Proposal seeks to protect agencies' private information

With a blended workforce and the need to share more sensitive information across boundaries, the Obama administration wants contractors to know how to protect an agency’s information and to take their obligation seriously.

Contractors would have to complete training that addresses the privacy protections in the law and how to handle and safeguard of personally identifiable information, according to a proposed rule published in the Federal Register Oct. 14.

Officials are taking comments through Dec. 13.


Related stories:

Executive order puts information sharing in the spotlight

Experts see more openness to being open with info


Federal officials want to ensure that contractors identify their employees who require access to government’s record systems and handle the sensitive information, or even design and operate a record system.

Contractors would have to complete training initially upon award of the contract and at least annually from there.

The minimum training must address:

  • Protecting privacy.
  • Authorized and official use of a government system of records.
  • Handling and safeguarding PII.
  • Restrictions on the use of personally-owned equipment to access or store PII.
  • Prohibition against access by unauthorized users.
  • Procedures to notify officials of a breach in order to minimize risk and to ensure prompt actions.
  • Any agency-specific privacy training requirements.

Agencies would have to provide contractors with the privacy training materials. Contractors would have to keep record their employees who have completed the training.

Agencies often have their own training, but these requirements give some consistency throughout the government, the notice states.

Information sharing has become extremely important since the Sept. 11, 2011, terrorist attacks, experts and officials say. But there are complications to sharing.

Wikileaks, which disclosed sensitive and classified U.S. documents, exposed the risks of what might be called over sharing, without necessary safeguards, said Sen. Joe Lieberman (I-Conn.), chairman of the Homeland Security and Governmental Affairs Committee.

“New communications technologies have made it more difficult to ensure that critical information is retained for appropriate use by law enforcement. And of course we have to ensure that information is shared in a way that adequately protects the privacy and civil liberties of our citizens,” he said during a hearing on Oct. 12 that looked as the changes in information sharing since the terrorist attacks.

On Oct. 7, President Barack Obama issued an executive order that set guidelines for federal information sharing, including an expansion of the Information Sharing Environment, an official governmentwide policy that enhances the ability to share terror-related data.

Thomas McNamara, program manager for the ISE from 2006 until 2009, told Lieberman’s committee that program mangers’ most important job is ensuring all users in the ISE observe the rules. The past five years have produced a viable, replicable methodology to monitor and oversee policies of privacy rights and civil liberties.

“Without it, support for the ISE will wither and die,” he said.

About the Author

Matthew Weigelt is a freelance journalist who writes about acquisition and procurement.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Sat, Oct 15, 2011 Jaime Gracia Washington, D.C>

Every agency I have ever worked with already has this type of training in one form or another. In fact, one agency that I am currently working with has this training daily as you access internal systems, although the annual training is still required. It keeps track of your responses and actually tracks the questions and answers along the same categories that these minimum standards address. The only thing that seems consistent with this Administration is that contractors are the problem.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group