At the last minute, the Federal Acquisition
Regulations were amended by the Obama Administration requiring federal
contractors to provide employees with “privacy training.” The new rule, issued
on January 20, 2017, was effective January 19, 2017!
Under the privacy rule, contractors must provide a program to
train employees to protect personally identifiable information, both their own
and that to which they have access.
- identify all personally identifiable information
(PII) and those who have access or handle it
- must implement a mandated multi-step training
program regarding access, use, and maintenance of PII
- ban access to PII to all who have not completed
the mandated training.
All contracts with PII, including those for commercial
items, are covered and the requirement to provide privacy training flows-down to all subcontractors including
those for commercial items when they involve handling and safeguarding of PII.