Federal officials want contractors, who have access to government record systems and handle the sensitive information, to take their responsibilities seriously.
With a blended workforce and the need to share more sensitive information across boundaries, the Obama administration wants contractors to know how to protect an agency’s information and to take their obligation seriously.
Contractors would have to complete training that addresses the privacy protections in the law and how to handle and safeguard of personally identifiable information, according to a proposed rule published in the Federal Register Oct. 14.
Officials are taking comments through Dec. 13.
Federal officials want to ensure that contractors identify their employees who require access to government’s record systems and handle the sensitive information, or even design and operate a record system.
Contractors would have to complete training initially upon award of the contract and at least annually from there.
The minimum training must address:
- Protecting privacy.
- Authorized and official use of a government system of records.
- Handling and safeguarding PII.
- Restrictions on the use of personally-owned equipment to access or store PII.
- Prohibition against access by unauthorized users.
- Procedures to notify officials of a breach in order to minimize risk and to ensure prompt actions.
- Any agency-specific privacy training requirements.
Agencies would have to provide contractors with the privacy training materials. Contractors would have to keep record their employees who have completed the training.
Agencies often have their own training, but these requirements give some consistency throughout the government, the notice states.
Information sharing has become extremely important since the Sept. 11, 2011, terrorist attacks, experts and officials say. But there are complications to sharing.
Wikileaks, which disclosed sensitive and classified U.S. documents, exposed the risks of what might be called over sharing, without necessary safeguards, said Sen. Joe Lieberman (I-Conn.), chairman of the Homeland Security and Governmental Affairs Committee.
“New communications technologies have made it more difficult to ensure that critical information is retained for appropriate use by law enforcement. And of course we have to ensure that information is shared in a way that adequately protects the privacy and civil liberties of our citizens,” he said during a hearing on Oct. 12 that looked as the changes in information sharing since the terrorist attacks.
On Oct. 7, President Barack Obama issued an executive order that set guidelines for federal information sharing, including an expansion of the Information Sharing Environment, an official governmentwide policy that enhances the ability to share terror-related data.
Thomas McNamara, program manager for the ISE from 2006 until 2009, told Lieberman’s committee that program mangers’ most important job is ensuring all users in the ISE observe the rules. The past five years have produced a viable, replicable methodology to monitor and oversee policies of privacy rights and civil liberties.
“Without it, support for the ISE will wither and die,” he said.