Skip to main content

Training Requirements

Note: The information on this page is intended to inform members of the public of GSA's privacy policies and practices as they apply to GSA employees, contractors, and clients.

Purpose

One of the requirements of the Federal Information Security Management Act (FISMA) is that agencies report to the Office of Management and Budget on how effectively they are managing their privacy program.   GSA, along with all other federal agencies, must report on training being offered to ensure that all agency personnel and contractors with access to federal data are familiar with privacy laws.  Plus recent events have highlighted federal agencies’ responsibility to secure and protect personally identifiable information that is maintained in electronic and paper form. 

Responsibilities

The Office of the Chief Information Security Officer has developed Privacy Training 101 to meet this requirement. Privacy Training 101 is a reflection of GSA’s policies on protecting personally identifiable information (PII).   All GSA employees and contractors are required to complete privacy and security awareness training annually. New employees and contractors are required to complete training within 60 days of employment.

Requirements

Privacy Training 101

The topics covered include Privacy Laws, Recognizing Privacy Act Records, Handling Privacy Act Information, Understanding Rights of Access, Foiling Information Thieves and Protecting Privacy Information.  The training program provides employees and contractors the laws that regulate all Privacy Programs and GSA’s policies on how privacy protected information should be identified and handled.   The Privacy Office tracks completion to ensure that all employees and contractors meet this training requirement.   

 

Privacy Training 201

Privacy Training 201 is for Human Resources Specialists, Payroll Specialists, Managers, Supervisors, and similar staff who work with Personally Identifiable Information (PII) as part of their work duties. It provides best practices for handling and disseminating PII. This is a mandatory training program for GSA employees and contractors. The Privacy Office tracks completion to ensure that targeted employees and contractors meet this training requirement.


IT Security Awareness Training

The Office of the Chief Information Officer developed the IT Security Awareness Training program.  It ensures that all GSA, other agency, and contractor support staff involved in the management, design, development, operation and use of IT systems are aware of their responsibilities for safeguarding GSA systems and information.  All GSA employees and contractors, who have significant information security responsibilities as defined by OPM 5 CFR Part 930 and GSA IT security training policy, must complete specialized IT security training as defined in the policy.


privacy program employee training, IT security training, privacy training, PII, FISMA