Common Contracts

Department of Health and Human Services Administration for Children and Families Office of Child Support Enforcement

February 10th, 2022

• Filed
  February 10th, 2022

The employer, company, or government agency shall have appropriate procedures in place to promptly report confirmed or suspected information security or privacy incidents, including, but not limited to, unauthorized use or disclosure of Personally Identifiable Information (PII) involving confidential child support information submitted through OCSE to your organization. As soon as reasonably practicable after discovery, but in no case later than one hour after discovery of the incident, the employer, company, or government agency shall report confirmed or suspected incidents to OCSE as specified in this paragraph. The requirement for the employer, company, or government agency to report confirmed or suspected incidents involving PII to OCSE is based on federal guidance/requirements from the Office of Management and Budget (OMB), Health and Human Services (HHS), the Federal Information Security Modernization Act of 2014 (FISMA), and the United States Computer Emergency Readiness Team (U