(a) the contracting entity shall examine the requirements to determine whether the contract involves the design, preparation or operation of a system of individual files for the performance of an agency function; (b) Where one or more of these tasks are required, the contracting authority: – The following requirements shall apply specifically to GSA-IT systems contracts. These requirements are included in all GSA IT support contracts that contain personal data in accordance with data protection law. (1) Ensure that the contractual statement of work specifically identifies the system of records of persons and the design, development or operation work to be performed; and (2) include the notice of the Data Protection Act contained in this Agreement in any solicitation and any resulting subcontract and subcontract granted without request if the work instruction in the proposed subcontract requires the redesign, development or operation of a system of records of persons subject to the law; and if you have customers or website visitors from all over the world, you should refer to international data protection laws to ensure that you meet all necessary legal requirements. (a) Contractors are responsible for ensuring that the initial data protection training and, subsequently, the annual data protection training are completed by the contractor`s employees, the – General topic: Federal Procurement Regulation 24,000 Scope of the part. This section describes the policies and procedures that apply the requirements of the Privacy Act of 1974 (5 U.S.C.552a) (the Act) and OMB Circular No. A-130 of December 12, 1985 to government contracts, and cites the Freedom of Information Act (5 U.S.C.552, as amended). Subsection 24.1 – Protection of the privacy of individuals 24.101 Definitions. As used in this subsection, agency means any executive department, military department, government corporation, government-controlled entity, or other entity of the executive branch of government (including the President`s Executive Office) or any independent regulatory authority. Individual means a U.S. citizen or alien who is legally admitted to permanent residence.
Maintain means maintaining, collecting, using or distributing. The operation of a system of record means performing any of the activities associated with the maintenance of the file system, including the collection, use and dissemination of documents. Personally identifiable information is information that can be used to distinguish or track an individual`s identity, alone or in combination with other information that can or may be linked to a particular individual. (See Bureau of Management and Budget (OMB) Circular No. A-130, Managing Federal Information as a Strategic Resource.) Record means any element, collection or aggregation of information about an individual managed by an organization, including, but not limited to, education, financial transactions, medical history, and criminal or professional history, and this includes the name or identification number of the person, the symbol or other identifying person assigned to the individual, like. B a fingerprint, voiceprint or photo. System for the registration of individuals means a set of records under the control of a public authority from which information is extracted under the name of the person or by an identification number, symbol or other identification mark assigned to the person. 24.102 General. a) The law stipulates that if an agency enters into contracts on behalf of the agency for the design, development or operation of a system of records of persons performing an agency function, the agency must apply the requirements of the law to the contractor and its employees working on the contract.
(b) An official or employee of the Agency may be held criminally liable for violations of the law. If the contract provides for the operation of an individual records system, the contractors and their employees are considered employees of the agency for the purposes of the criminal sanctions of the law. . . .