Client Alerts & Newsletters

Standardizing Federal PII Breach Response: OMB Updates Guidance for Agencies, Contractors, and Grant Recipients


On January 3, 2017, the Office of Management and Budget (OMB) issued M-17-12, which updates and supersedes 2006 and 2007 OMB memoranda on preparing for and responding to breaches of personally identifiable information (PII) by imposing minimum standards on agencies for incident response programs, training and awareness, reporting, and documentation, coupled with requiring use of a flexible framework to assess and mitigate the risk of harm to individuals potentially affected by a PII breach. While making clear that a PII breach does not necessarily indicate an absence of adequate safeguards, the updated guidance also requires agencies to impose specific requirements, such as encryption, training, and incident-response obligations, on all contractors and subcontractors (at any tier); identifies PII-related requirements for federal grant recipients; and directs the FAR Council to “promptly… create appropriate contract clauses and regulatory coverage.”

For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.

Kate M. Growley, CIPP/G, CIPP/US
Partner – Washington, D.C.
Phone: +1 202.624.2698

Nkechi Kanu
Counsel – Washington, D.C.
Phone: +1 202.624.2872

Crowell & Moring LLP is an international law firm with more than 500 lawyers representing clients in litigation and arbitration, regulatory, and transactional matters. The firm is internationally recognized for its representation of Fortune 500 companies in high-stakes litigation, as well as its ongoing commitment to pro bono service and diversity. The firm has offices in Washington, DC, New York, Los Angeles, San Francisco, Orange County, London, Brussels, and Shanghai.

View Desktop Site | Mobile Sitemap

Contact | Subscribe | Terms of Use | Privacy Statement | Alumni

© Crowell & Moring LLP 2020
Attorney advertising - prior results do not guarantee a similar outcome.