PI.270.7.2, Handling of Private and Sensitive Information

Examples of Private Data: Social Security number (SSN); tax ID; employee NFC ID; account numbers; and farm, tract, or common land unit (CLU) numbers.

Examples of Sensitive Data: Name, address, or other geographic indicators; e-mail address; phone number; race; gender; ethnicity; disability; birth date.

Private and sensitive information must be requested and used only when the transaction cannot be completed without it; it must be entered for that one transaction only and not stored for any future use unless it is absolutely necessary. When private and sensitive information must be stored, it must be secured. If this information is on paper, it must be secured in a locked file cabinet or drawer where only authorized employees have access to it. If this information is in electronic form, the computer system, including laptops, tablets, and desktops; USB drives; external hard drives; and similar devices, whether they are encrypted or not, must be secured in a way that prevents the information from being lost or stolen. If the electronic files cannot be secured, the information must not be stored on that computer or device. The information may be best secured in an access-controlled, shared-drive folder on a physically secure server that is accessed over the network.

Action: Action: All employees will review files on their work station computers to assure that any file containing private and/or sensitive information is 1) necessary to retain, and 2) stored in a secure location from both electronic and physical theft. Supervisors must report to Keith Harada, Assistant Director for Administration by e-mail at keith.harada@hi.usda.gov that their employees have removed or secured any sensitive and/or private data from their computers and that all paper copies of sensitive or private material is in locked storage so that the NRCS PIA certification can be sent to National Headquarters by July 31, 2007.

The following information will assist you with compliance to secure electronic files:

• The H: drive is a secure site
• The C: drive is only a secure site if documents are filed in the C:\Home directory or in the Documents and Settings folder, and these files have been encrypted.
• The S: drive is a secure site from outside users but any sensitive information should be protected by passwords for internal users.
• Thumb drives are only secure if encrypted.
• Do not save government information on home computers.

All employees will assure that “hard copy” files or documents containing private and/or sensitive data are secured from access by non-authorized persons.

The following information will assist you with compliance to secure hard copy files:

• Do not leave files with private or sensitive information unsecured overnight or when away from your workstation for an extended period.
• Private and or sensitive information needs to be shredded, not thrown in garbage cans or recycle barrels. Each office should have a confetti style shredder for this purpose.

/s/ 

LAWRENCE T. YAMAMOTO
Director
Pacific Islands Area

Attachments: 

cc:	Shirley Nakamura, AD, Operations – East Area Office
	John Lawrence, AD, Operations – West Area Office
	W. Kent Matsutani, AD, Programs, PIA State Office
	Paul Scales, AD, Technology, PIA State Office
	Dudley Kubo, Acting State Conservation Engineer – East Area Office
	Milton Martinez, AD, Soil Science and Natural Resource Assessments – East Area Office
	Keith Harada, AD, Administration, PIA State Office