Risk Factor Matrix for PII Data

Commerce team crafts a matrix for rating the risk factors for PII data.

At the Commerce Department, a senior executive Identity Theft Task Force is busy at work addressing the serious issues surrounding the loss or compromise of personally identifiable information.

Protecting PII is a crucial issue for agencies across government. The Office of Management and Budget has made it a top priority for CIOs and information technology security teams.

For its part, the Commerce task force has created a matrix to help program officers figure out how risky the exposure of PII might be in any particular system and what action needs to be taken if a compromise occurs. The matrix also helps program managers identify systems that they need to target for either heightening security or removing PII if the data is not crucial to the system’s main mission. 

Going forward, the department is looking hard at whether programs even need to collect certain information, such as Social Security numbers or birthdates, says Dave Jarrell, chief information officer in the Office of the Secretary.

Jarrell says the thing that keeps him up at night when it comes to PII is “what we have not imagined yet.”

Jan 17 2008