PROTECTION OF PERSONALLY IDENTIFIABLE INFORMATION (PII) IN RELATION TO FITNESS REPORTS AND EVALUATIONS:

RAAUZYUW RUENAAA8701 1501426-UUUU--RUCRNAD
ZNR UUUUU ZUI RUEWMCE8523 1501405
R 301425Z MAY 07 PSN 209089K28
FM CNO WASHINGTON DC
TO NAVADMIN
ZEN/NAVADMIN @ AL NAVADMIN(UC)
INFO ZEN/CNO CNO
BT
UNCLAS
FM CNO WASHINGTON DC//N1// 
TO NAVADMIN INFO CNO WASHINGTON DC//N1// UNCLAS //N05211// 
NAVADMIN 138/07 
MSGID/GENADMIN/CNO WASHINGTON DC/N1/MAY// 
SUBJ/PROTECTION OF PERSONALLY IDENTIFIABLE INFORMATION (PII) IN 
RELATION TO FITNESS REPORTS AND EVALUATIONS//
REF/A/GENADMIN/28DEC2005//
REF/B/GENADMIN/SECNAV/142105ZJUL06//
REF/C/GENADMIN/DON CIO/171952ZAPR07//
REF/D/DOC/CNO/20SEP2005//
NARR/REF A IS SECNAVINST 5211.5E (DON PRIVACY PROGRAM).  REF B IS ALNAV
059/06 (SAFEGUARDING PERSONAL INFORMATION).  REF C IS DON CIO INTERIM 
POLICY ON HANDLING OF PII ON COMPUTERS, MOBILE COMPUTING DEVICES AND 
REMOVABLE STORAGE MEDIA.  REF D IS OPNAVINST 1610.10A (NAVY PERFORMANCE 
EVALUATION SYSTEM).//
RMKS/1.  THIS NAVADMIN EMPHASIZES THE 
SAFEGUARDING OF PERSONALLY IDENTIFIABLE INFORMATION (PII) AS OUTLINED 
IN REFS A THROUGH C AND IN PARTICULAR, PII GENERATED THROUGH THE NORMAL 
FITNESS REPORT (FITREP) AND EVALUATION (EVAL) PROCESS.  ALL HANDS HAVE 
A DUTY TO SAFEGUARD PII IN BOTH WRITTEN AND ELECTRONIC FORMATS AND 
SHOULD TAKE APPROPRIATE ACTIONS TO PROTECT AND PRESERVE THE 
CONFIDENTIALITY AND SECURITY OF PERSONAL INFORMATION ENTRUSTED TO THEM.  
SOCIAL SECURITY NUMBERS (SSN) OF INDIVIDUALS AND REPORTING SENIORS 
CONTAINED IN PERFORMANCE EVALUATIONS REPRESENT A SPECIAL VULNERABILITY 
DUE TO THEIR REQUIRED USE, WIDESPREAD STORAGE (ON BOTH PAPER AND ON 
ELECTRONIC MEDIA) AND LONG TERM RETENTION.
2.  REF D, SECTIONS 1 THROUGH 4 NOTES THAT REPORTING SENIORS HAVE THE 
OPTION TO PROVIDE COPIES OF FITREP/EVALS WITHOUT THEIR SSN TO 
INDIVIDUALS, THEIR FIELD SERVICE RECORDS, AND COMMAND FILES.  SIMILARLY, 
REPORTING SENIOR SSNS ARE NOT REQUIRED ON FITREP/EVAL RELATED 
CORRESPONDENCE (E.G., PERFORMANCE INFORMATION MEMORANDA, LETTERS OF 
EXTENSION OR CORRECTION, ETC.).  APPROPRIATE MASKING OF THE INDIVIDUALS 
SSN (USING ONLY THE LAST 4 DIGITS) IS ENCOURAGED FOR COPIES PROVIDED TO 
THEM, THEIR FIELD SERVICE RECORDS, AND/OR COMMAND FILES.  REPORTING 
SENIORS SHOULD ADOPT THESE BEST PRACTICES FOR ALL FITREPS, EVALS AND 
RELATED CORRESPONDENCE THEY PREPARE.
3.  INDIVIDUAL AND REPORTING SENIOR SSNS ARE STILL REQUIRED FOR FITREP/ 
EVALS AND SUMMARY REPORTS ENTERED INTO OFFICIAL OFFICER AND ENLISTED 
RECORD FILES HELD BY BUPERS.  THE NAVFIT 98A SOFTWARE REQUIRES THESE 
ENTRIES TO COMPLETE VALIDATION AND THE RESULTING PII IS STORED WITH THE 
SOFTWARE ON THE COMPUTER.  REPORTING SENIORS SHOULD TAKE APPROPRIATE 
ACTIONS AS OUTLINED IN REF C TO ENSURE ELECTRONIC FITREP/EVAL RELATED 
PII ARE MAINTAINED AND SAFEGUARDED IN AUTHORIZED SPACES, ON GOVERNMENT 
OWNED COMPUTERS.  ADDITIONALLY, PORTABLE ELECTRONIC STORAGE DEVICES 
(CONTAINING FITREP/EVAL PII E.G., FLOPPY DISKS, CD-ROMS, ETC.) SHOULD 
BE ENCRYPTED AND PROPERLY MARKED.
4.  REPORTING SENIORS AND COMMANDS SHOULD REVIEW THEIR CURRENT HOLDINGS
OF FITREP/EVALS (BOTH HARD AND SOFTCOPY) AND ENSURE COMPLIANCE WITH 
GUIDANCE PROVIDED RELATED TO PROTECTING THIS SENSITIVE PERSONAL DATA.
PROPERLY DISPOSING OF REDUNDANT AND/OR UNNECESSARY PII IS EASILY ONE OF 
THE SINGLE BEST METHODS TO REDUCE THE VULNERABILITY OF COMPROMISE.
5.  MORE INFORMATION IS AVAILABLE ON THE DON PRIVACY ACT WEBSITE AT 
HTTP://PRIVACY.NAVY.MIL.
6.  RELEASED BY VADM J. C. HARVEY, JR., N1.// 



BT
#8701







NNNN