AFI33-332 10 MARCH 2020CORRECTIVEACTIONSAPPLIED12MAY2020 49
PII Breach—The loss of control, compromise, unauthorized disclosure, unauthorized
acquisition, or any similar occurrence where (1) a person other than an authorized user accesses
or potentially accesses personally identifiable information or (2) an authorized user accesses or
potentially accesses personally identifiable information for an other than authorized
purpose.Personal Identifier—A name, number, or symbol that is unique to an individual and
that can be used to trace an individual’s identity, usually the person's name or SSN.
Personal Information—Information about an individual that identifies, links, relates, or is
unique to, or describes him or her, e.g., SSN; age; military rank; civilian grade; marital status;
race; salary; home or office phone numbers; other demographic, biometric, or personnel
information. All information that describes, locates or indexes anything about an individual
including his/her education, financial transaction, medical history, criminal or employment
record, or that affords a basis for inferring personal characteristics, such as biometric data
including finger and voice prints, photographs, or things done by or to such individual; and the
record of his/her presence, registration, or membership in an organization or activity, or
admission to an institution. Such information is also known as Personally Identifiable
Information (PII).
Privacy Act Request—A request from an individual for notification as to the existence of,
access to, or amendment to records pertaining to them. These records must be maintained in a
SOR.
Privacy Act Statement—A statement required when soliciting personally identifiable
information that is maintained in a SOR (known as Personal Information). The Privacy Act
Statement informs the individual why the information is being solicited and how it will be used.
Privacy Act System Notice—See System of Records Notice (SORN).
Privacy Act System of Records—See SOR.
Privacy Act Complaint—An allegation that the Agency did not comply with specific provisions
of the Privacy Act, with respect to the maintenance, amendment, or dissemination of SOR.
Privacy Act Violations—a. When an individual or agency who knowingly and/or willfully
makes a determination under the Privacy Act of 1974 paragraph (d)(3) not to amend an
individual's records in accordance with his/her request, or fails to make such review in
conformity with that subsection; refuses to comply with an individual request under (d)(1); fails
to maintain any records concerning: any individual with such accuracy, relevance, timeliness,
and completeness as is necessary to assure fairness in any determination to the qualifications,
character, rights, or opportunities of, or benefits to the individual that may be made on the basis
of such record, and consequently a 3 determination is made which is adverse to the individual; or
fails to comply with any other provision or rule promulgated there under, in such a way as to
have an adverse effect on an individual, the individual may bring a civil action against the
agency, and the district courts of the United States shall have jurisdiction in the matters under the
provisions of this subsection. b. When an individual or agency who knowingly and/or willfully
maintains a SOR without a relevant and necessary need to accomplish a purpose of the agency
required to be accomplished by statute or by executive order of the President; fails to inform
each individual whom it asks to supply information, on a form which it uses to collect the
information or on a separate form that can be retained by the individual: the authority (whether
granted by statute, or by executive order of the President) which authorizes the solicitation of the