Will contractors require training to protect sensitive info?
As the Obama administration steps up methods to protect the government’s sensitive information, many contractors might now have to participate in special training at least once a year to learn new privacy rules.
Contractors would have to complete training that addresses the privacy protections in the law and how to handle and safeguard the personally identifiable information (PII), according to a new Federal Register notice of Oct. 14.
Officials are taking comments through Dec. 13.
Federal officials want to ensure that contractors identify their employees who require access to government’s record systems and handle sensitive information, or even design and operate a record system.
Initially, contractors would have to complete training at the time of the contract award and then at least annually.
The minimum training must address:
- Protecting privacy.
- Authorized and official use of a government system of records.
- Handling and safeguarding PII.
- Restrictions on the use of personally owned equipment to access or store PII.
- Prohibition against access by unauthorized users.
- Procedures to notify officials of a breach in order to minimize risk and ensure prompt actions.
- Any agency-specific privacy training requirements.
Federal agencies would have to provide contractors with the privacy training materials. Contractors would have to keep records of their employees who have completed the training.
Agencies often have their own training, but these requirements provide some consistency throughout the government, the notice states.
Information-sharing has become extremely important since the Sept. 11, 2001, terrorist attacks, experts and officials say. But there are complications that come with that sharing.
For example, WikiLeaks, which disclosed sensitive and classified U.S. documents, exposed the risks of what might be called over-sharing, without necessary safeguards, said Sen. Joe Lieberman (I-Conn.), chairman of the Homeland Security and Governmental Affairs Committee during a hearing on Oct. 12 that looked at the changes in information-sharing since Sept. 11, 2001.
On Oct. 7, President Obama issued an executive order that set guidelines for federal information-sharing, including an expansion of the Information Sharing Environment (ISE), an official governmentwide policy that enhances the ability to share terrorist-related data.
About the Author
Matthew Weigelt is a senior writer covering acquisition and procurement for Federal Computer Week. Follow him on Twitter: @matthewweigelt.