After more than five years since the proposed rule in 2011, the Federal Acquisition Regulatory Council gave federal contractors a surprise holiday gift this year—mandatory privacy training for all employees on contracts and subcontracts issued on or after January 19, 2017 who:

(1) Have access to a system of records;

(2) Create, collect, use, process, store, maintain, disseminate, disclose, dispose, or otherwise handle personally identifiable information on behalf of an agency; or

(3) Design, develop, maintain, or operate a system

Continue Reading School Is in Session: Primes and Subs Must Train All Employees Who Handle PII or Who Build Systems Containing PII for Contracts Issued on or After January 19, 2017

data privacyThe terms data privacy and data security are sometimes swapped back and forth as though they mean the same thing. They don’t, though they are tightly interlocked.

One way to consider how they’re different is to think of data privacy as the who and what of confidential information that must be kept safe and data security as the how, the means for keeping it safe.

Put another way, data privacy focuses on the individual whose private information is at
Continue Reading Privacy vs. Security

Taft Privacy and Data Security attorneys Matthew D. Lawless and Beth A. Bryan will share strategies on how to proactively address downsizing data at the ACC Southwest Ohio CLE program on May 14. The session, “Defensibly Downsizing Your Data: Using Records Retention and Deletion Best Practices to Reduce Your Litigation Costs and Data Security Risks,” will be held at the Taft Center in Cincinnati from 11:30 a.m. – 1:00 p.m. Taft Litigation group chair Russell S. Sayre will welcome the
Continue Reading Lawless and Bryan to Address Proactive Methods to Downsize Data