According to Lucy Morgan, CPA, MBA, Director – My Fed Trainer, who is a Federal Grant Management Authority, GPA Approved Trainer, Speaker and Author of Decoding Grant Management, “recipients of federal funding should be protecting Personally Identifiable Information (PII) from prying eyes. I hope you are protecting all of the common items like Social Security Number and Credit Card Information, but here are some additional items that you may not have considered: Bank Numbers, Place of Birth, Mother’s Maiden Name, Medical Reports, Educational Transcripts, Financial Records, Criminal History, Financial Records, Passport Number and Security Clearance Information, and Biometrics. If the information can be used to track an individual’s identity, then it’s personally identifiable information.”
Lucy states that “step two is to identify where PII exists: Laptops, Websites, Company Directories, Press Releases, Brochures, Announcements, Cell Phones and Cloud Storage.” She also states that “step three is to monitor reporting for accidental or deliberate disclosure and ensure the protection of your organization’s sensitive data.”
Refer to 2 CFR Part 200 Uniform Guidance for detailed information, specifically 200.303 (Internal Controls) as well as 200.507 (Program Specific Audits) and 200.512 (Report Submission).
Source: www.MyFedTrainer.com
