New Rules Require Federal Contractors to Provide Privacy Training

February 03, 2017

Federal contractors are now required to comply with recently published privacy training rules intended to protect workers' personally identifiable information.  The final rule, published December 20, 2016 and effective January 19, 2017, amends the Federal Acquisition Regulation to clarify the training requirements for contractors whose employees will have access to a system of records on individuals or handle personally identifiable information (PII).  Specifically, federal contractors and their subcontractors must:

  • Identify individuals now subject to the rules, including those who have access to a system of records or otherwise work with or handle such systems or personally identifiable information; 
  • Provide training to these employees on their privacy obligations within 30 days of winning a contract and on an annual basis thereafter;
  • Maintain records showing that all applicable employees received the mandatory training; and
  • Prohibit all workers who have not completed the required training from interacting with the PII data or systems of records containing the data.