On Jan. 3rd, the Office of Management and Budget (OMB) issued an updated breach response policy for federal agencies, replacing a policy last updated in 2007. 

The policy, set forth in memorandum M-17-12, provides minimum standards for federal agencies in preparing for and responding to breaches of personally identifiable information (PII).   In addition to setting forth requirements for federal agencies to prepare for and respond to breaches, the policy also includes required contractual terms regarding breach preparedness and response for certain federal contractors.

The policy states that the contractual requirements should be inserted into any contract, cooperative agreement or other similar instrument where the contractor collects or maintains PII, or uses or maintains an information system, on behalf of the Government.

Keep reading this article which details contractor requirements here: https://www.insideprivacy.com/data-security/data-breaches/updated-omb-breach-response-policy-includes-required-breach-related-provisions-for-federal-agency-contracts/

Read OMB’s Jan. 3, 2017 memorandum here: Preparing for and Responding to a Breach of Personally Identifiable Information – OMB m-17-12 – 01.03.2017