Securing Personally Identifiable Information (PII)
Records maintained by the Coast Guard and by the Coast Guard Auxiliary may be subject to the provisions of the Freedom of Information Act and the Privacy Act of 1974.
The treatment and handling of Auxiliary Personally Identifiable Information (PII) and Auxiliary correspondence shall be in accordance with these provisions and pertinent Coast Guard directives. Personally Identifiable Information is defined as data that can be used to distinguish or trace a person’s identity, or any other personal information that can be linked to a specific individual. Examples of PII include: name, date of birth, home mailing address, telephone number, social security number, mother’s maiden name, home e-mail address, ZIP code, account numbers, certificate/license numbers, vehicle identifiers (including license plates), Uniform Resource Locators (URL), internet protocol addresses, biometric identifiers (e.g., fingerprints), photographic facial images, any unique identifying number or characteristic, and other information where it is reasonably foreseeable that the information will be linked with other personal identifiers of the individual.
Auxiliary correspondence encompasses all forms of written communication generated by or bound for Auxiliarists in connection with their authorized activities. It includes letters, memos, forms, manuals, publications, ID cards, associated electronic transmissions, and e-mail. All such correspondence serves as a critical resource for the development, training, and operation of the Auxiliary in support of the Coast Guard.
It is critically important that all Auxiliarists protect PII and Sensitive PII.
All Auxiliarists are required to complete the Privacy at DHS/Protecting Personal Information (810015) course at initial enrollment and every 5 years after that.
Available Resources
Sensitive PII requires encryption at rest (where it is stored) and while in transit (when sent). At rest encryption can be met by storing the file on an encrypted drive or in an approved Cloud service that encrypts all data. Use Email Encryption for moving miles back and forth between personnel. Do not trust file transfer services that have not been vetted as they often times have backdoors that grant access to unintended personnel.
You can password protect pertain files such as MS Office and Adobe PDF to protect the files. However, the passwords for those files should be complex, not stored on the system with the files, and not sent using the same technique as the file (i.e. do not email a password protected file and then send a separate email with the password).
CGAUXNET.US GSuite
The National Staff CGAUXNET.US GSuite may be used for secure file sharing. Files with SPII must be placed on managed Shared Drives that require authenticated access and are not shared to non CGAUXNET users. Files may not be shared individually. Specific instructions on properly securing files coming soon.
Sending Files between the USCG and CGAUX
USCG personnel (and CGAUX personnel with an ALAC) may initiate secure files transfers using the DOD SAFE file transfer system. The service makes it easy to exchange unclassified files up to 8.0 GB that can't be sent through the email services. It is approved for sending and receiving up to CUI/PII/PHI files.
Incident Reporting
Any incident involving PII and SPII must be reported to CG-6P via CG-BSX and the COLM immediately upon discovery.
The treatment and handling of Auxiliary Personally Identifiable Information (PII) and Auxiliary correspondence shall be in accordance with these provisions and pertinent Coast Guard directives. Personally Identifiable Information is defined as data that can be used to distinguish or trace a person’s identity, or any other personal information that can be linked to a specific individual. Examples of PII include: name, date of birth, home mailing address, telephone number, social security number, mother’s maiden name, home e-mail address, ZIP code, account numbers, certificate/license numbers, vehicle identifiers (including license plates), Uniform Resource Locators (URL), internet protocol addresses, biometric identifiers (e.g., fingerprints), photographic facial images, any unique identifying number or characteristic, and other information where it is reasonably foreseeable that the information will be linked with other personal identifiers of the individual.
Auxiliary correspondence encompasses all forms of written communication generated by or bound for Auxiliarists in connection with their authorized activities. It includes letters, memos, forms, manuals, publications, ID cards, associated electronic transmissions, and e-mail. All such correspondence serves as a critical resource for the development, training, and operation of the Auxiliary in support of the Coast Guard.
It is critically important that all Auxiliarists protect PII and Sensitive PII.
All Auxiliarists are required to complete the Privacy at DHS/Protecting Personal Information (810015) course at initial enrollment and every 5 years after that.
Available Resources
- Section E. of Chapter 5 of the Auxiliary Manual (COMDTINST M16790.1G): Privacy and Freedom of Information Acts, Personally Identifiable Information, Auxiliary Correspondence, and Network Security
- DHS Handbook for Safeguarding Sensitive PII
- 2023 NTRAIN Briefing on PII
Sensitive PII requires encryption at rest (where it is stored) and while in transit (when sent). At rest encryption can be met by storing the file on an encrypted drive or in an approved Cloud service that encrypts all data. Use Email Encryption for moving miles back and forth between personnel. Do not trust file transfer services that have not been vetted as they often times have backdoors that grant access to unintended personnel.
You can password protect pertain files such as MS Office and Adobe PDF to protect the files. However, the passwords for those files should be complex, not stored on the system with the files, and not sent using the same technique as the file (i.e. do not email a password protected file and then send a separate email with the password).
CGAUXNET.US GSuite
The National Staff CGAUXNET.US GSuite may be used for secure file sharing. Files with SPII must be placed on managed Shared Drives that require authenticated access and are not shared to non CGAUXNET users. Files may not be shared individually. Specific instructions on properly securing files coming soon.
Sending Files between the USCG and CGAUX
USCG personnel (and CGAUX personnel with an ALAC) may initiate secure files transfers using the DOD SAFE file transfer system. The service makes it easy to exchange unclassified files up to 8.0 GB that can't be sent through the email services. It is approved for sending and receiving up to CUI/PII/PHI files.
Incident Reporting
Any incident involving PII and SPII must be reported to CG-6P via CG-BSX and the COLM immediately upon discovery.