PART 824 - PROTECTION OF PRIVACY AND FREEDOM OF INFORMATION
Subpart 824.1 - Protection of Individual Privacy
VA rules implementing the Privacy Act of 1974 are in 38 CFR 1.575 through 1.584, Safeguarding Personal Information in Department of Veterans Affairs Records.
(c) The contracting officer shall reference the following documents in solicitations and contracts that require the design, development, or operation of a system of records -
(1) VA Handbook 6500.6, Contract Security;
(2) VA Handbook 6508.1, Procedures for Privacy Threshold Analysis and Privacy Impact Assessment;
(3) VA Handbook 6510, VA Identity and Access Management -
(i) The contracting officer will ensure that statements of work or performance work statements that require the design, development, or operation of a system of records include procedures to follow in the event of a Personally Identifiable Information (PII) breach; and
(ii) The contracting officer shall ensure that Government surveillance plans for contracts that require the design, development, or operation of a system of records include monitoring of the contractor's adherence to Privacy Act/PII regulations. The assessing official should document contractor-caused breaches or other incidents related to PII in past performance reports. Such incidents include instances in which the contractor did not adhere to Privacy Act/PII contractual requirements.
Subpart 824.2 - Freedom of Information Act
(a) VA rules implementing the Freedom of Information Act (FOIA) are in 38 CFR 1.550 through 1.562.
(b) Upon receipt of a request, the contracting officer shall provide the requester with the name of the cognizant VA FOIA Service Office. The VA FOIA Service Office (see http://www.oprm.va.gov/foia/) is the focal point for all FOIA requests and official information may only be released through the cognizant FOIA Service or their authorized designee.