In January, we wrote about the new training requirement for employees who handle personally identifiable information (“PII”) or who build systems containing PII. On the same day that rule went into effect, Jan. 19, 2017, three related Department of Homeland Security (“DHS”) proposed rules were published in the Federal Register covering mandatory privacy training, information technology (“IT”) security awareness training, and the safeguarding of controlled unclassified information (“CUI”). Comments on all three proposed rules are due on Monday, March 20,
Continue Reading DHS Proposed Rules Cover Privacy Training, IT Security Awareness Training and the Safeguarding of CUI
Tony Busch
School Is in Session: Primes and Subs Must Train All Employees Who Handle PII or Who Build Systems Containing PII for Contracts Issued on or After January 19, 2017
By Tony Busch on
Posted in Data Privacy
After more than five years since the proposed rule in 2011, the Federal Acquisition Regulatory Council gave federal contractors a surprise holiday gift this year—mandatory privacy training for all employees on contracts and subcontracts issued on or after January 19, 2017 who:
(1) Have access to a system of records;
(2) Create, collect, use, process, store, maintain, disseminate, disclose, dispose, or otherwise handle personally identifiable information on behalf of an agency; or
(3) Design, develop, maintain, or operate a system…