These headlines appeared last week, at the same time, on one federal news site: “Watchdog:  18F’s Slack security exposed GSA data”, “OPM’s sensitive data on feds still not encrypted”,” FDIC shakeup over ‘major incident’ revelations”.  From reading the articles that go with these headlines, it is uncertain what, if any, punishment the responsible parties in the first two articles will face and it is not at all clear that the FDIC “shakeup” involves more than procedure changes.  All of these headlines can lull contractors into believing that if feds won’t hold themselves responsible consistently for data breaches, industry must be eligible for similar lenient treatment.  Don’t you believe it!  Contractors do not have any of the major protections federal workers have.  If you, or one of your employees, causes a data problem, your firm likely will be fined and could lose its contract.  At best, the offending employee likely will have to be reassigned to another project with another agency.  Contractors must take data security seriously and understand that they are held to higher standards than their federal customers.  Make sure you have redundant systems, training, and other compliance measures in place.  If you do find your company in the middle of a federal agency-contractor data leak and you don’t know who’s holding the bag, surprise, it’s you.  Be prepared.