Standardizing Federal PII Breach Response: OMB Updates Guidance for Agencies, Contractors, and Grant Recipients
Client Alert | 1 min read | 01.11.17
On January 3, 2017, the Office of Management and Budget (OMB) issued M-17-12, which updates and supersedes 2006 and 2007 OMB memoranda on preparing for and responding to breaches of personally identifiable information (PII) by imposing minimum standards on agencies for incident response programs, training and awareness, reporting, and documentation, coupled with requiring use of a flexible framework to assess and mitigate the risk of harm to individuals potentially affected by a PII breach. While making clear that a PII breach does not necessarily indicate an absence of adequate safeguards, the updated guidance also requires agencies to impose specific requirements, such as encryption, training, and incident-response obligations, on all contractors and subcontractors (at any tier); identifies PII-related requirements for federal grant recipients; and directs the FAR Council to “promptly… create appropriate contract clauses and regulatory coverage.”
Contacts

Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 5 min read | 07.01.26
What U.S. Patent Holders Need to Know About Inequitable Conduct Right Now
If a court finds that a patent applicant intentionally misrepresented or withheld material information from the USPTO with the intent to deceive, the consequences are severe, leading to unenforceability of the entire patent (and likely any later patents claiming priority to the unenforceable patent).
Client Alert | 3 min read | 06.30.26
Qatar Labor Law: Key Amendments Introduced by Law No. 9 of 2026
Client Alert | 2 min read | 06.29.26
When Trade Secret Theft Becomes Racketeering: What the Fifth Circuit’s New Ruling Means
Client Alert | 7 min read | 06.26.26
Federal Roundup: Updates for PBMs and Medicare Advantage Organizations

