Sensitive security information (SSI) has been classified in the US since 1974, with the Air Transportation Security Act protecting air travel information. The Homeland Security Agency (HSA) expanded the definition and scope of SSI after 9/11. Federal regulations specify how SSI is handled, including how it is stamped, filed, and maintained. SSI is vast and grouped into three categories, with some data types requiring a special committee to determine SSI. The Coalition of Journalists for Open Government calls SSI too broad, with agencies able to consider any files they want as security-sensitive. Personnel who create SSI must immediately stamp it as such and safeguard it.
The United States has classified certain types of data as sensitive security information (SSI) since 1974. This began with the passage of the Air Transportation Security Act which was passed to protect certain air travel information such as trade secrets and the identity of passengers, as well as infrastructure and scheduling information that could compromise safety. One year after 9/11, 2001, a new Homeland Security Agency (HSA) took over the Department of Transportation (DOT) as well as the new Transportation Security Administration (TSA) which was tasked with overseeing the protection of SSI, expanding its the definition and scope greatly. As always, this stamped information must contain a statement about the specific people who are allowed to view it, and those people must also have a “need to know.”
Federal regulations specifically specify how sensitive security information is handled, from files, photos and videos stored in a locker to others stored on computers. This includes not only how SSIs are to be stamped, filed and maintained, but also how and to whom they can be disclosed. According to a Federal Aviation Administration logistics report, SSI must be marked as such in bold typeface of 16 points or larger, preferably in a practical style such as Times New Roman.
The scope of material considered sensitive is vast. According to a Government Accountability Office report to Congress in 2005, sensitive aviation, rail, port and other security information is grouped into three basic categories. Of the 16 definitions of SSI, 11 data types require a special committee to determine SSI. Four categorical data types are always SSI and one requires a written SSI determination by the appropriate personnel.
While many citizens understand the need for increased security, others also lament the additional lack of oversight over the public’s time and cents. The Coalition of Journalists for Open Government calls sensitive security information too broad in an online statement. Agencies like the TSA, HSA, DOT, and even the Coast Guard are able to consider any files they want to be security-sensitive and, therefore, exempt from federal public records laws.
Regulations defining how sensitive security information is handled require that any personnel who create SSI, even contract workers, immediately stamp it as such, safeguarding it in a locked container or password-protected computer when out of sight. If another worker gets unlabeled SSI, do so immediately. Also, the previous employee must be notified of his mistake.
Protect your devices with Threat Protection by NordVPN
