An official website of the United States Government
FAR Overhaul - Part 24
Part 24 - Protection of Privacy and Freedom of Information
Subpart 24.1 - Protection of Individual Privacy
Subpart 24.2 - Freedom of Information Act
24.000 Scope of part.
This part prescribes policies and procedures that apply requirements of the Privacy Act of1974 ( 5 U.S.C. 552a) (the Act) and OMB CircularNo.A-130, December 12,1985, to Government contracts and cites the Freedom of Information Act ( 5 U.S.C.552, as amended).
Subpart 24.1 - Protection of Individual Privacy
24.101 Definitions.
As used in this subpart-
Agency means any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency.
Individual means a citizen of the United States or an alien lawfully admitted for permanent residence.
Maintain means maintain, collect, use, or disseminate.
Operation of a system of records means performance of any of the activities associated with maintaining the system of records, including the collection, use, and dissemination of records.
Personally identifiable information means information that can be used to distinguish or trace an individual's identity, either alone or when combined with other information that is linked or linkable to a specific individual. (See Office of Management and Budget (OMB) Circular No. A-130, Managing Federal Information as a Strategic Resource).
Record means any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to, education, financial transactions, medical history, and criminal or employment history, and that contains the individual's name, or the identifying number, symbol, or other identifying particular assigned to the individual, such as a fingerprint or voiceprint or a photograph.
System of records on individuals means a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.
24.102 General.
(a) When an agency hires a contractor to design, develop, or operate a system of records on individuals, the agency must apply the Privacy Act requirements to the contractor and its employees working on the contract.
(b) Both agency staff and contractor employees may face criminal penalties for violating the Privacy Act. When contractors operate a system of records on individuals to accomplish an agency function, the law treats these contractors as agency employees for purposes of the criminal penalties.
(c) When a contract specifically calls for designing, developing, or operating a system of records on individuals to accomplish an agency function, the agency must apply Privacy Act requirements to the contractor and its employees working on the contract. The system of records operated under the contract is officially considered to be maintained by the agency for the purposes of the Act.
(d) Agencies that, within the limits of their authorities, fail to require contractors to operate systems of records according to the Privacy Act may be civilly liable. If an individual suffers harm due to the contractor’s violation of the Act, the agency may be liable.
24.103 Procedures.
(a) he contracting officer must review requirements to determine if they include designing, developing, or operating a system of records on individuals to accomplish an agency function.
(b) If the contract requires such work, the contracting officer must—
(1) Clearly identify in the contract work statement both the specific system of records and the design, development, or operation work required; and
(2)Provide the contractor with the agency's rules and regulations that implement the Privacy Act.
24.104 Contract clauses.
When a contract requires designing, developing, or operating a system of records on individuals to accomplish an agency function, the contracting officer must include the following clauses in solicitations and contracts:
(a) The clause at 52.224-1, Privacy Act Notification.
(b) The clause at 52.224-2, Privacy Act.
Subpart 24.2 - Freedom of Information Act
24.201 Authority.
The Freedom of Information Act (5 U.S.C. 552) requires that information be made available to the public through three methods:
(a) Publication in the Federal Register;
(b) Access to read and copy records at convenient locations; or
(c) Providing a copy of a reasonably described record upon request.
24.202 Prohibitions.
(a) An agency must not disclose under the Freedom of Information Act any proposal submitted in response to solicitation for competitive proposals. This prohibition does not apply to a proposal, or any part of a proposal, that is included or incorporated by reference in a contract between the Government and the contractor that submitted the proposal. (See 10 U.S.C. 3309 and 41 U.S.C. 4702.)
(b) An agency must not disclose outside the Government any information obtained under part 15 that is exempt from disclosure under the Freedom of Information Act. (See 10 U.S.C. 3705(c)(3) and 41 U.S.C. 3505(b)(3).)
(c) A dispute resolution communication between a neutral person and a party to alternative dispute resolution proceedings that is protected under 5 U.S.C.574(j) is exempt from disclosure under the Freedom of Information Act ( 5 U.S.C. 552(b)(3)).
24.203 Policy.
(a) The Freedom of Information Act specifies how agencies must make their records available upon public request, sets strict time standards for agency responses, and exempts certain records from public disclosure. Each agency's implementation of these requirements appears in its respective title of the Code of Federal Regulations and is referenced in subpart 24.2 of its implementing acquisition regulations.
(b) Contracting officers may receive requests for records that may be exempt from mandatory public disclosure. The most common exemptions are for trade secrets and confidential commercial or financial information (5 U.S.C. 552(b)(4)). Other exemptions include certain interagency or intra-agency memoranda, classified information, internal personnel rules, personal and medical information about individuals, and law enforcement.
(c) Since these requests often involve complex issues requiring in-depth knowledge of court rulings and policy guidance, contracting officers must comply with their agency's implementing regulations. Contracting officers should obtain necessary guidance from agency officials responsible for Freedom of Information Act compliance. For additional assistance, authorized agency officials may contact the Department of Justice, Office of Information and Privacy. A Freedom of Information Act guide and other resources are available at the Department of Justice website under FOIA reference materials: http://www.usdoj.gov/oip.
Subpart 24.3 - Privacy Training
24.301 [Reserved]
24.302 Contract clause.
(a) The contracting officer must insert the clause at FAR 52.224-3, Privacy Training, in solicitations and contracts when, on behalf of the agency, contractor employees will—
(1) Have access to a system of records;
(2) Create, collect, use, process, store, maintain, disseminate, disclose, dispose, or otherwise handle personally identifiable information; or
(3) Design, develop, maintain, or operate a system of records.
(b) When an agency specifies that only its agency-provided training is acceptable, use the clause with its Alternate I.
Feedback
We welcome informal input on the revised FAR :
Non-regulatory Resources
The following are non-regulatory resources associated with FAR :
FAR Companion Guide Coming Soon.
Caveat
The FAR Council created deviations will include clauses and provisions currently required by statute and Executive Order. OMB and the FAR Council will work with Congress to recommend statutory changes and with the White House to recommend rescission of requirements stemming from prior Executive Orders that are inconsistent with the goals of Executive Order 14275 to stop the inefficient use of American taxpayer dollars in federal procurement. Any changes to Executive Orders or statute will be reflected when the Revolutionary FAR Overhaul turns to rule-making.
