Adopting Cybersecurity and Data Privacy Protective Measures 

USAID champions the principle of “do no harm” in our proposed move to digital by default by elevating the need to appropriately protect and secure digital data collected by partners. Adequate cybersecurity and data-privacy protective measures include establishing protocols for the privacy, transparency, and protection of data in activities; investing in cybersecurity measures to protect data and systems; and implementing those measures.

Under this initiative, USAID’s contractors and recipients will adopt cybersecurity and data-privacy protective measures for their internal operations and implemented activities, as already required in USAID’s regulations (Sector 225 of Title 22 of the Code of Federal Regulations). Implementing partners should also establish cybersecurity and data-privacy protective measures that extend to the information systems and practices of sub-contractors and sub-awardees, where applicable in the recipient’s award.