FAR Part 24 Flashcards
Part 24
Protection of Privacy and Freedom of Information
This part prescribes policies and procedures that apply requirements of the Privacy Act of1974 ( 5 U.S.C.552a) (the Act)
and OMB CircularNo.A- 130, December 12,1985, to Government contracts and cites the Freedom of Information Act ( 5 U.S.C.552, as amended).
Protection of Individual Privacy
(a) The Act requires that when an agency contracts for the design, development, or operation of a system of records on individuals on behalf of the agency to accomplish an agency function the agency must apply the requirements of the Act to the contractor and its employees working on the contract.
(b) An agency officer or employee may be criminally liable for violations of the Act. When the contract provides for operation of a system of records on individuals, contractors and their employees are considered employees of the agency for purposes of the criminal penalties of the Act.
(c) If a contract specifically provides for the design, development, or operation of a system of records on individuals on behalf of an agency to accomplish an agency function, the agency must apply the requirements of the Act to the contractor and its employees working on the contract. The system of records operated under the contract is deemed to be maintained by the agency and is subject to the Act.
(d) Agencies, which within the limits of their authorities, fail to require that systems of records on individuals operated on their behalf under contracts be operated in conformance with the Act may be civilly liable to individuals injured as a consequence of any subsequent failure to maintain records in conformance with the Act.
A proposal in the possession or control of the Government, submitted in response to a competitive solicitation, shall not
be made available to any person under the Freedom of Information Act.
The Freedom of Information Act (5U.S.C.552, as amended) provides that
information is to be made available to the public either by-
(a) Publication in the Federal Register;
(b) Providing an opportunity to read and copy records at convenient locations; or
(c) Upon request, providing a copy of a reasonably described record.
Subpart 24.3-Privacy Training
(a) Contractors are responsible for ensuring that initial privacy training, and annual privacy training thereafter, is completed by contractor employees who-
* (1) Have access to a system of records;
* (2) Create, collect, use, process, store, maintain, disseminate, disclose, dispose, or otherwise handle
personally identifiable information on behalf of the agency; or
* (3) Design, develop, maintain, or operate a system of records (see FAR subpart 24.1 and 39.105).
(b) Privacy training shall address the key elements necessary for ensuring the safeguarding of personally identifiable information or a system of records. The training shall be role-based, provide foundational as well as more advanced levels of training, and have measures in place to test the knowledge level of users.
(c) The contractor may provide its own training or use the training of another agency unless the contracting agency specifies that only its agency-provided training is acceptable (see 24.302(b)).
(d) The contractor is required to maintain and, upon request, to provide documentation of completion of privacy training for all applicable employees.
(e) No contractor employee shall be permitted to have or retain access to a system of records, create, collect, use, process, store, maintain, disseminate, disclose, or dispose, or otherwise handle personally identifiable information, or design, develop, maintain, or operate a system of records, unless the employee has completed privacy training
How Does the Privacy Act Apply to Contractors?
The Privacy Act requires that when an agency contracts for the design,
development, or operation of a system of records on individuals on behalf of the agency to accomplish an agency function the agency must
apply the requirements of the Act to the contractor and its employees working on the contract.
The contracting officer shall ensure that the contract work statement specifically identifies the system of records on individuals and the
design, development, or operation work to be performed; and make available, in accordance with agency procedures, agency rules and
regulation implementing the Privacy Act.
Why Is the Freedom of Information Act Relevant to Contracts?
The Freedom of Information Act specifies how agencies shall make their records available upon public request, imposes strict time standards for agency responses, and exempts certain records from public disclosure.
Contracting officers may receive requests for records that may be
exempted from mandatory public disclosure.
The exemptions most often
applicable are proposals in the possession or control of the
Government, submitted in response to a competitive solicitation, or
those relating to classified information, to trade secrets and confidential commercial or financial information, to interagency or intra-agency memoranda, or to personal and medical information pertaining to an individual.
The Freedom of Information Act (5 U.S.C. 552, as amended) (FOIA) provides that information is to be made available to the public either by
Publication in the Federal Register;
Providing an opportunity to read and copy records at convenient locations; or
Upon request, providing a copy of a reasonably described record.
The act, among other things, specifies how agencies shall make their records available upon public request, imposes strict time standards for agency responses, and exempts certain records from public disclosure.
A proposal submitted in response to a competitive solicitation shall not be made available to any person under FOIA.
This prohibition does not apply to a proposal, or any part of a proposal, that is set forth or incorporated by reference in a contract between the government and the contractor that submitted the proposal.
Contracting officers may receive requests for records that may be exempted from mandatory public disclosure. The exemptions most often applicable are
those relating to classified information,
to trade secrets and
confidential commercial or financial information,
to interagency or intra-agency memoranda, or
to personal and medical information pertaining to an individual
If FOIA assistance is needed CO can contact
Department of Justice office of information and privacy
Contractors are responsible for ensuring that both initial privacy training and annual privacy training are completed by contractor employees who:
Have access to a system of records;
Create, collect, use, process, store, maintain, disseminate, disclose, dispose,
or
otherwise handle
personally
identifiable information on behalf of a government agency; or
Design, develop, maintain, or operate a system of records.
Privacy training must address the key elements necessary for ensuring the safeguarding of personally identifiable information or a system of records.