Skip to content
LexBuild

48 CFR § 39.105 - 39.105 Privacy. 

---
identifier: "/us/cfr/t48/s39.105"
source: "ecfr"
legal_status: "authoritative_unofficial"
title: "48 CFR § 39.105 - 39.105   Privacy."
title_number: 48
title_name: "Federal Acquisition Regulations System"
section_number: "39.105"
section_name: "39.105   Privacy."
chapter_number: 1
chapter_name: "FEDERAL ACQUISITION REGULATION"
subchapter_number: "F"
subchapter_name: "SPECIAL CATEGORIES OF CONTRACTING"
part_number: "39"
part_name: "ACQUISITION OF INFORMATION TECHNOLOGY"
positive_law: false
currency: "2026-03-24"
last_updated: "2026-03-24"
format_version: "1.1.0"
generator: "[email protected]"
authority: "40 U.S.C. 121(c); 10 U.S.C. chapter 4 and 10 U.S.C. chapter 137 legacy provisions (see 10 U.S.C. 3016); and 51 U.S.C. 20113."
regulatory_source: "61 FR 41470, Aug. 8, 1996, unless otherwise noted."
cfr_part: "39"
---

# 39.105 39.105   Privacy.

Agencies shall ensure that contracts for information technology address protection of privacy in accordance with the Privacy Act (5 U.S.C. 552a) and part 24. In addition, each agency shall ensure that contracts for the design, development, or operation of a system of records using commercial information technology services or information technology support services include the following:

(a) Agency rules of conduct that the contractor and the contractor's employees shall be required to follow.

(b) A list of the anticipated threats and hazards that the contractor must guard against.

(c) A description of the safeguards that the contractor must specifically provide.

(d) Requirements for a program of Government inspection during performance of the contract that will ensure the continued efficacy and efficiency of safeguards and the discovery and countering of new threats and hazards.