In
addition, supervisors should understand that they also may be subject to disciplinary
action for their failure to take appropriate action upon discovering a breach or their
failure to take required steps to prevent a breach from occurring, including adequately
instructing, training and supervising employees regarding their responsibilities for
safeguarding PII.

Information about safeguarding personal information is found on the SSA Intranet at

http://eis.ba.ssa.gov/pii
Acknowledgment Statement

This is to acknowledge that I have read and understand the document entitled Annual
Reminder on Safeguarding Personally Identifiable Information (PII) for SSA
Employees. I understand my responsibility to protect PII, to maintain appropriate
security controls and to report the loss or suspected loss of PII.

Name __________________ Position _____________________

________________________ __________________
Employee's Signature Date

________________________ ___________________
Supervisor's Signature Date