It sounds too simple to discuss: Forms collect information.

In a world where information is a commodity and privacy is carefully guarded, the information we collect and how we handle it becomes an issue.

This hard reality slapped me awake when I tried to continue using our Low confidentiality, integrity and accountability (commonly known as CIA) risk rating once we began to let our garrisons use forms. As soon as a name crossed the system boundary and imprinted on the electrons within, if only for a nanosecond, we began to use Personally Identifiable Information (PII).

IEW now has a CIA of Moderate, Moderate, Moderate. This allows us to collect SOME privacy information -- enough for "Contact Us" or DPW initial work orders, but not enogh to do real damage to anybody's identity if we are compromised.

Allowable private information: Checked categories can be used, unchecked categories cannot.
pii list.PNG

 

A moderate CIA means we have to be a little more careful with the information we have and collect -- monitor who receives it, back it up carefully, and write clear policy on how we handle it.

Policy is under development. Meanwhile:

1. All new forms need to be approved by IMCOM HQ PAO. Consider this a safety check.

2. Make certain you include an email address for the recipient of the data. Our servers are not going to preserve your data for very long.