1.23k likes | 1.35k Vues
Agenda. Importance of Information Management in Information TechnologySystem Development Principles Overview of Information ManagementInformation CollectionRecords ManagementFreedom of Information ActPrivacy ActGovernment web standardsSection 508Information QualityIntegrationReference Materials.
E N D
1.
2. Agenda Importance of Information Management in Information Technology
System Development Principles
Overview of Information Management
Information Collection
Records Management
Freedom of Information Act
Privacy Act
Government web standards
Section 508
Information Quality
Integration
Reference Materials
3. OMB and Information Management
Agencies must plan in an integrated manner for managing information throughout its life cycle
(OMB Circular A-130)
4. Information Management and IT The Presidents Management Agenda Expand Electronic Govt
The Departments and agencies are focused on providing timely and accurate information to the citizens and Government decision makers while ensuring security and privacy
5. OMB and Information Management Agencies should think seriously about how they will use citizens data and incorporate that thinking as they plan new systems and upgrades. Agencies also are supposed to take that approach to information security, incorporating it into business cases for major IT projects. GCN.com 5/17/04 - Karen Evans.
6. OMB and Information Management Section 208 of the E-Government Act of 2002 requires privacy provisions that will:
Ensure that Government electronic services will build-in privacy protections in databases and websites
Require Privacy Impact Assessments for when privacy risks in handling information on individuals may occur
Complement the National Strategy to Secure Cyberspace
See OMB Memo M-03-22
7. GAO and OMB Oversight Recent GAO reports have focused on the use of Government data and non compliance with the Privacy Act and the E-Government Act of 2002:
GAO report on "The Challenge of Data Sharing" http://www.gao.gov/new.items/d0167.pdf#search='GAO%20AND%20data%20sharing%20AND%20privacy
GAO report on "Data Mining and Agency Steps to Protect Privacy http://www.gao.gov/new.items/d05866.pdf
GCW article on the GAO report on Federal Data Mining: http://www.fcw.com/article90517-08-29-05-Web
8. OMB Oversight OMB Memorandum, M-05-15 provided guidance on Reporting Instructions for FISMA and Agency Privacy Management
Section D is a reporting template for annual Privacy Program reporting
9. IG and OMB Oversight The 2005 Appropriations Act established requirements for the Office of the Inspector General to conduct annual Privacy Program and IT Security program reviews
10. GAO and IG Reviews of Websites Two GAO reports on Federal web policies in September 2000
One GAO survey in August 2001 on agency collection and handling of SSNs
2001 IG report to Congress on personal information collected from Govt websites
2002 IG review of websites for security and privacy compliance
11. OMB Oversight OMB Circular A-11 includes privacy assessments and privacy questions with Exhibit 300s
NIST SP 800-53 on Security Controls requires Privacy Act compliance and privacy risk analysis
NIST SP 800-26 on Security Self-Assessment requires Privacy Act compliance and privacy risk analysis
13. Three Key Components of a Successful IT Architecture Repeatable, reliable, processes compliant with all Government standards, mandates and directives
Staff thoroughly trained in the execution of these processes, and
Tools to support these processes
14. System Development Life Cycle Repeatable, reliable, processes compliant with all Government standards, mandates and directives
The first of these - System Develop Life Cycle (SDLC) is the basis on which the other two are built
15. System Development Life Cycle SDLC ensures that IT solutions align with an organizations mission and business needs while minimizing risks and maximizing returns through the life cycle
17. What is Information Management? Create an effective knowledge sharing environment while at the same time safeguarding records, privacy, and accessibility
19. Paradigm Change
Those most familiar with information management laws are not the ones making decisions on information or technology
20. CHALLENGE Strategy to integrate information management with system development for
Inter-agency
Intra-agency and
Outside Government collaborations
21. Overview of Each Component of Information Management Information Collection
Records Management
Freedom of Information Act
Privacy Act
Government web standards
Section 508
Information Quality
22. Information Collection Paperwork Reduction Act Requirements
OMB approval to collect info from public when the same info is collected from 10 or more persons
Does not apply to collections of info from employees
Does not include affidavits, certifications, change of address and consent
Other exceptions built in
23. Information Collection Authority to collect the information
Only collect information actually needed
Provide a Privacy Act statement on the form
Authority to collect the info
How with the information be used
Who will it be shared with
How will it be safeguarded
24. Information Collection When collecting information from websites ensure OMB approvals are obtained when necessary
For websites posting the form or using it to collect information Privacy Act statement and OMB approval number must be visible
For websites using forms to collect information from the public that create new Privacy Act systems ensure Privacy Act system notice is published
25. Records Management What is a Record?
According to the Federal Records Act it is all documentary materials, regardless of physical form or characteristics, made or received under Federal law or in transacting Government business.
(44 CFR 2901)
26. Records Management Purpose of Records:
Document the mission, policy and procedures for the Federal Government
Provide the organization structure and legal authority
Provide the evidentiary and historical perspective for not only the Federal Government but also individual citizens (e.g., land records, census)
27. Records Management What isnt covered by this definition?
Documentary Materials
Non-records
Working papers
Personal papers
28. Records Management In developing recordkeeping requirements, Federal agencies should determine which documentary materials need to be identified as records and preserved to ensure complete and accurate documentation
Agencies preserve records by filing, storing, or otherwise systematically maintaining them
29. Records Management Absent formal recordkeeping requirements, records that should be preserved because they contain evidence of agency activities or information of value to the agency may not be systematically maintained
30. Records Management Criminal Penalties
Willful and unlawfully destroying, damaging or removing Federal records can be punished by a maximum of $2000 fine, 3 years in Federal prison, or both for each offense.
This action may include unauthorized records removal upon a persons retirement. (18 U.S.C. 2071)
Departmental penalties for offenses
Check with your Human Resource Office on discipline and adverse action for mishandling of records (See DOI HR 370 DM 752).
Also in DOI Executive Level performance rating criteria
31. Records Management NARA Recordkeeping Requirements Checklist1. Agency guidance on handling record and non-record materials
2. Written guidance on what records, including electronic records, are to be created and maintained and the format of each record copy? 3. Guidance and instructions for documenting policies and decisions, especially those decisions reached orally and for those communicated electronically?
32. Records Management Recordkeeping Requirements Checklist4. Guidance on the record status of working papers or files and draft
5. Guidance on personal papers?
6. Controls over the removal of documentary materials?
7. Contracts identify which contractor-created records are Federal records?
(Apply to offices responsible for an inter-, intra-agency activity?)
33. Records Management Recordkeeping Requirements Checklist8. Contracts specify the delivery of all records that may, in addition to the final product, have future value to the agency? Are contractor required to deliver background data and technical documentation along with electronic records?
(Apply to offices responsible for an inter-, intra-agency activity?)
34. Already a Priority at NIFC Incident Records Management
35. FOIA (5 U.S.C. 552) Enacted in 1966 (Amended substantially: 1974, 1986, & 1996 (E-FOIA)
Identifies the right to access agency records, enforceable in court
Records disclosed unless protected by one of nine exemptions
Ensure and informed citizenry
Prevent secret law
36. FOIA E-FOIA provided significant guidance to Federal Agencies re:
Website access (electronic submission of requests)
Electronic searches
Electronic reading rooms
Electronic redactions (non-disclosure of documents/information within documents)
37. FOIA Three forms of Access Publish in the Federal Register agency organization, functions, rules, policy statements
(5 U.S.C. 552(a)(1))
Make Available for public inspection and copying final opinions. Administrative manuals, policy statements, and frequently requested records (reading room materials)
E-FOIA: hot topics records which have become or are likely to become subject of subsequent requests.
(5 U.S.C. 552(a)(2))
38. FOIA Three forms of Access An agency, upon request, which reasonably describes the records sought and is made in accordance with published rules, will make its records promptly available to any persons
(5 U.S.C. 552(a)(3))
39. FOIA Three forms of Access What Records are Subject to the FOIA?
Federal agency records, in any format (different definition than the Federal Records Act definition of a record)
Existing records (vs requests to compile information or documents not created yet)
40. FOIA Three forms of Access What is not covered?
Congress, courts
Executive Office of the President - units which advise/assist the President
Requests from congressional committees/subcommittees
Requests from other Federal agencies
Personal records
41. FOIA Three forms of Access Who can make a FOIA request?
Any person
Individuals
U.S. and foreign companies, corporations
Indian tribes
Not Federal agencies, fugitives
Purpose irrelevant
42. FOIA What is a FOIA Request?
Agency records
Records, not answers to questions
Must be written
Faxes & E-Mail requests accepted
Reasonably describe information requested
Follow Departmental FOIA regulations
43. FOIA Exemptions Release unless one of the nine FOIA exemptions apply
Nine FOIA Exemptions
National Security Information
Internal personnel rules and practices
Information exempted by other statutes
Trade secrets & commercial or financial information
44. FOIA Exemptions Privileged interagency/intra-agency documents
Deliberative process privilege
Attorney work-product privilege
Attorney-client privilege
Government commercial information privilege
Personal information affecting an individuals privacy
45. FOIA Exemptions Records compiled for law enforcement purposes when release could:
Interfere with law enforcement proceedings;
Deprive a person of a right to a fair trial;
Constitute an unwarranted invasion of personal privacy;
Disclose the identity of a confidential source;
Disclose techniques & procedures of law enforcement investigations; and
Endanger the life or physical safety of any individual
46. FOIA Exemptions Records of financial institutions
Geological and geophysical information concerning wells
47. FOIA Double Ds Integrate information access into design and development
Reach out to you FOIA Officers
Design and development is the level to get involved!
Get it right up front
Avoid unnecessary costs and headaches
48. FOIA Double Ds Integrate information access into design and development
Analyze data in the system
Is it sensitive?
Can it be protected under the law?
Work with your FOIA Officer
What is exempt from disclosure?
What must be released?
Incorporate design features into system
49. FOIA Double Ds Systems that contain information that is exempt from release, i.e. SSNs, should have the capability to mask the information included in the design
Consider search features in the design of systems public inquiry is expanding
50. Government Privacy Framework(2/3 just in the last five years)
51. Privacy Act Keystone to other privacy guidelines The Privacy Act (5 U.S.C. 552a) is based on a set of Fair Information Practices developed from a 1973 Health Education and Welfare Advisory Committee study on Automated Personal Data Systems to explore the impact of computerized record keeping on individuals
52. Privacy Requirements Apply to: Information on individuals (United States citizens, and lawfully admitted permanent residents)
Does not apply to information about persons representing:
Businesses, governments, or organizations,
Does not apply to statistical information not linked to the individuals name or unique identifier
53. The Privacy Act The Act focuses on four basic policy objectives:
To restrict disclosure of personally identifiable records maintained by Executive agencies;
To grant individuals increased rights of access to agency records maintained on themselves;
To grant individuals the right to seek amendment of agency records that are not accurate, relevant, timely, or complete; and
To establish a code of "fair information practices"
54. Fair Information Practices -- Code regulates the:
Collection
Maintenance
Use, and
Dissemination of personal information on individuals
Provides CONTROLS and assurances through the LIFE CYCLE of information management
55. The Privacy Act Intent of the Privacy Act to implement privacy principles in phases such as:
Collection: (Authority to collect the information and minimize what is collected. Notification to individuals whose info is collected
Design: (Data use restrictions, access controls, etc.)
Maintenance and Use: (Regulatory safeguard standards, restrictions on access internally and disclosure to parties outside the Department, restrictions on use, dealing with violations, and training)
Disposition: Federal Records Act requirements, records schedules, plans and proper disposal of sensitive information)
56. Privacy in Life Cycle Management Must have an authority to collect the information
Must minimize the collection of information on individuals only collect what is absolutely needed
Must have an approval from OMB to collect the information from individuals (if from 10 or more members of the public)
Must publish a notice for public comment in the Federal Register of the existence of or changes to an existing notice (ensures no secret systems)
57. Privacy in Life Cycle Management Must provide a notice on the form that collects information from the individual (whether the form is paper or web-based) on:
The authority to collect the information;
The purpose(s) for which the information is intended to be used;
The routine uses which may be made of the information; and
The effects on the individual for not providing all or any part of the requested information
58. Privacy in Life Cycle Management Maintenance standards that address:
Accuracy
Relevance
Timeliness, and
Completeness
Safeguards
59. Privacy in Life Cycle Management Must establish appropriate administrative, technical and physical safeguards to insure the security and confidentiality of records Must post appropriate Privacy Warning Notices
Must provide guidelines on how the subject of the file will have access to their records
60. Privacy in Life Cycle Management The bureau must provide specific procedures to assure that the records in the system are maintained with security meeting the requirements of the Act
These procedures shall be in writing and shall be posted or otherwise periodically brought to the attention of employees working with the records contained in the system
61. Privacy in Life Cycle Management Must be aware of and follow the disclosure restrictions (internal and external to the Dept)
Will the Computer Matching Act apply?
Must ensure that the sharing of the information outside of the Agency is to only those identified in the Federal Register Privacy Act system notice and only for the purposes the system was developed
62. Privacy in Life Cycle Management Must publish a Federal Register notice info regarding storage, retention, and disposal of the records (it is a privacy concern when information on individuals is outdated and inaccurate)
Appropriate disposal necessary to ensure the safeguarding of the information and protection from unauthorized access
Follow Federal Records Act, NARA, and NIST guidelines on disposal of sensitive Federal information
63. Privacy Act Statements on Forms PRIVACY ACT STATEMENT
The above statements are made in accordance with the Privacy Act of 1974 (5 U.S.C. 552a). Furnishing this information is voluntary, however, failure to furnish correct, complete information will result in the witholding or withrawal of such technical or financial assistance. The information may be furnished to other USDA agencies, the Internal Revenue Service, the Department of Justice, or other State or Federal law enforcement agencies, or in response to orders of a court, magistrate, or administrative tribunal.
64. The Privacy Act Federal Register NoticeRequirements & Disclosure Controls These notices are
important resources
for the public. They
provide information
on the purpose of the
system and how it will
be maintained and
used.
65. The Privacy Act Federal Register NoticeRequirements & Disclosure Controls Govt employees should use these notices as guidelines when making decisions about information from Privacy Act systems of records
If you make decisions about information from Privacy Act systems, do you have a copy of the applicable Privacy Act notice to identify the restrictions on the information?
69. The Privacy Act Disclosure Restrictions
70. What are Privacy Act Requirements? The Privacy Act Disclosure Restrictions The Privacy Act instructs that we cannot disclose by any means of communication (e.g., conversationally or by email) any information from a Privacy Act system of records without a:
(1) Written request from or
(2) Prior written consent from the individual to whom the record pertains.
71.
The Privacy Act Disclosure Restrictions
72.
The Privacy Act Disclosure Restrictions
73. The Privacy Act Disclosure Restrictions
74. The Privacy Act Disclosure Restrictions
75.
The Privacy Act requires appropriate administrative, technical and physical safeguards to ensure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity . .
Look at your Departmental Privacy Act regulations and Manual Sections on the topic
The Privacy Act Safeguarding Privacy Act Records
76. The Privacy Act Safeguarding Privacy Act Records Follow NIST publication, the Security Self-Assessment Guide for Information Technology Systems: SP 800-26, which provides a checklist for safeguarding IT systems and sensitive and confidential information
Convert Privacy Warning Notices into electronic form to inform the user of the restrictions and penalties
77. DOI Privacy Act Warning Notice
78. The Privacy Act Safeguarding Privacy Act Records Safeguards must be in place to assure the integrity and confidentiality of the records while in transit.
When the records are transferred to a Federal Records Center (FRC) the appropriate use restrictions applicable must be specified on the transfer form
Follow NARA and NIST guidelines on disposing of sensitive information
79. All Employees
Bureau/Office Heads
Contractors
System Owners
System Developers
IT Security Mangers
System Managers
Information Collection Clearance Officers
Webmasters
80. Penalties Associated with the Privacy Act Criminal Penalties for:
Maintaining a system without a published notice
Prohibited disclosure
Obtaining information under false pretenses
Refer to Human Resource
Office policy on
violations and penalties
81. The Data Use Problems Tracking the conditions about the information through data use
P = Info on individuals and requirements/Restrictions
82. E-Gov Act of 2002 and Privacy In OMB Memo M-03-02, Attachment A, Section III provides Privacy Policies on Agency Websites
Key Points:
Follow current web policy (see OMB privacy policy website at www.whitehouse.gov/omb/privacy/website_privacy.html)
Web privacy policy notices (See Dept umbrella privacy policy notices on webpage template)
Specific privacy policy notices when collecting information from the public (for example: http://www.volunteer.gov/gov/privacy.cfm)
83. E-Gov Act of 2002 and Privacy
Key Points:
No persistent tracking web tools or persistent cookies
Comply with Childrens On-line Privacy Protection Act (See info at the FTC website (page 125) www.ftc.gov/bcp/conline/publs/buspubs/coppa.htm)
Machine readable privacy policy
84. E-Gov Act of 2002 and Privacy Requires Privacy Impact Assessments:
Checklist to ensure that existing Privacy Act and Govt privacy requirements are being applied to:
Collections of information about individuals,
New or amended information systems with info about individuals (at each SDLC),
System changes that create a privacy risk, and
New technology that may create a new privacy risk
85. E-Gov Act of 2002 and Privacy OMB Also requires them when a system change created a new privacy risk such as:
Converting paper to electronic records
Anonymous to Non-anonymous info
Significant system management changes
With merging, centralizing, matching databases
New user-authenticating technology used
Purchasing databases
E-Gov initiatives new interagency uses
Change in the business process creates a new use
86. Privacy Act systems not identified
Criminal penalties for not publishing Federal Register (FR) notices of new Privacy Act systems
Criminal penalties for making info from a Privacy Act system of records available to those not authorized to receive it
GAO and OMB Privacy Concerns
87. Making info from a Privacy Act system of records available for different purposes and uses other to those identified in the FR notice
Combining existing Privacy Act systems beyond purpose and use identified in the published Federal Register and Privacy Notice statement on collection forms
GAO and OMB Privacy Concerns
88. Not completing Privacy Impact Assessments for new or amended systems as required by the
E-Government Act of 2002 (See OMB Memo M-03-22)
Not completing Privacy Impact Assessments for the use of new technology that may affect an individuals privacy rights
GAO and OMB Privacy Concerns
89. FISMA and Privacy For the first time, agencies will include a detailed report on the strength of their privacy programs in their annual Federal Information Security Management Act report. Departments have until Oct. 7 to submit a FISMA report to the Office of Management and Budget. Administration officials then will create a report to send to Congress by March 2006.
Along with privacy, the FISMA report includes separate IT security evaluations by the agencys inspector general and the CIO. An IG review of the privacy program was optional in 2005. It will be required in 2006.
91. Government Web Requirements Government standards and guidelines in the development, implementation and maintenance of Government web presence:
See reference materials at the end of the handouts. Covers:
Privacy Policy
Information Collection
Records Management
Digital rights, Copyright, Trademark, Patent laws
92. Government Web Requirements Security protocols to protect information
Prohibition of lobbying
Government Paperwork Elimination Act
Paper Reduction Act
Small Business Paperwork Relief Act
Government Performance Results Act
93. Government Web Requirements Freedom of Information Act
Categorization of Information E-Gov Act of 2002 provisions
Section 508 of the Accessibility Act
Limited English Capability requirements
Information Quality
Posting Content E-Gov Act of 2002 provisions
94. Government Web Requirements Use of Government domains
Link and use of seal and logo requirements
Vendor and partner linking policy
Prohibition of commercial endorcement
Exit strategy
95. Sec. 508 Accessibility Requirement 508 of the Rehabilitation Act (29 U.S.C. 794D)
Implemented in July 13, 2000
Section 508 applies to the Federal government when developing, procuring, maintaining, or using electronic information technology
96. Sec. 508 Accessibility Requirement Under Section 508, Federal departments and agencies shall ensure, unless an undue burden would be imposed on the department or agency, that the electronic and information technology allows access to information and data, regardless of the type of medium of technology, subject to the provisions as outlined in Section 508
97. Sec. 508 Accessibility Requirement If an individual believes that a bureau or office has failed to procure electronic and information technology conforming to Section 508, that individual has the right to file a complaint under Section 508.
The procedure for filing a complaint under Section 508 shall be the same as described in USC 43 CFR 17.750(c) for filing a complaint under Section 504 or resolving allegations of discrimination in a federally conducted program or activity
98. Information Quality Requirements In February 2002, the Office of Management and Budget (OMB) issued a directive that all federal agencies issue and implement Information Quality Guidelines
Government agencies issued and implemented guidelines to ensure and maximize the quality, objectivity, utility, and integrity of information disseminated by its offices and bureaus
99. Information Quality Requirements In December 2004, OMB issued another bulletin relating to Information Quality, which required all federal agencies to implement and document a system for peer review of scientific information (see Departmental Websites for info on peer review)
101. Is a new technology being used in the project? Was a Privacy Impact Assessment (PIA) completed?
Was a PIA completed to evaluate the system?
Can information from one or more systems be used for this purpose? (See Privacy Act disclosure and use restrictions)
Funding for privacy safeguards, records management and security protections?
Consulted with the Information Collection, Privacy, FOIA and Records Officers?
Info Mgmt discussions in Exhibit 300
102. Is there an approval to collect and maintain the information?
Were steps taken to minimize the collection of information on individuals (only what necessary and approved by statute)?
Was the data examined to determine which is sensitive, non-public, restricted?
Establish access controls and safeguards for the Security Plan and Certification?
Was a Privacy Act system notice developed for the Federal Register?
New PIA to evaluate any privacy risks at this phase?
103. Records management requirements and implementation milestones in place?
Software to ensure appropriate records disposition capability?
Will contractors be used? Will another bureau or agency be used to manage the project which includes the Depts or bureaus data?
Were the roles and responsibilities included in the RFPs, contracts and Agreements? (E.g., who would handle info collection, safeguard, records management, PIA completion, Privacy Notice publication requirements. Who will respond to requests for info in the system? (Responding to FOIA and Privacy Act requests is inherently Governmental)).
104. Contracts include Privacy Act and FOIA clauses?
Website required? Need a domain name? Sec. 508 compliant?
Appropriate safeguard measures and access controls built into the system limiting disclosure and use of Privacy Act and other sensitive information?
105. New PIA to evaluate any changes in this phase?
Privacy and Security risk assessments?
Records requirements in place?
Meets information quality standards?
Appropriate documentation providing instructions provided to system manager, operators, and those with access?
Training for contractors and those managing the information?
106. Website designed with Government web requirements? Section 508 compliant?
New PIA to evaluate any changes in this phase?
Security and privacy protection measures appropriate?
Records requirements in place?
107. Previous imbedded in the system?
Privacy Impact Assessment for this phase?
Risk assessments?
108. Previous imbedded in the system?
Privacy Impact Assessment for this phase?
Risk assessments?
109. Previous imbedded in the system?
Privacy Impact Assessment for this phase?
Risk assessments?
110. Successful Project Management
111. Preventing Identity Theft Resources Federal Trade Commission privacy initiatives website: http://www.ftc.gov/privacy/index.html
Identity Protection Info: http://www.pueblo.gsa.gov/cic_text/money/idtheft_crooks/idtheft_crooks.htm
Treasury ID Theft DVD www.pueblo.gsa.gov
1-888-878-3256
112. For More Information
113. Information Collection References Government Paperwork Reduction Act
OMB Information Collection Guidelines: http://www.whitehouse.gov/omb/inforeg/infocoll.html#PRA
E-Government Act of 2002 (OMB Guidance memo: M-03-22)
Guidance on Agency Surveys and Statistical Collections (OMB Memo of January 20, 2006)
Departmental guidelines
114. Records Management References 44 USC Ch. 29
Federal agency records management programs must comply with regulations promulgated by both NARA (36 CFR 1220.2) and GSA guidelines.
Presidential Records Act (1978)
Paperwork Reduction Act (1980)
National Archives (44 USC 2107-2108)
115. FOIA References Enacted in 1966 (Amended substantially The FOIA (5 U.S.C. 552)
Electronic FOIA Amendments of 1996 (P.L. No. 104-231)
Executive Order, Improving Agency Disclosure of Information Jan 2005
Attorney General Ashcrofts FOIA Memorandum (October 2001)
Department FOIA Regulations and Manuals and Handbooks
DOJ FOIA Guide & Privacy Act Overview
OMB Fee Guidelines (52 Fed. Reg. 10012)
116. Government Privacy References
The Privacy Act of 1974
The Federal Information Security
Management Act of 2002:
- Improving the security and privacy of sensitive information in Federal computer systems.
Health Insurance Portability and Accountability Act of 1996
The Consolidated Appropriation Act of 2005:
Several provisions related to privacy require a Privacy Officer, privacy and data protection procedures and policies, and independent third-party reviews
117. Government Privacy References
The Paperwork Reduction Act of 1995 (As amended by the Clinger-Cohen)
Addresses authority and procedures to collect information from individual members of the public and Privacy Act compliance.
The Paperwork Elimination Act of 1998
Federal agencies must allow individuals the option to submit information or transact with the agency electronically, when practicable, and to maintain records electronically, when practicable. Requires analysis of privacy impact.
118. Government Privacy References Office of Management and Budget (OMB) Circular A-130, Appendix I: Agency Responsibilities for Maintaining Information About Individuals
OMB Circular A-11: Budget Submissions (Sec. 53 on Info Technology and E-Gov
OMB Circular A-16: Coordination of Geographic Information. See sections on protecting privacy in GIS info.
OMB Circular A-123:
Management Accountability - compliance with federal laws
119. Government Privacy References OMB Memorandum M-99-18, Privacy Policies on Federal Web Sites (June 2, 1999)
OMB Memorandum M-00-13, Privacy Policies and Data Collection on Federal Web Sites (June22, 2000)
M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 (September 30, 2003)
120. Government Privacy References
OMB Memorandum, M-05-15, FY 2005 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management (June13, 2005)
OMB Memorandum, M-05-24, Implementation of Homeland Security Presidential Directive (HSPD) 12 Policy for a Common Identification Standard for Federal Employees and Contractors (August 5, 2005)
121. Web Standards References OMB policies for Federal Web sites (www.firstgov.gov/webcontent/)
Section 508 of the Rehabilitation Act (29 U.S.C. 794d)
Section 515 of the Treasury and General Government Appropriations Act for FY 2001: Public Lay 106-554, Guidelines for Ensureing and Maximizing the Quality Objectivity, Utility, and Integrity of Information Disseminated by Federal Organizations
E-Government Act of 2002, Section 207(f)(1)(B)
122. Web Standards References OMB Memorandum M-03-22: Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002
The Privacy Act of 1974
Childrens Online Privacy Protection Act of 1998 (COPPA)
Digital Millenium Copyright Act
Copyright Law
U.S. Trademark Law
U.S. Patent Law, U.S.C. 35, Chapter 26
123. Web Standards References NARA guidelines on managing web records of January 2005
Prohibition of Lobbying, 18 U.S.C. 1913.
Paperwork Reduction Act (44 U.S.C. Chapter 35)
Govt Paperwork Elimination Act of 2003
Freedom of Information Act
Executive Order 13166 Improving Access to Services for People with Limited English Proficiency
124. Section 508 and Information Quality References OMB Memo on Sec 508 of August 11, 2005
GSA Website on Sec. 508 (http://www.section508.gov/OMB Web Page on Information Quality guidelines)
(http://www.whitehouse.gov/omb/inforeg/infopoltech.html#iq)