Archives: Privacy

Subscribe to Privacy RSS Feed

Updated OMB Breach Response Policy Includes Required Breach-Related Provisions for Federal Agency Contracts

On Monday, our colleague Caleb Skeath posted on Inside Privacy an engaging article that discusses the new Office of Management and Budget policy setting forth minimum standards for federal agencies in preparing for and responding to breaches of personally identifiable information (PII) and the expected contractual changes that agencies will impose on contractors whose systems … Continue Reading

Think Before You Post: Social Media History Now Reviewable During Background Checks

On May 13, 2016, the Office of the Director of National Intelligence (“ODNI”) announced a new policy under which federal agencies may consider publicly available social media information in connection with an application for a security clearance.  The new security directive, entitled “Security Executive Agent Directive 5” (“Directive 5”), was signed on May 12 by … Continue Reading

President Obama Unveils Cybersecurity National Action Plan and Issues Two New Executive Orders Directed at Cybersecurity and Privacy Concerns

President Obama unveiled on February 9, 2015 his Cybersecurity National Action Plan (CNAP), a combination of near-term actions and long-term strategy to “enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take better control of their digital security.”  In conjunction with this unveiling, … Continue Reading

DoD Issues Targeted Class Deviation Updating Recently Adopted Cybersecurity DFARS Clauses

Last week, on October 8th, DoD issued a class deviation replacing DFARS 252.204-7012 and 252.204-7008 with revised clauses that give covered contractors up to nine (9) months (from the date of contract award or modification incorporating the new clause(s)) to satisfy the requirement for “multifactor authentication for local and network access” found in Section 3.5.3 … Continue Reading

GSA Seeks Industry Input on Cybersecurity Schedule Offerings

Earlier this month, the U.S. General Services Administration (GSA) issued a Request for Information (RFI) soliciting feedback from industry on ways to improve the sale of Cybersecurity and Information Assurance (CyberIA) products and services through GSA’s multi-billion dollar Information Technology (IT) Schedule 70. IT Schedule 70 currently features more than a dozen special item numbers (SINs) for cybersecurity … Continue Reading

DoD’s Updated Privacy Program Imposes Stringent Rules for Protection of PII

By final rule issued January 27, the Department of Defense (DoD) updated its Privacy Program, meaning that effective February 26, 2015, certain DoD contractors will be required to comply with additional “rules of conduct.”  These rules of conduct are consistent with the types of requirements imposed on federal agencies by the Privacy Act. The final … Continue Reading