DoD Contractors must update Data breach response plans

Interim Rule regarding rapid notification of DoD information breaches

DoD contractors – please be alert to these new requirements.

Source: Global Privacy Watch, Karla Grossenbacher, October 9, 2015

In an interim final rule published on October 2, another layer has been added to the compliance landscape for defense contractors. In addition to complying with breach notification requirements in as many as 47 different states in the event of a breach involving personally identifiable information, Department of Defense contractors now have to comply with the rapid notification rules issues by DOD in the even of a cyber incident involving covered defense information. These rules are noteworthy in that they require DOD contractors to report cyber incidents within 72 hours of discovering the incident. Most state breach notification statutes do not require that individuals be notified of a breach within a specific number of days and the few state statutes that do have such a requirement contain a much more lenient timeframe of 45 to 90 days.

The interim rule applies only to “cyber incidents” which are defined in the rule as involving “actions taken through the use of computer networks” that result in a compromise or adverse affect on a contractor’s systems or the information on those systems. Thus, the rapid reporting requirements in the interim rule do not apply when defense information is compromised through other means, such as human error or physical theft, which still accounts for a significant number of data breaches for many businesses. However, the interim rule does not exempt contractors from any other reporting requirements triggered by a leak that may apply in the event of another form of intrusion.   Read More …

Are you required to meet these new DoD requirements?  Are you interested in DoD contracting, and not sure what you must be prepared to deliver?  Contact your nearest PTAC to discuss the government contracting requirements with DoD – and all government agencies, including state and local!

 For help with Government Contracting: contact your nearest Procurement Technical Assistance Center (PTAC). Funded through Cooperative Agreements between the U.S. Department of Defense and state and local governments/institutions, PTACs provide free and low-cost assistance in virtually all areas of government contracting.