Training Requirements
Purpose
GSA’s Privacy Office strives to offer timely, relevant and targeted training on how to identify, handle and protect PII properly. The information on this page is intended to inform members of the public of GSA’s privacy policies and practices as they apply to GSA employees, contractors, and clients.
Responsibilities
The Privacy Office has developed agency-wide and role-based training offerings. These trainings cover GSA’s policies on protecting Controlled Unclassified Information (CUI) and Personally Identifiable Information (PII). All GSA employees and contractors are required to complete privacy and security awareness training each year. New employees and contractors are required to complete training upon employment.
Requirements
IT Security and Privacy Awareness Training
All GSA account holders must complete this training in order to maintain access to GSA’s IT systems and resources such as email, Google Drive and other IT resources. The Privacy portion of the course focuses on four main areas:
- It introduces the concept of Controlled Unclassified Information (CUI) and provided categories of PII commonly collected, maintained or disseminated within GSA.
- It discusses three key aspects of the Privacy Act of 1974.
- It demonstrates five simple ways that employees can protect PII.
- It provides instructions on how to report a breach.
Each account holder also must electronically acknowledge the GSA IT Rules of Behavior before starting the mandatory test. Completion of the course is tracked. To be considered as completed, each user must correctly answer at least 7 out of 10 knowledge check questions.
Sharing Securely in a Collaborative Environment
This course covers how to handle sharing collaboratively and provides in-depth guidance on properly handling and disseminating PII.
The course focuses on three lessons:
- What you can share (and not share).
- How you should share.
- Who you can share with (limits).
In the “Know What You Are Sharing” section, staff are instructed to protect GSA’s business information by identifying whether they are working with confidential, PII and other sensitive information. The “Know Who You Are Sharing With” section investigates how to check access restrictions on files, how to safeguard information during meetings, and other simple tips to decrease the risk of accidentally sharing sensitive information with the wrong people. That section also covers how to apply the “need to know” rule.
The last section, “Know How You Are Sharing” dives into the powerful access controls that specific GSA technologies (e.g. Google Drive, Team Drive and Google Docs) and platforms (e.g. Meeting Space) offer and how to employ them most effectively.
Completion of the course is tracked. To be considered as completed, each user must correctly answer at least 7 out of 10 knowledge check questions.
Safeguarding GSA Sensitive Information
In this module, you’ll learn about two important categories of information utilized in the federal government: Personally Identifiable Information (PII) and Controlled Unclassified Information (CUI). As officers or employees serving the federal government, we have specific responsibilities to protect this information.
This course covers:
- The definitions of PII and CUI.
- Important clauses in the Privacy Act of 1974.
- Ways to protect PII.
- How to react and respond to a potential incident involving sensitive information.
Completion of the course is tracked. To be considered as completed, each user must correctly answer at least 7 out of 10 knowledge check questions.
In-Person Training
The Privacy Program also leads in-person training sessions on request and based on analyses of CUI/PII incidents and breaches.