Skip to main content
AFARS

AFARS

Change Number: 2024-0712
Effective Date: 07/12/2024

5124.103 Procedures.

5124.103 Procedures.

(b)(i) The contracting officer shall reference the following documents in solicitations and contracts that require the design, development, or operation of a system of records:

(A) DoD Directive 5400.11.

(B) DoD Regulation 5400.11-R.

(C) Regulations for community-specific protected information, as applicable, e.g. DoD Regulation 6025.18-R (DoD Health Information Privacy Regulation).

(ii) The contracting officer will ensure that work statements that require the design, development, or operation of a system of records include procedures to follow in the event of a PII breach.

(iii) The contracting officer should ensure that Government surveillance plans for contracts that require the design, development, or operation of a system of records include monitoring of the contractor’s adherence to Privacy Act/PII regulations. The assessing official should document contractor-caused breaches or other incidents related to PII in past performance reports. (See 5142.1503-90(b).) Such incidents include instances in which the contractor did not adhere to Privacy Act/PII contractual requirements.