Privacy for Everyone! New FAR Rule Imposes Mandatory Training Requirements for Employees Handling PII
Client Alert | less than 1 min read | 12.28.16
After years of consideration, DoD, GSA, and NASA have published a final rule requiring contractor employees who handle personally identifiable information (PII) or work with a system of records to complete initial and annual privacy training that addresses specified elements, including the Privacy Act, working with PII, and the contractor’s incident response plan. The final rule – effective January 19, 2017, and applicable to all contracts including those for commercial items and those below the Simplified Acquisition Threshold – also requires contractors to identify each covered employee, maintain records indicating that its employees have completed the requisite training, and to provide these records to contracting officers upon request.
Contacts
Partner, Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 3 min read | 01.21.26
Atlantic Biologicals Opioid DPA: DOJ Continues Ramp Up of Criminal Corporate Healthcare Enforcement
On January 13, 2026, Miami-based pharmaceutical wholesaler Atlantic Biologicals Corporation entered into a two-year DPA, admitting to conspiracy to distribute and dispense controlled substances, including more than 14 million opioid doses to “pill mill” pharmacies in Texas at a markup. The DOJ and DEA underscored the company’s deliberate evasion of compliance checks and disregard for red flags signaling diversion.
Client Alert | 3 min read | 01.21.26
FedRAMP Proposes Updates to Authorization Process—Six New RFCs Released for Public Comment
Client Alert | 3 min read | 01.20.26
DoW Joins SBA’s Fight Against Alleged Pass-Through Fraud in the 8(a) Program
Client Alert | 3 min read | 01.20.26
Federal Government Challenges Minnesota Law Requiring Affirmative Action in State Government
