1 / 123

Agenda

Agenda. Importance of Information Management in Information TechnologySystem Development Principles Overview of Information ManagementInformation CollectionRecords ManagementFreedom of Information ActPrivacy ActGovernment web standardsSection 508Information QualityIntegrationReference Materials.

mistico
Télécharger la présentation

Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1.

    2. Agenda Importance of Information Management in Information Technology System Development Principles Overview of Information Management Information Collection Records Management Freedom of Information Act Privacy Act Government web standards Section 508 Information Quality Integration Reference Materials

    3. OMB and Information Management Agencies must plan in an integrated manner for managing information throughout its life cycle (OMB Circular A-130)

    4. Information Management and IT The Presidents Management Agenda Expand Electronic Govt The Departments and agencies are focused on providing timely and accurate information to the citizens and Government decision makers while ensuring security and privacy

    5. OMB and Information Management Agencies should think seriously about how they will use citizens data and incorporate that thinking as they plan new systems and upgrades. Agencies also are supposed to take that approach to information security, incorporating it into business cases for major IT projects. GCN.com 5/17/04 - Karen Evans.

    6. OMB and Information Management Section 208 of the E-Government Act of 2002 requires privacy provisions that will: Ensure that Government electronic services will build-in privacy protections in databases and websites Require Privacy Impact Assessments for when privacy risks in handling information on individuals may occur Complement the National Strategy to Secure Cyberspace See OMB Memo M-03-22

    7. GAO and OMB Oversight Recent GAO reports have focused on the use of Government data and non compliance with the Privacy Act and the E-Government Act of 2002: GAO report on "The Challenge of Data Sharing" http://www.gao.gov/new.items/d0167.pdf#search='GAO%20AND%20data%20sharing%20AND%20privacy GAO report on "Data Mining and Agency Steps to Protect Privacy http://www.gao.gov/new.items/d05866.pdf GCW article on the GAO report on Federal Data Mining: http://www.fcw.com/article90517-08-29-05-Web

    8. OMB Oversight OMB Memorandum, M-05-15 provided guidance on Reporting Instructions for FISMA and Agency Privacy Management Section D is a reporting template for annual Privacy Program reporting

    9. IG and OMB Oversight The 2005 Appropriations Act established requirements for the Office of the Inspector General to conduct annual Privacy Program and IT Security program reviews

    10. GAO and IG Reviews of Websites Two GAO reports on Federal web policies in September 2000 One GAO survey in August 2001 on agency collection and handling of SSNs 2001 IG report to Congress on personal information collected from Govt websites 2002 IG review of websites for security and privacy compliance

    11. OMB Oversight OMB Circular A-11 includes privacy assessments and privacy questions with Exhibit 300s NIST SP 800-53 on Security Controls requires Privacy Act compliance and privacy risk analysis NIST SP 800-26 on Security Self-Assessment requires Privacy Act compliance and privacy risk analysis

    13. Three Key Components of a Successful IT Architecture Repeatable, reliable, processes compliant with all Government standards, mandates and directives Staff thoroughly trained in the execution of these processes, and Tools to support these processes

    14. System Development Life Cycle Repeatable, reliable, processes compliant with all Government standards, mandates and directives The first of these - System Develop Life Cycle (SDLC) is the basis on which the other two are built

    15. System Development Life Cycle SDLC ensures that IT solutions align with an organizations mission and business needs while minimizing risks and maximizing returns through the life cycle

    17. What is Information Management? Create an effective knowledge sharing environment while at the same time safeguarding records, privacy, and accessibility

    19. Paradigm Change Those most familiar with information management laws are not the ones making decisions on information or technology

    20. CHALLENGE Strategy to integrate information management with system development for Inter-agency Intra-agency and Outside Government collaborations

    21. Overview of Each Component of Information Management Information Collection Records Management Freedom of Information Act Privacy Act Government web standards Section 508 Information Quality

    22. Information Collection Paperwork Reduction Act Requirements OMB approval to collect info from public when the same info is collected from 10 or more persons Does not apply to collections of info from employees Does not include affidavits, certifications, change of address and consent Other exceptions built in

    23. Information Collection Authority to collect the information Only collect information actually needed Provide a Privacy Act statement on the form Authority to collect the info How with the information be used Who will it be shared with How will it be safeguarded

    24. Information Collection When collecting information from websites ensure OMB approvals are obtained when necessary For websites posting the form or using it to collect information Privacy Act statement and OMB approval number must be visible For websites using forms to collect information from the public that create new Privacy Act systems ensure Privacy Act system notice is published

    25. Records Management What is a Record? According to the Federal Records Act it is all documentary materials, regardless of physical form or characteristics, made or received under Federal law or in transacting Government business. (44 CFR 2901)

    26. Records Management Purpose of Records: Document the mission, policy and procedures for the Federal Government Provide the organization structure and legal authority Provide the evidentiary and historical perspective for not only the Federal Government but also individual citizens (e.g., land records, census)

    27. Records Management What isnt covered by this definition? Documentary Materials Non-records Working papers Personal papers

    28. Records Management In developing recordkeeping requirements, Federal agencies should determine which documentary materials need to be identified as records and preserved to ensure complete and accurate documentation Agencies preserve records by filing, storing, or otherwise systematically maintaining them

    29. Records Management Absent formal recordkeeping requirements, records that should be preserved because they contain evidence of agency activities or information of value to the agency may not be systematically maintained

    30. Records Management Criminal Penalties Willful and unlawfully destroying, damaging or removing Federal records can be punished by a maximum of $2000 fine, 3 years in Federal prison, or both for each offense. This action may include unauthorized records removal upon a persons retirement. (18 U.S.C. 2071) Departmental penalties for offenses Check with your Human Resource Office on discipline and adverse action for mishandling of records (See DOI HR 370 DM 752). Also in DOI Executive Level performance rating criteria

    31. Records Management NARA Recordkeeping Requirements Checklist 1. Agency guidance on handling record and non-record materials 2. Written guidance on what records, including electronic records, are to be created and maintained and the format of each record copy? 3. Guidance and instructions for documenting policies and decisions, especially those decisions reached orally and for those communicated electronically?

    32. Records Management Recordkeeping Requirements Checklist 4. Guidance on the record status of working papers or files and draft 5. Guidance on personal papers? 6. Controls over the removal of documentary materials? 7. Contracts identify which contractor-created records are Federal records? (Apply to offices responsible for an inter-, intra-agency activity?)

    33. Records Management Recordkeeping Requirements Checklist 8. Contracts specify the delivery of all records that may, in addition to the final product, have future value to the agency? Are contractor required to deliver background data and technical documentation along with electronic records? (Apply to offices responsible for an inter-, intra-agency activity?)

    34. Already a Priority at NIFC Incident Records Management

    35. FOIA (5 U.S.C. 552) Enacted in 1966 (Amended substantially: 1974, 1986, & 1996 (E-FOIA) Identifies the right to access agency records, enforceable in court Records disclosed unless protected by one of nine exemptions Ensure and informed citizenry Prevent secret law

    36. FOIA E-FOIA provided significant guidance to Federal Agencies re: Website access (electronic submission of requests) Electronic searches Electronic reading rooms Electronic redactions (non-disclosure of documents/information within documents)

    37. FOIA Three forms of Access Publish in the Federal Register agency organization, functions, rules, policy statements (5 U.S.C. 552(a)(1)) Make Available for public inspection and copying final opinions. Administrative manuals, policy statements, and frequently requested records (reading room materials) E-FOIA: hot topics records which have become or are likely to become subject of subsequent requests. (5 U.S.C. 552(a)(2))

    38. FOIA Three forms of Access An agency, upon request, which reasonably describes the records sought and is made in accordance with published rules, will make its records promptly available to any persons (5 U.S.C. 552(a)(3))

    39. FOIA Three forms of Access What Records are Subject to the FOIA? Federal agency records, in any format (different definition than the Federal Records Act definition of a record) Existing records (vs requests to compile information or documents not created yet)

    40. FOIA Three forms of Access What is not covered? Congress, courts Executive Office of the President - units which advise/assist the President Requests from congressional committees/subcommittees Requests from other Federal agencies Personal records

    41. FOIA Three forms of Access Who can make a FOIA request? Any person Individuals U.S. and foreign companies, corporations Indian tribes Not Federal agencies, fugitives Purpose irrelevant

    42. FOIA What is a FOIA Request? Agency records Records, not answers to questions Must be written Faxes & E-Mail requests accepted Reasonably describe information requested Follow Departmental FOIA regulations

    43. FOIA Exemptions Release unless one of the nine FOIA exemptions apply Nine FOIA Exemptions National Security Information Internal personnel rules and practices Information exempted by other statutes Trade secrets & commercial or financial information

    44. FOIA Exemptions Privileged interagency/intra-agency documents Deliberative process privilege Attorney work-product privilege Attorney-client privilege Government commercial information privilege Personal information affecting an individuals privacy

    45. FOIA Exemptions Records compiled for law enforcement purposes when release could: Interfere with law enforcement proceedings; Deprive a person of a right to a fair trial; Constitute an unwarranted invasion of personal privacy; Disclose the identity of a confidential source; Disclose techniques & procedures of law enforcement investigations; and Endanger the life or physical safety of any individual

    46. FOIA Exemptions Records of financial institutions Geological and geophysical information concerning wells

    47. FOIA Double Ds Integrate information access into design and development Reach out to you FOIA Officers Design and development is the level to get involved! Get it right up front Avoid unnecessary costs and headaches

    48. FOIA Double Ds Integrate information access into design and development Analyze data in the system Is it sensitive? Can it be protected under the law? Work with your FOIA Officer What is exempt from disclosure? What must be released? Incorporate design features into system

    49. FOIA Double Ds Systems that contain information that is exempt from release, i.e. SSNs, should have the capability to mask the information included in the design Consider search features in the design of systems public inquiry is expanding

    50. Government Privacy Framework (2/3 just in the last five years)

    51. Privacy Act Keystone to other privacy guidelines The Privacy Act (5 U.S.C. 552a) is based on a set of Fair Information Practices developed from a 1973 Health Education and Welfare Advisory Committee study on Automated Personal Data Systems to explore the impact of computerized record keeping on individuals

    52. Privacy Requirements Apply to: Information on individuals (United States citizens, and lawfully admitted permanent residents) Does not apply to information about persons representing: Businesses, governments, or organizations, Does not apply to statistical information not linked to the individuals name or unique identifier

    53. The Privacy Act The Act focuses on four basic policy objectives: To restrict disclosure of personally identifiable records maintained by Executive agencies; To grant individuals increased rights of access to agency records maintained on themselves; To grant individuals the right to seek amendment of agency records that are not accurate, relevant, timely, or complete; and To establish a code of "fair information practices"

    54. Fair Information Practices -- Code regulates the: Collection Maintenance Use, and Dissemination of personal information on individuals Provides CONTROLS and assurances through the LIFE CYCLE of information management

    55. The Privacy Act Intent of the Privacy Act to implement privacy principles in phases such as: Collection: (Authority to collect the information and minimize what is collected. Notification to individuals whose info is collected Design: (Data use restrictions, access controls, etc.) Maintenance and Use: (Regulatory safeguard standards, restrictions on access internally and disclosure to parties outside the Department, restrictions on use, dealing with violations, and training) Disposition: Federal Records Act requirements, records schedules, plans and proper disposal of sensitive information)

    56. Privacy in Life Cycle Management Must have an authority to collect the information Must minimize the collection of information on individuals only collect what is absolutely needed Must have an approval from OMB to collect the information from individuals (if from 10 or more members of the public) Must publish a notice for public comment in the Federal Register of the existence of or changes to an existing notice (ensures no secret systems)

    57. Privacy in Life Cycle Management Must provide a notice on the form that collects information from the individual (whether the form is paper or web-based) on: The authority to collect the information; The purpose(s) for which the information is intended to be used; The routine uses which may be made of the information; and The effects on the individual for not providing all or any part of the requested information

    58. Privacy in Life Cycle Management Maintenance standards that address: Accuracy Relevance Timeliness, and Completeness Safeguards

    59. Privacy in Life Cycle Management Must establish appropriate administrative, technical and physical safeguards to insure the security and confidentiality of records Must post appropriate Privacy Warning Notices Must provide guidelines on how the subject of the file will have access to their records

    60. Privacy in Life Cycle Management The bureau must provide specific procedures to assure that the records in the system are maintained with security meeting the requirements of the Act These procedures shall be in writing and shall be posted or otherwise periodically brought to the attention of employees working with the records contained in the system

    61. Privacy in Life Cycle Management Must be aware of and follow the disclosure restrictions (internal and external to the Dept) Will the Computer Matching Act apply? Must ensure that the sharing of the information outside of the Agency is to only those identified in the Federal Register Privacy Act system notice and only for the purposes the system was developed

    62. Privacy in Life Cycle Management Must publish a Federal Register notice info regarding storage, retention, and disposal of the records (it is a privacy concern when information on individuals is outdated and inaccurate) Appropriate disposal necessary to ensure the safeguarding of the information and protection from unauthorized access Follow Federal Records Act, NARA, and NIST guidelines on disposal of sensitive Federal information

    63. Privacy Act Statements on Forms PRIVACY ACT STATEMENT The above statements are made in accordance with the Privacy Act of 1974 (5 U.S.C. 552a). Furnishing this information is voluntary, however, failure to furnish correct, complete information will result in the witholding or withrawal of such technical or financial assistance. The information may be furnished to other USDA agencies, the Internal Revenue Service, the Department of Justice, or other State or Federal law enforcement agencies, or in response to orders of a court, magistrate, or administrative tribunal.

    64. The Privacy Act Federal Register Notice Requirements & Disclosure Controls These notices are important resources for the public. They provide information on the purpose of the system and how it will be maintained and used.

    65. The Privacy Act Federal Register Notice Requirements & Disclosure Controls Govt employees should use these notices as guidelines when making decisions about information from Privacy Act systems of records If you make decisions about information from Privacy Act systems, do you have a copy of the applicable Privacy Act notice to identify the restrictions on the information?

    69. The Privacy Act Disclosure Restrictions

    70. What are Privacy Act Requirements? The Privacy Act Disclosure Restrictions The Privacy Act instructs that we cannot disclose by any means of communication (e.g., conversationally or by email) any information from a Privacy Act system of records without a: (1) Written request from or (2) Prior written consent from the individual to whom the record pertains.

    71. The Privacy Act Disclosure Restrictions

    72. The Privacy Act Disclosure Restrictions

    73. The Privacy Act Disclosure Restrictions

    74. The Privacy Act Disclosure Restrictions

    75. The Privacy Act requires appropriate administrative, technical and physical safeguards to ensure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity . . Look at your Departmental Privacy Act regulations and Manual Sections on the topic The Privacy Act Safeguarding Privacy Act Records

    76. The Privacy Act Safeguarding Privacy Act Records Follow NIST publication, the Security Self-Assessment Guide for Information Technology Systems: SP 800-26, which provides a checklist for safeguarding IT systems and sensitive and confidential information Convert Privacy Warning Notices into electronic form to inform the user of the restrictions and penalties

    77. DOI Privacy Act Warning Notice

    78. The Privacy Act Safeguarding Privacy Act Records Safeguards must be in place to assure the integrity and confidentiality of the records while in transit. When the records are transferred to a Federal Records Center (FRC) the appropriate use restrictions applicable must be specified on the transfer form Follow NARA and NIST guidelines on disposing of sensitive information

    79. All Employees Bureau/Office Heads Contractors System Owners System Developers IT Security Mangers System Managers Information Collection Clearance Officers Webmasters

    80. Penalties Associated with the Privacy Act Criminal Penalties for: Maintaining a system without a published notice Prohibited disclosure Obtaining information under false pretenses Refer to Human Resource Office policy on violations and penalties

    81. The Data Use Problems Tracking the conditions about the information through data use P = Info on individuals and requirements/Restrictions

    82. E-Gov Act of 2002 and Privacy In OMB Memo M-03-02, Attachment A, Section III provides Privacy Policies on Agency Websites Key Points: Follow current web policy (see OMB privacy policy website at www.whitehouse.gov/omb/privacy/website_privacy.html) Web privacy policy notices (See Dept umbrella privacy policy notices on webpage template) Specific privacy policy notices when collecting information from the public (for example: http://www.volunteer.gov/gov/privacy.cfm)

    83. E-Gov Act of 2002 and Privacy Key Points: No persistent tracking web tools or persistent cookies Comply with Childrens On-line Privacy Protection Act (See info at the FTC website (page 125) www.ftc.gov/bcp/conline/publs/buspubs/coppa.htm) Machine readable privacy policy

    84. E-Gov Act of 2002 and Privacy Requires Privacy Impact Assessments: Checklist to ensure that existing Privacy Act and Govt privacy requirements are being applied to: Collections of information about individuals, New or amended information systems with info about individuals (at each SDLC), System changes that create a privacy risk, and New technology that may create a new privacy risk

    85. E-Gov Act of 2002 and Privacy OMB Also requires them when a system change created a new privacy risk such as: Converting paper to electronic records Anonymous to Non-anonymous info Significant system management changes With merging, centralizing, matching databases New user-authenticating technology used Purchasing databases E-Gov initiatives new interagency uses Change in the business process creates a new use

    86. Privacy Act systems not identified Criminal penalties for not publishing Federal Register (FR) notices of new Privacy Act systems Criminal penalties for making info from a Privacy Act system of records available to those not authorized to receive it GAO and OMB Privacy Concerns

    87. Making info from a Privacy Act system of records available for different purposes and uses other to those identified in the FR notice Combining existing Privacy Act systems beyond purpose and use identified in the published Federal Register and Privacy Notice statement on collection forms GAO and OMB Privacy Concerns

    88. Not completing Privacy Impact Assessments for new or amended systems as required by the E-Government Act of 2002 (See OMB Memo M-03-22) Not completing Privacy Impact Assessments for the use of new technology that may affect an individuals privacy rights GAO and OMB Privacy Concerns

    89. FISMA and Privacy For the first time, agencies will include a detailed report on the strength of their privacy programs in their annual Federal Information Security Management Act report. Departments have until Oct. 7 to submit a FISMA report to the Office of Management and Budget. Administration officials then will create a report to send to Congress by March 2006. Along with privacy, the FISMA report includes separate IT security evaluations by the agencys inspector general and the CIO. An IG review of the privacy program was optional in 2005. It will be required in 2006.

    91. Government Web Requirements Government standards and guidelines in the development, implementation and maintenance of Government web presence: See reference materials at the end of the handouts. Covers: Privacy Policy Information Collection Records Management Digital rights, Copyright, Trademark, Patent laws

    92. Government Web Requirements Security protocols to protect information Prohibition of lobbying Government Paperwork Elimination Act Paper Reduction Act Small Business Paperwork Relief Act Government Performance Results Act

    93. Government Web Requirements Freedom of Information Act Categorization of Information E-Gov Act of 2002 provisions Section 508 of the Accessibility Act Limited English Capability requirements Information Quality Posting Content E-Gov Act of 2002 provisions

    94. Government Web Requirements Use of Government domains Link and use of seal and logo requirements Vendor and partner linking policy Prohibition of commercial endorcement Exit strategy

    95. Sec. 508 Accessibility Requirement 508 of the Rehabilitation Act (29 U.S.C. 794D) Implemented in July 13, 2000 Section 508 applies to the Federal government when developing, procuring, maintaining, or using electronic information technology

    96. Sec. 508 Accessibility Requirement Under Section 508, Federal departments and agencies shall ensure, unless an undue burden would be imposed on the department or agency, that the electronic and information technology allows access to information and data, regardless of the type of medium of technology, subject to the provisions as outlined in Section 508

    97. Sec. 508 Accessibility Requirement If an individual believes that a bureau or office has failed to procure electronic and information technology conforming to Section 508, that individual has the right to file a complaint under Section 508. The procedure for filing a complaint under Section 508 shall be the same as described in USC 43 CFR 17.750(c) for filing a complaint under Section 504 or resolving allegations of discrimination in a federally conducted program or activity

    98. Information Quality Requirements In February 2002, the Office of Management and Budget (OMB) issued a directive that all federal agencies issue and implement Information Quality Guidelines Government agencies issued and implemented guidelines to ensure and maximize the quality, objectivity, utility, and integrity of information disseminated by its offices and bureaus

    99. Information Quality Requirements In December 2004, OMB issued another bulletin relating to Information Quality, which required all federal agencies to implement and document a system for peer review of scientific information (see Departmental Websites for info on peer review)

    101. Is a new technology being used in the project? Was a Privacy Impact Assessment (PIA) completed? Was a PIA completed to evaluate the system? Can information from one or more systems be used for this purpose? (See Privacy Act disclosure and use restrictions) Funding for privacy safeguards, records management and security protections? Consulted with the Information Collection, Privacy, FOIA and Records Officers? Info Mgmt discussions in Exhibit 300

    102. Is there an approval to collect and maintain the information? Were steps taken to minimize the collection of information on individuals (only what necessary and approved by statute)? Was the data examined to determine which is sensitive, non-public, restricted? Establish access controls and safeguards for the Security Plan and Certification? Was a Privacy Act system notice developed for the Federal Register? New PIA to evaluate any privacy risks at this phase?

    103. Records management requirements and implementation milestones in place? Software to ensure appropriate records disposition capability? Will contractors be used? Will another bureau or agency be used to manage the project which includes the Depts or bureaus data? Were the roles and responsibilities included in the RFPs, contracts and Agreements? (E.g., who would handle info collection, safeguard, records management, PIA completion, Privacy Notice publication requirements. Who will respond to requests for info in the system? (Responding to FOIA and Privacy Act requests is inherently Governmental)).

    104. Contracts include Privacy Act and FOIA clauses? Website required? Need a domain name? Sec. 508 compliant? Appropriate safeguard measures and access controls built into the system limiting disclosure and use of Privacy Act and other sensitive information?

    105. New PIA to evaluate any changes in this phase? Privacy and Security risk assessments? Records requirements in place? Meets information quality standards? Appropriate documentation providing instructions provided to system manager, operators, and those with access? Training for contractors and those managing the information?

    106. Website designed with Government web requirements? Section 508 compliant? New PIA to evaluate any changes in this phase? Security and privacy protection measures appropriate? Records requirements in place?

    107. Previous imbedded in the system? Privacy Impact Assessment for this phase? Risk assessments?

    108. Previous imbedded in the system? Privacy Impact Assessment for this phase? Risk assessments?

    109. Previous imbedded in the system? Privacy Impact Assessment for this phase? Risk assessments?

    110. Successful Project Management

    111. Preventing Identity Theft Resources Federal Trade Commission privacy initiatives website: http://www.ftc.gov/privacy/index.html Identity Protection Info: http://www.pueblo.gsa.gov/cic_text/money/idtheft_crooks/idtheft_crooks.htm Treasury ID Theft DVD www.pueblo.gsa.gov 1-888-878-3256

    112. For More Information

    113. Information Collection References Government Paperwork Reduction Act OMB Information Collection Guidelines: http://www.whitehouse.gov/omb/inforeg/infocoll.html#PRA E-Government Act of 2002 (OMB Guidance memo: M-03-22) Guidance on Agency Surveys and Statistical Collections (OMB Memo of January 20, 2006) Departmental guidelines

    114. Records Management References 44 USC Ch. 29 Federal agency records management programs must comply with regulations promulgated by both NARA (36 CFR 1220.2) and GSA guidelines. Presidential Records Act (1978) Paperwork Reduction Act (1980) National Archives (44 USC 2107-2108)

    115. FOIA References Enacted in 1966 (Amended substantially The FOIA (5 U.S.C. 552) Electronic FOIA Amendments of 1996 (P.L. No. 104-231) Executive Order, Improving Agency Disclosure of Information Jan 2005 Attorney General Ashcrofts FOIA Memorandum (October 2001) Department FOIA Regulations and Manuals and Handbooks DOJ FOIA Guide & Privacy Act Overview OMB Fee Guidelines (52 Fed. Reg. 10012)

    116. Government Privacy References The Privacy Act of 1974 The Federal Information Security Management Act of 2002: - Improving the security and privacy of sensitive information in Federal computer systems. Health Insurance Portability and Accountability Act of 1996 The Consolidated Appropriation Act of 2005: Several provisions related to privacy require a Privacy Officer, privacy and data protection procedures and policies, and independent third-party reviews

    117. Government Privacy References The Paperwork Reduction Act of 1995 (As amended by the Clinger-Cohen) Addresses authority and procedures to collect information from individual members of the public and Privacy Act compliance. The Paperwork Elimination Act of 1998 Federal agencies must allow individuals the option to submit information or transact with the agency electronically, when practicable, and to maintain records electronically, when practicable. Requires analysis of privacy impact.

    118. Government Privacy References Office of Management and Budget (OMB) Circular A-130, Appendix I: Agency Responsibilities for Maintaining Information About Individuals OMB Circular A-11: Budget Submissions (Sec. 53 on Info Technology and E-Gov OMB Circular A-16: Coordination of Geographic Information. See sections on protecting privacy in GIS info. OMB Circular A-123: Management Accountability - compliance with federal laws

    119. Government Privacy References OMB Memorandum M-99-18, Privacy Policies on Federal Web Sites (June 2, 1999) OMB Memorandum M-00-13, Privacy Policies and Data Collection on Federal Web Sites (June22, 2000) M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 (September 30, 2003)

    120. Government Privacy References OMB Memorandum, M-05-15, FY 2005 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (June13, 2005) OMB Memorandum, M-05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12 Policy for a Common Identification Standard for Federal Employees and Contractors (August 5, 2005)

    121. Web Standards References OMB policies for Federal Web sites (www.firstgov.gov/webcontent/) Section 508 of the Rehabilitation Act (29 U.S.C. 794d) Section 515 of the Treasury and General Government Appropriations Act for FY 2001: Public Lay 106-554, Guidelines for Ensureing and Maximizing the Quality Objectivity, Utility, and Integrity of Information Disseminated by Federal Organizations E-Government Act of 2002, Section 207(f)(1)(B)

    122. Web Standards References OMB Memorandum M-03-22: Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 The Privacy Act of 1974 Childrens Online Privacy Protection Act of 1998 (COPPA) Digital Millenium Copyright Act Copyright Law U.S. Trademark Law U.S. Patent Law, U.S.C. 35, Chapter 26

    123. Web Standards References NARA guidelines on managing web records of January 2005 Prohibition of Lobbying, 18 U.S.C. 1913. Paperwork Reduction Act (44 U.S.C. Chapter 35) Govt Paperwork Elimination Act of 2003 Freedom of Information Act Executive Order 13166 Improving Access to Services for People with Limited English Proficiency

    124. Section 508 and Information Quality References OMB Memo on Sec 508 of August 11, 2005 GSA Website on Sec. 508 (http://www.section508.gov/OMB Web Page on Information Quality guidelines) (http://www.whitehouse.gov/omb/inforeg/infopoltech.html#iq)

More Related