Deputy Chief Information Officer for Operations Chris Gaucher serves as NPS’ Privacy Act Coordinator, ensuring the management of personally-identifiable information (PII) remains in compliance in all facets in the Information Technology and Communications Services department (ITACS).
Personally-identifiable information (PII) is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used to compromise the anonymity of anonymous data can also be considered PII.
Gaucher recently gathered a team of PII representatives from around campus and NSA Monterey for an annual meeting to share lessons learned from this past year. He also passed along new Navy and DOD privacy requirements, and gave the team of PII reps the opportunity to ask questions. It was also a chance for the team to learn from one another, and to build a local network of trusted partners who work with privacy information every day.
“NPS’ broad and diverse communications, including high performance and high bandwidth networking services is important,” said Gaucher, referencing the critical role these technologies play in empowering our student, faculty research. And this annual meeting of representatives is just one of the many ways he keeps NPS network users apprised of current privacy act practices, he added.
In the very near future, Gaucher said he will convene a tabletop exercise on managing responses to a large-scale privacy incident, with several participants across campus.
“This exercise will be conducted in November, which will test NPS’ cyber defenses on PII under our jurisdiction,” said Gaucher.
He will also be working with the local Command Inspector General (IG), including checklists common to the discipline. Gaucher will also observe the Naval Academy’s inspection in October and bring back lessons learned from their experiences.
“Our PII reps will really help to frame the right communications to the campus and share their observations where there may be areas of improvement necessary to protect our campus PII,” said Gaucher.
Additional topics discussed including out-processing procedures for NPS personnel, customized training for small groups around campus, and simple procedures, such as e-mail encryption, to protect PII at the user level.
Ultimately, the primary message Gaucher wanted to stress was that protecting PII is a shared responsibility for everyone on campus.
“If something doesn’t look right, or there is risk evident to them in areas they work, let’s talk about how we can make things better ... Everyone should feel they are part of the solution,” he said.