Privacy

The definition of PII is broad. PII includes any information collected or maintained by the Bonneville Power Administration about any individual. This includes:

• Information that can be used to distinguish or trace an individual, such as name, Social Security number, and biometric data, and
  
• Information about a person's past or present status or activities, such as education, medical history, criminal history, or employment history.

Sensitive PII is PII that must be protected against loss because improper disclosure could result in substantial harm, embarrassment, inconvenience or unfairness to an individual. Improper disclosure includes loss, theft, and unauthorized release or sharing.

Sensitive PII: Examples

• Social Security number or last four digits
• Medical history and conditions
• Credit card and financial account numbers (personal and government)
• Driver's license, state ID and passport number
• Education
• Height and weight
• Workplace performance and disciplinary history
• Employment history and information

Non-sensitive PII is information that is often publicly available, and its dissemination is unlikely to lead to harm. Keep in mind that you should exercise care when handling any kind of PII.

Non-sensitive PII: Examples

• Name
• E-mail address
• Home address
• Phone number
• HRMIS ID
• BUD login

Can PII be sensitive in some cases and not in others?

Context matters. Some kinds of PII are always considered sensitive, including Social Security numbers, birth dates, and biometric identifiers like fingerprints. Other categories of PII are sensitive in certain contexts. For example:

• A list of employee names attending a meeting would be non-sensitive. A list of employee names facing disciplinary action would be sensitive because it is potentially harmful or embarrassing.
• Identifiable photographs are PII, but the sensitivity cannot be predicted because it depends on both content and context.

What other kinds of things are PII?

Many other things may be PII; the charts above are not exhaustive and only contain examples. Remember, PII includes any information that meets the definition above, and sensitivity always depends on context.

BPA employees shall limit the use of PII to only that information which is specifically needed to carry out their duties.

The Privacy Act imposes civil and criminal penalties on any employee of an agency who willfully discloses PII held in a Federal System of Records (SOR) to any person or agency not entitled to receive it.

The individual whose PII was the subject of the misuse and the organization that maintained the PII may experience some degree of adverse effects. Depending on the type of information involved, an individual may suffer social, economic or physical harm. If the information lost is sufficient to be exploited by an identity thief, for instance, the person may suffer from a loss of money, damage to credit, a compromise of medical records, threats, or harassment. The individual may also suffer from significant losses of time and money to address the damage. Other potential harms include embarrassment, improper denial of government benefits and discrimination.

Organizations may experience harm as a result of a loss of PII maintained by the organization. Harm may include remediation costs, financial losses, loss of public reputation and public trust, and legal liability.

In many cases, protection of PII is similar to protection of other data and includes protecting the confidentiality, integrity and availability of the information. Most security controls used for other types of data are also applicable to the protection of PII. For PII, there are several privacy-specific safeguards, such as anonymization, minimization of PII collection and de-identification.

In addition to protection requirements for PII, there are other requirements for handling PII. The Fair Information Practices – established by the Privacy Act – advance best practice guidelines, such as purpose specification, use limitation, accountability and data quality.

Breaches to the confidentiality of PII have the potential to harm both the organization and the individual. Harm to individuals is of increased concern because of the magnitude of potential harm, such as identity theft, embarrassment and denial of benefits.

BPA’s Privacy Office inventories and audits all collections of PII, utilizing Initial Privacy Evaluations (IPE) and Privacy Impact Assessments (PIA) to assess privacy impact and risk. The Privacy Office works in conjunction with IT and Cyber Security to ensure appropriate technical safeguards are in place to protect PII in electronic systems. Additionally, the Privacy Office promotes privacy education and awareness and works with individuals and offices across the agency to ensure adequate protection of PII.

The individual whose PII was the subject of the misuse and the organization that maintained the PII may experience some degree of adverse effects. Depending on the type of information involved, an individual may suffer social, economic or physical harm. If the information lost is sufficient to be exploited by an identity thief, for instance, the person may suffer from a loss of money, damage to credit, a compromise of medical records, threats, or harassment. The individual may also suffer from significant losses of time and money to address the damage. Other potential harms include embarrassment, improper denial of government benefits and discrimination.

Organizations may experience harm as a result of a loss of PII maintained by the organization. Harm may include remediation costs, financial losses, loss of public reputation and public trust, and legal liability.

In many cases, protection of PII is similar to protection of other data and includes protecting the confidentiality, integrity and availability of the information. Most security controls used for other types of data are also applicable to the protection of PII. For PII, there are several privacy-specific safeguards, such as anonymization, minimization of PII collection and de-identification.

In addition to protection requirements for PII, there are other requirements for handling PII. The Fair Information Practices – established by the Privacy Act – advance best practice guidelines, such as purpose specification, use limitation, accountability and data quality.

Breaches to the confidentiality of PII have the potential to harm both the organization and the individual. Harm to individuals is of increased concern because of the magnitude of potential harm, such as identity theft, embarrassment and denial of benefits.

The Privacy Act of 1974 mandates how federal agencies maintain PII, i.e., records that uniquely define an individual. The basic provisions of the Act require government agencies to:

• Collect only PII that is relevant and necessary to carry out an agency function.
• Limit access to PII to only those agency employees with a need for the information to conduct their official job duties.
• Maintain no secret records on American citizens or lawful permanent residents.
• Explain, at the time the information is collected, why it is needed and how it will be used.
• Ensure that the records are used only for the reasons given, or seek permission from the subject individual when another purpose for there is considered necessary.
• Provide adequate safeguards to protect the records from unauthorized access and disclosure.
• Allow individuals access to their records and provide individuals the opportunity to correct inaccuracies in their records.
• Allow individuals to find out about disclosures of their records to other agencies and persons.

Privacy Act records are records about individuals that are regularly retrieved by personal identifiers, such as a name or a unique identification number. Most of BPA’s Privacy Act records concern employees, and include, for instance, personnel records, official government travel records, and training records. Privacy Act records are grouped into Privacy Act Systems of Records.

A System of Records Notice (SORN) is a description of any Privacy Act SOR. SORNs generally describe the who, what, where and why of a system and describe the processes for individuals to access or contest the information being held about them in that system. SORNs also describe how the records in that system are used by BPA, and the circumstances under which BPA can disclose the records to third parties. SORNs are required to be published in the Federal Register.

A Privacy Impact Assessment is an analysis of how PII is collected, maintained, used and disseminated by a BPA program or system as well as the risks associated with the collection of information. PIAs are required to be made available to the public. DOE makes BPA PIAs publicly available here.

If you wish to submit a privacy complaint concerning a BPA program, policy or action, please contact the BPA Privacy Office.
Email: privacy@bpa.gov
Phone: 503-872-7740

If you have additional questions regarding BPA’s privacy program, you may contact the Privacy Office.
Email: privacy@bpa.gov
Phone: 503-872-7740

Office of Management Budget – Privacy Related Memoranda

Department of Energy Privacy Program

Department of Justice Office of Privacy and Civil Liberties