Handling protected information is a fairly straightforward category. It deals with an individual’s on the job conduct. It encompasses behavior including but not limited to: not locking safes, not properly securing the hard disk of a computer so it won’t be compromised, failing to report security violations of others or the suspicious conduct of coworkers. In essence, it is the failure to discharge security related responsibilities.
These kinds of security violations are among the most cogent reasons for denying or revoking access to classified information, as they go to the heart about an individual’s trustworthiness in handling classified information. In fact, this guideline may be raised even if the conduct at issue did not involve classified information at all. Furthermore, if the conduct was not a security violation per se, it can still be raised as a matter covered under personal conduct (Guideline E).
Handling Protected Information
The Concern: Deliberate or negligent failure to comply with rules and regulations for protecting classified or other sensitive information raises doubt about an individual’s trustworthiness, judgment, reliability, or willingness and ability to safeguard such information, and is a serious security concern.
Conditions that could raise a security concern and may be disqualifying include:
(a) deliberate or negligent disclosure of classified or other protected information to unauthorized persons, including but not limited to personal or business contacts, to the media, or to persons present at seminars, meetings, or conferences;
(b) collecting or storing classified or other protected information in any unauthorized location;
(c) loading, drafting, editing, modifying, storing, transmitting, or otherwise handling classified reports, data, or other information on any unapproved equipment including but not limited to any typewriter, word processor, or computer hardware, software, drive, system, gameboard, handheld, “palm” or pocket device or other adjunct equipment;
(d) inappropriate efforts to obtain or view classified or other protected information outside one’s need to know;
(e) copying classified or other protected information in a manner designed to conceal or remove classification or other document control markings;
(f) viewing or downloading information from a secure system when the information is beyond the individual’s need to know;
(g) any failure to comply with rules for the protection of classified or other sensitive information;
(h) negligence or lax security habits that persist despite counseling by management;
(i) failure to comply with rules or regulations that results in damage to the National Security, regardless of whether it was deliberate or negligent.
Conditions that could mitigate security concerns include:
(a) so much time has elapsed since the behavior, or it happened so infrequently or under such unusual circumstances that it is unlikely to recur or does not cast doubt on the individual’s current reliability, trustworthiness, or good judgment;
(b) the individual responded favorably to counseling or remedial security training and now demonstrates a positive attitude toward the discharge of security responsibilities;
(c) the security violations were due to improper or inadequate training.