Vendors could soon be required to provide privacy training that meets federal standards to their employees who work on agency systems.
The Federal Acquisition Regulations Council today issued a proposed rule in the Federal Register detailing minimum training requirements to ensure consistency across the government.
“The proposed FAR text includes seven mandatory elements of the privacy training, including any agency-specific requirements,” the proposal stated. “Many agencies currently require that designated contractor employees complete agency-developed privacy training, but, in some circumstances, an agency may provide a contractor with the Privacy Act requirements and have the contractor develop the training package.”
The council stated that if a contractor doesn’t pass the training, they would not be allowed to work on federal systems or records.
“This proposed rule was initiated to ensure that contractor personnel who handle personally identifiable information; design, develop, maintain or operate a system of records on behalf of the government; or require access to a government-owned system of records are properly trained on the requirements of applicable laws and appropriate safeguards to ensure the security and confidentiality of personally identifiable information,” the council wrote.
Vendors would have to identify employees who require training and maintain records of them passing it.