ARTICLE
11 November 2014

Mandatory Privacy Training Rule For Federal Contractors Expected Soon

M
Mintz

Contributor

Mintz logo
Mintz is a litigation powerhouse and business accelerator serving leaders in life sciences, private equity, sustainable energy, and technology. The world’s most innovative companies trust Mintz to provide expert advice, protect and monetize their IP, negotiate deals, source financing, and solve complex legal challenges. The firm has over 600 attorneys across offices in Boston, Los Angeles, Miami, New York, Washington, DC, San Francisco, San Diego, and Toronto.
Explore Firm Details
A rule to require federal contactors handling personally identifiable information to train their employees in safeguarding the information is close to release.
United States Government, Public Sector
Jonathan T. Cain
Your Author LinkedIn Connections

A rule to require federal contactors handling personally identifiable information to train their employees in safeguarding the information is close to release. Under the anticipated rule, contractor employees will have to undergo either agency training when the agency chooses to make it available, or will have to provide their own privacy training programs using an agency-approved syllabus and materials.

The privacy training rule, originally proposed in 2011, would apply to civilian and defense agency contracts in which contractor employees would have access to a federal agency system of records, handle personally identifiable information, or design, develop, operate, or maintain a federal system of records on behalf of a federal agency.

Under the anticipated rule, contractors will be responsible for assuring that their employees have initial and annual refresher training on the following topics:

  • Requirements of the federal Privacy Act
  • The handling and safeguarding of personally identifiable information
  • The authorized and official use of federal systems of records
  • Restrictions on the use of personally owned equipment to process, access, or store personally identifiable information
  • Breach notification and remediation procedures when privacy information is lost or stolen

Agencies will be responsible, in most cases, for providing agency-specific training requirements and training materials for contractor use.

Contractors will be required to maintain training records and to assure that only employees who have completed the agency-approved training course are provided access to Government system of records information.

The rule, which has been languishing for several years, was sent to OMB for final review on November 5. Final procurement rules typically are released by OMB to the Federal Register for publication within four to six weeks. It is reasonable to expect that the privacy rule will be published before the end of the year.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Jonathan T. Cain
Jonathan T. Cain
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More