Dd Form 2959 - Breach Of Personally Identifiable Information (Pii) Report Page 3
Download a blank fillable Dd Form 2959 - Breach Of Personally Identifiable Information (Pii) Report in PDF format just by clicking the "DOWNLOAD PDF" button.
Open the file in any PDF-viewing software. Adobe Reader or any alternative for Windows or MacOS are required to access and complete fillable content.
Complete Dd Form 2959 - Breach Of Personally Identifiable Information (Pii) Report with your personal data - all interactive fields are highlighted in places where you should type, access drop-down lists or select multiple-choice options.
Some fillable PDF-files have the option of saving the completed form that contains your own data for later use or sending it out straight away.
ADVERTISEMENT
1
2
3INSTRUCTIONS FOR COMPLETING DD FORM 2959,
BREACH OF PERSONALLY IDENTIFIABLE INFORMATION (PII) REPORT
Select Initial, Updated, or After Action Report and enter the date.
b. ACTIONS TAKEN IN RESPONSE TO BREACH, TO INCLUDE ACTIONS
TAKEN TO PREVENT RECURRENCE AND LESSONS LEARNED (Up to
150 words, bullet format acceptable). Note: Do not include PII or classified
1. GENERAL INFORMATION.
information. Summarize steps taken to mitigate actual or potential harm to
a. Date of Breach. Enter the date the breach occurred. If the
the individuals affected and the organization. For example, training,
specific date cannot be determined, enter an estimated date and
disciplinary action, policy development or modification, information systems
provide further explanation in the notes section of the report.
modifications. List any findings resulting from the investigation of the breach.
b. Date Breach Discovered. Enter the date the breach was initially
3.a. NUMBER OF INDIVIDUALS AFFECTED. For each category of
discovered by a DoD employee, military member, or DoD contractor.
individuals listed, enter the number of individuals affected by the breach.
Do not include an individual in more than one category.
c. Date reported to US-CERT. Breaches must be reported to
US-CERT within 1 hour of discovery. Enter the date reported to
b. Were affected individuals notified? Check box "Yes" or "No". If the
US-CERT.
individuals affected will not receive a formal notification letter about the breach,
select "No" and enter an explanation of why the Component determined
notification was not necessary in 3.b.(4). If additional space is needed for this
d. US-CERT Number. Enter the number assigned by US-CERT
justification, continue text in 6.c., Additional Notes.
when the breach was reported.
(1) If affected individuals were notified, were they notified within 10 working
days? Check "Yes" or "No".
e. Component Internal Tracking Number (if applicable). If your
(2) If the affected individuals will be notified of the breach, provide the date the
component uses an internal tracking number, enter the number
notification letters will be sent.
assigned.
(3) - (4) If "Yes", list the number of individuals notified. If the number of
individuals notified differs from total number of individuals affected, explain why
f. Breach Involved (click to select). Select from the drop-down list -
in 3.b.(4).
Email, Info Dissemination, Paper Records, or Equipment.
(5) Was credit monitoring offered? Select "Yes" or "No".
Note: This is a risk of harm based decision to be made by the DoD Component.
(6) If "Yes", enter the number of individuals offered credit monitoring.
g. Type of Breach (click to select). Select from the drop-down list -
Theft, Loss, or Compromise.
4. PERSONALLY IDENTIFIABLE INFORMATION (PII) INVOLVED IN
THIS BREACH. Select all that apply. If Financial Information is selected,
h. Cause of Breach (click to select). Select from the drop-down list
provide additional details.
the predominate cause of the breach - Theft, Failure to Follow Policy,
Computer Hacking, Social Engineering, Equipment Malfunction,
5. SELECT ALL THE FOLLOWING THAT APPLY TO THIS BREACH.
Failure to Safeguard Government Equipment or Information,
Check at least one box from the options given. If you need to use the "Other"
Improper Security Settings, or Other.
option, you must specify other equipment involved.
i. - j. Component. Select from the drop-down list. After you select
a. Paper Documents/Records. If you choose Paper Documents/Records,
your Component, enter the Office/Name in block 1.j (i.e., if "OSD/JS"
answer each associated question by selecting from the drop-down options.
is the Component selected, an example of the Office would be
b. - c. Equipment. If you choose Equipment, answer the associated
"TMA").
questions by selecting from the drop-down options. Enter a number in the
empty field indicating how many pieces of each type of equipment were
k. - s. Point of Contact for Further Information. Enter the requested
involved in the breach. If "Other", you will need to specify what type of
information for the person to be contacted if DPCLO requires
equipment was involved.
additional details regarding the breach.
d. - e. Email and Info Dissemination. If Email or Info Dissemination is
2.a. DESCRIPTION OF BREACH (Up to 150 words, bullet format
selected, choose either "Yes" or "No" for all of the questions.
acceptable). Note: Do not include PII or classified information.
Summarize the facts or circumstances of the theft, loss or
6.a. TYPE OF INQUIRY. Select the type of inquiry conducted as a result of
compromise of PII as currently known, including:
the breach. If the inquiry type is "Other", please describe.
- the description of the parties involved in the breach;
b. Impact Determination. (Component Privacy Official or designee use only.)
- the physical or electronic storage location of the data at risk;
Select one: What is the overall risk level associated with this breach?
- if steps were immediately taken to contain the breach;
Risk is determined by considering the likelihood that the PII can be accessed
- whether the breach is an isolated incident or a systemic problem;
by an unauthorized person and assessing the impact to the organization and
- who conducted the investigation of the breach; and
individual if the PII is misused.
- any other pertinent information.
c. Additional Notes. This field can be used to convey additional information.
DD FORM 2959 (INSTRUCTIONS, FEB 2013
ADVERTISEMENT
0 votes
Related Articles
Related forms
Related Categories
Parent category: Business