|
Contract Clauses for Solicitation 47QSMD20R0001 Refresh Number 19 Contract Number: GS -07F -0031W
<br />(2) Create, collect, use, process, store, maintain, disseminate, disclose, dispose, or otherwise
<br />handle personally identifiable information on behalf of an agency; or
<br />(3) Design, develop, maintain, or operate a system of records (see also FAR subpart 24.1 and
<br />39.105).
<br />(c) (1) Privacy training shall address the key elements necessary for ensuring the safeguarding of
<br />personally identifiable information or a system of records. The training shall be role -based,
<br />provide foundational as well as more advanced levels of training, and have measures in place to
<br />test the knowledge level of users. At a minimum, the privacy training shall cover —
<br />(i) The provisions of the Privacy Act of 1974 (5 U.S.C. 552a), including penalties for
<br />violations of the Act;
<br />(ii) The appropriate handling and safeguarding of personally identifiable information;
<br />(iii) The authorized and official use of a system of records or any other personally
<br />identifiable information;
<br />(iv) The restriction on the use of unauthorized equipment to create, collect, use, process,
<br />store, maintain, disseminate, disclose, dispose or otherwise access personally identifiable
<br />information;
<br />(v) The prohibition against the unauthorized use of a system of records or unauthorized
<br />disclosure, access, handling, or use of personally identifiable information; and
<br />(vi) The procedures to be followed in the event of a suspected or confirmed breach of a
<br />system of records or the unauthorized disclosure, access, handling, or use of personally
<br />identifiable information (see OMB guidance for Preparing for and Responding to a
<br />Breach of Personally Identifiable Information).
<br />(2) Completion of an agency -developed or agency -conducted training course shall be deemed to
<br />satisfy these elements.
<br />(d) The Contractor shall maintain and, upon request, provide documentation of completion of privacy
<br />training to the Contracting Officer.
<br />(e) The Contractor shall not allow any employee access to a system of records, or permit any employee
<br />to create, collect, use, process, store, maintain, disseminate, disclose, dispose or otherwise handle
<br />personally identifiable information, or to design, develop, maintain, or operate a system of records
<br />unless the employee has completed privacy training, as required by this clause.
<br />(f) The substance of this clause, including this paragraph (f), shall be included in all subcontracts under
<br />this contract, when subcontractor employees will–
<br />(1) Have access to a system of records;
<br />(2) Create, collect, use, process, store, maintain, disseminate, disclose, dispose, or otherwise
<br />handle personally identifiable information; or
<br />(3) Design, develop, maintain, or operate a system of records.
<br />52.242-5 PAYMENTS TO SMALL BUSINESS SUBCONTRACTORS
<br />(JAN 2017)
<br />(a) Definitions. As used in this clause —
<br />Page: 50 of 216
<br />137
<br />
|