From: National Law Review
ASusan B. Cassidy, Evan Sherwood | Covington & Burling LLP
Among the proposed rules, announced in the Semiannual Regulatory Agenda of the FAR Council and the General Services Administration (“GSA”), are changes that would affect nearly every segment of the government contracts industry. Although some of the rules may simplify the burdens on contractors, most come with enhanced compliance obligations, particularly with respect to data security and cyber incidents.
Some of the key proposals are summarized below.
- Data breaches. Under a new proposal, contractors would be required to use a contractually-specified set of procedures when responding to data breaches involving personally identifiable information (“PII”). The new contract clauses will implement the requirements in the Office of Management and Budget’s Memorandum M-17-12. A proposed rule is expected in March.