Training Requirements

Purpose

GSA’s Privacy Office strives to offer timely, relevant and targeted training on how to identify, handle and protect PII properly. The information on this page is intended to inform members of the public of GSA's privacy policies and practices as they apply to GSA employees, contractors, and clients.

Responsibilities

The Privacy Office has developed agency-wide and role-based training offerings. These trainings cover GSA’s policies on protecting Personally Identifiable Information (PII). All GSA employees and contractors are required to complete privacy and security awareness training each year. New employees and contractors are required to complete training upon employment.

Requirements

IT Security and Privacy Awareness Training

All GSA account holders must complete this training in order to maintain access to GSA's IT systems and resources such as email, Google Drive and other IT resources. The Privacy portion of the course focuses on four main areas:

  1. It introduces the concept of Controlled Unclassified Information (CUI) and provided categories of PII commonly collected, maintained or disseminated within GSA;
  2. It discusses three key aspects of the Privacy Act of 1974;
  3. It demonstrates five simple ways that employees can protect PII; and
  4. It provides instructions on how to report a breach.

Each account holder also must electronically acknowledge the GSA IT Rules of Behavior before starting the mandatory test. Completion of the course is tracked. To be considered as completed, each user must correctly answer at least 7 out of 10 knowledge check questions.

Sharing Securely in a Collaborative Environment

This course covers how to handle sharing collaboratively and provides in-depth guidance on properly handling and disseminating PII.

The course focuses on three lessons:

  1. What you can share (and not share),
  2. How you should share, and
  3. Who you can share with (limits).

In the “Know What You Are Sharing” section, staff are instructed to protect GSA's business information by identifying whether they are working with confidential, PII and other sensitive information. The “Know Who You Are Sharing With" section investigates how to check access restrictions on files, how to safeguard information during meetings, and other simple tips to decrease the risk of accidentally sharing sensitive information with the wrong people. That section also covers how to apply the “need to know” rule.

The last section, “Know How You Are Sharing” dives into the powerful access controls that specific GSA technologies (e.g. Google Drive, Team Drive and Google Docs) and platforms (e.g. Meeting Space) offer and how to employ them most effectively.

Completion of the course is tracked. To be considered as completed, each user must correctly answer at least 7 out of 10 knowledge check questions.

Role-Based Privacy Training

Privacy 201- Identifying and Reporting Potential Incidents and Breaches is a role-based course mandatory for GSA staff with significant information privacy responsibilities such as, privileged account holders or those with access to sensitive PII. It builds upon the material covered in GSA’s "IT Security and Privacy Awareness" training and "Sharing Securely in a Collaborative Environment".

During this e-learning course, you will learn how to identify and report potential security and privacy breaches, as well as become better prepared to prevent breaches.

Completion of the course is tracked. To be considered as completed, each user must correctly answer at least 3 out of 4 knowledge check questions.

In-Person Training

The Privacy Program also leads in-person training sessions on request and based on analyses of PII incidents and breaches.

print Share Icon Last Reviewed 2018-04-24