FAR 24.103—Procedures.
Plain-English Summary
FAR 24.103 explains the contracting officer’s procedures when a procurement may involve a Privacy Act system of records on individuals. It covers the initial review of requirements, the determination of whether the contract will require the design, development, or operation of such a system, and the follow-on steps the contracting officer must take if any of those activities are involved. Specifically, the section requires the contracting officer to identify the system of records and the related work in the contract work statement, and to make the agency’s Privacy Act rules and regulations available in accordance with agency procedures. In practice, this section is meant to ensure privacy obligations are recognized early in acquisition planning and are built into the contract rather than addressed after award. It helps protect personal information, supports compliance with the Privacy Act, and gives contractors clear notice of the privacy-sensitive work they will perform.
Key Rules
Review for Privacy Act impact
The contracting officer must review the requirement to determine whether the contract will involve the design, development, or operation of a system of records on individuals to accomplish an agency function. This is an affirmative screening obligation, not something to be left to chance or handled only after award.
Identify covered work in the statement
If the contract will involve one or more of those activities, the contract work statement must specifically identify both the system of records on individuals and the design, development, or operation work to be performed. The requirement is intended to make the privacy-sensitive scope of work clear and unambiguous.
Provide agency Privacy Act rules
The contracting officer must make available the agency rules and regulations implementing the Privacy Act, in accordance with agency procedures. This ensures the contractor has access to the governing privacy requirements that apply to the work.
Apply procedures before award
These steps are procedural safeguards that should be completed during acquisition planning and solicitation preparation, before the contract is awarded. Early identification reduces the risk of missing privacy obligations or failing to flow them into the contract terms.
Responsibilities
Contracting Officer
Review the requirement to determine whether the contract involves design, development, or operation of a system of records on individuals; if so, ensure the work statement specifically identifies the system of records and the covered work; and make the agency’s Privacy Act rules and regulations available under agency procedures.
Agency
Maintain and provide, through its procedures, the rules and regulations implementing the Privacy Act that must be made available for covered procurements.
Contractor
Use the contract work statement and agency Privacy Act materials to understand the scope of privacy-sensitive work and comply with the applicable Privacy Act requirements in performing the contract.
Practical Implications
This section is a front-end compliance check: if the acquisition touches personal records, the contracting officer must spot it early and document it clearly.
A common pitfall is treating Privacy Act issues as an IT or program-office matter only; FAR 24.103 places a specific procedural duty on the contracting officer.
Another risk is vague contract language. If the system of records and the related work are not specifically identified, the contractor may not know the privacy obligations tied to performance.
Contracting officers should coordinate with program, legal, privacy, and records-management personnel when there is any possibility that the work will create or handle a system of records.
Contractors should watch for Privacy Act references in the statement of work and agency guidance, because those references may trigger special handling, disclosure, security, and training requirements.
Official Regulatory Text
(a) The contracting officer shall review requirements to determine whether the contract will involve the design, development, or operation of a system of records on individuals to accomplish an agency function. (b) If one or more of those tasks will be required, the contracting officer shall- (1) Ensure that the contract work statement specifically identifies the system of records on individuals and the design, development, or operation work to be performed; and (2) Make available, in accordance with agency procedures, agency rules and regulation implementing the Act.