The reason why devising and then abiding by privacy contract clauses, policies, procedures and training (such as HIPAA) are so enforced and crucial to companies is because one small, innocuous mistake can lead to an inadvertent disclosure of privacy data, affecting thousands of people. Privacy breaches, health care and non-health care related, are very frequently in newspaper headlines. The epitome of this is when private data (names and social security numbers) from 130,000 Navy sailors was leaked in fall 2016, which was linked back to a sole laptop. This situation was even more tangential because the laptop was not a Navy laptop. It was a laptop from a contractor, Hewlett-Packard Enterprise.
When analyzing responsibility and liability in breaches by contractors, the Privacy Act applies to federal government contractors who handle records and systems containing personal information. The federal contractor employees have the same duty to safeguard private data as the federal government employee does. This would include the federal contractor being liable for negligence and oversight. When drafting U.S. General Services Administration contracts and Requests for Proposals that include Privacy Act information, the Federal Acquisition Regulations must be strictly adhered to. Based on the regulations, certain contract clauses will have to be added into the contracts. It is also important to remember the additional aspect of breach notification laws in these types of situations, which is determined by state law.