What is a data spill?
A data spill has been defined earlier in this FAQ as a security incident that results in the transfer of classified or sensitive (for example, privacy, contract sensitive) information to unaccredited and unauthorized information systems, applications or media. Data spills can be identified when either the originator or sender realizes his error, or when a reader discovers the spilled information. The term data spill pertains to classified or sensitive information that is stored on or transmitted over information systems or networks that are: • Not formally accredited to host or process that information (e.g., SCI to SIPRNET, Secret information to the NIPRNET. • Not formally accredited to host or process information subject to specific restricted handling caveats (e.g., PROPIN, ORCON, NATO. • Not formally accredited to host or process information under the control of a particular dissemination control system (e.g., HCS). • The inappropriate release of information to a foreign nation’s I
