Privacy Act training requirements

All DOL systems managers, disclosure officers, and any employees who have responsibilities under the Privacy Act must periodically attend training offered by the Department. This is the explicit requirement in 71.15.

No — the regulation only requires that covered employees "periodically attend" training; it does not set a specific frequency. The text of 71.15 uses the phrase "periodically attend" without a defined interval, so agencies must rely on Departmental guidance or local policy to set schedules.

Yes — if the new hire is a DOL systems manager, disclosure officer, or otherwise has responsibilities under the Privacy Act, they must attend the Department's training. The requirement that such personnel "periodically attend training offered by the Department" applies to those individuals as stated in 71.15.

Not automatically — the rule requires "employees" with responsibilities under the Privacy Act to attend Department training. Whether a contractor must attend depends on whether the contractor is treated as a DOL employee for Privacy Act responsibilities under the contract or agency policy. The regulatory text is clear that "employees" (including systems managers and disclosure officers) are covered by 71.15.

The Department itself must offer the training; covered personnel are required to attend training "offered by the Department." The rule specifies that training is to be attended from the Department as stated in 71.15.

No — 71.15 requires attendance at Department-offered training but does not prescribe specific course topics or curriculum. The Department determines the content of the training it offers.

Yes — disclosure officers are explicitly named in the rule and must periodically attend Department-offered training on the Privacy Act, as specified in 71.15.

Yes — the regulation specifically requires all DOL systems managers to periodically attend training offered by the Department on the Privacy Act, per 71.15.

The rule does not limit the method of delivery; it only requires that covered personnel "periodically attend training offered by the Department." Because 71.15 does not specify in-person versus remote formats, the Department may provide training by any method it chooses unless Departmental policy states otherwise.

Because 71.15 does not define "periodically," agencies should adopt a clear local schedule or policy that specifies frequency (for example, initial training and refresher intervals) and communicate it to covered staff. Establishing written policy ensures consistent compliance with the regulation's periodic attendance requirement.

No — the training requirement applies to those who are DOL systems managers, disclosure officers, or otherwise have responsibilities under the Privacy Act. If an employee no longer has such responsibilities, the specific requirement in 71.15 would no longer apply, though an agency may still choose to train employees for other reasons or maintain broader training requirements in its own policies.

The full regulatory text on training is available in 71.15 of Part 71, "Protection of Individual Privacy and Access to Records Under the Privacy Act of 1974." You can also view the broader part at Part 71 for context.