Personal Identification Information And Email

All employees should understand that email sent or received on a government computer should not be considered private, and that, above all, PII – personally identifiable information – should not be sent in unencrypted email.

PII is information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc., or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.

While PII should not be sent, Social Security numbers, credit card numbers and much more is being monitored leaving NPS daily.  We know this because of security monitoring at the point where the NPS network ends and the internet begins.  If someone with the wrong intentions intercepts an email with your name and SSN, identity theft may not be far behind.  Identity theft is still among the fastest growing crimes in the world.  Identity theft is the act of obtaining an individual’s identifying information without authorization in an attempt to commit or facilitate the commission of fraud or other crimes.

What do we do if we find ourselves in a working situation that requires us to send PII in an email?  While these situations exist, you can always check with your supervisor or IT security manager before sending PII in an email. The NPS also has an official privacy officer, Diane Cooke, who is trained and experienced in this field.  In these situations, there is almost always a less risky way to communicate sensitive data. 

If sending PII to another NPS network user, you must encrypt the Lotus Notes email message. However, if you find that you must share your SSN or other PII with someone outside of NPS, you should shaer it by voice phone or by fax (with phone call recipient verification between sender and recipient) rather than use unencrypted email.

Email has become one of the most convenient ways to communicate business information and the inclusion of PII in emails presents a real problem.  The federal government still lacks a one-size-fits-all email solution for this problem. The Office of the Chief Information Officer is researching alternative technical solutions to this problem.  The Service is also reviewing internal policies and procedures to ensure official guidance is compliant with Privacy Act and PII-handling best practices.