THE WHITE HOUSE
OFFICE OF THE PRESS SECRETARY
OFFICE OF MANAGEMENT AND BUDGET
Management of Federal Information Resources
AGENCY: Office of Management and Budget, Executive Office of the President.
ACTION: Revision of OMB Circular No. A-130.
SUMMARY: The Office of Management and Budget (OMB) is revising Circular No. A-130, Management of Federal Information Resources. This notice revises those portions of the circular concerning information management policy, including policies relating to information dissemination, records management, and cooperation with State and local governments. This Circular supersedes OMB Circular Nos. A-3 and A-114.
DATE: This Circular is effective June 25, 1993.
ELECTRONIC AVAILABILITY: This document is available on the Internet via anonymous File Transfer Protocol (FTP) from nis.nsf.net as /omb/omb.a130.rev2 (do not use any capital letters in the file name). For those who do not have FTP capability, the document can also be retrieved via mail query by sending an electronic mail message to email@example.com with no subject, and with send omb.a130.rev2 as the first line of the body of the message. For assistance using FTP, mail query, or electronic mail, please contact your system administrator.
FOR FURTHER INFORMATION CONTACT: Peter N. Weiss, Information Policy Branch, Office of Information and Regulatory Affairs, Office of Management and Budget, Room 3235 New Executive Office Building, Washington, D.C. 20503. Telephone: (202) 395-4814.
The Paperwork Reduction Act (PRA) (44 U.S.C. Chapter 35) assigns the Director of OMB responsibility for maintaining a comprehensive set of information resources management (IRM) policies and for promoting the application of information technology to improve the use and dissemination of information by Federal agencies.
To fulfill these responsibilities, OMB issued Circular No. A-130, Management of Federal Information Resources (50 FR 52730; December 24, 1985), which provided a policy framework for the management of Federal information resources. Since the Circular was issued in 1985, Federal agencies have introduced major new information programs involving the electronic collection and dissemination of information. Congress has also enacted several laws bearing on the Circular, especially amendments to the PRA (Public Law 99-500), the Computer Security Act of 1987 (Public Law 100-235), the Computer Matching and Privacy Protection Act of 1988 (Public Law 100-503), and the Computer Matching and Privacy Protection Amendments of 1990 (Public Law 101-508). Since publication of the Circular, OMB has addressed the need for additional guidance in several notices:
(1) Notice of Policy Guidance on Electronic Collection of Information (52 FR 29454; August 7, 1987); (2) Advance Notice of Further Policy Development on Dissemination of Information (54 FR 214; January 4, 1989); (3) Second Advance Notice of Further Policy Development on Dissemination of Information (54 FR 25554; June 15, 1989); (4) Advance Notice of Plans for Revision of OMB Circular No. A-130 (56 FR 9026; March 4, 1991); (5) Proposed Revision of OMB Circular No. A-130 (57 FR 18296; April 29, 1992). Also, consistent with the October 1, 1991, Notice of
Rescission of OMB Circulars (56 FR 49824), OMB is incorporating into Circular No. A-130 certain provisions of existing Circular No. A-3, Government Publications, and of Circular No. A-114, Management of Federal Audiovisual Activities. As of the effective date of these revisions, Circular Nos. A-3 and A-114 are rescinded.
The purpose of the revision is to bring into proper perspective the following key areas that were not sufficiently emphasized in the original circular:
(1) IRM planning, with special focus on the information life cycle. (2) The role of State and local governments in the management of information resources, and the need for Federal agencies to consider the effects of their information activities on those governments. (3) Records management, with a special focus on the need to properly manage electronic records. (4) Electronic collection and dissemination of information, identifying those conditions where agencies should consider using electronic techniques in order to reduce costs or provide better services. (5) Information dissemination policy, stating the basic responsibility of all agencies to disseminate information consistent with their missions, and laying out the structure and substance of agency dissemination management programs.
Structure of this Revision
This revision affects primarily Section 6 of the Circular, Definitions; Section 7, Basic Considerations and Assumptions; Section 8a, Information Management Policy, and Appendix IV, Analysis of Key Sections. Minor changes are made in other sections. The structural outline of the Circular, together with notations as to which parts are changed, is presented below.
Outline of OMB Circular No. A-130 [as Revised]:
Appendix I: Federal Agency Responsibilities for Maintaining Records about Individuals [Changed] Appendix II: Cost Accounting, Cost Recovery, and Interagency Sharing of Information Technology Facilities [Unchanged] Appendix III: Security of Federal Automated Information Systems [Unchanged] Appendix IV: Analysis of Key Sections [Changes reflecting revisions to policy.] The revised portions are printed in their entirety.
Summary of Revisions
Section 3. Authorities. This notice adds a reference to the Computer Security Act of 1987 and the Chief Financial Officers Act of 1990.
Section 6. Definitions. OMB defines the terms "record" and "records management" as set forth at 44 U.S.C. 3301 and 44 U.S.C. 2901(2) respectively because the newly proposed policy explicitly covers records management, and defines the terms "information life cycle" and "information dissemination product" because policy statements regarding records management and information dissemination use the terms. The term "audiovisual production" is defined in order to incorporate policy presently contained in Circular No. A-114. The revision modifies the definition of the term "information" for clarity. The term "government information" is expanded to include information created, collected, processed, disseminated, or disposed of by "or for" the Federal Government. The term "access to information" is deleted because its use has caused confusion.
Section 7. Basic Considerations and Assumptions. Aside from minor stylistic changes and renumbering, the revisions are as follows:
Section 8a. Information Management Policy. The section begins with a set of policy statements concerning IRM planning with special emphasis on the information life cycle. Both in the planning statements and elsewhere, are new policy statements concerning the role of State and local governments and concerning records management. Also introduced are new policy statements regarding electronic collection and dissemination of information. The information dissemination policy statements are the most
extensively revised, incorporating the concepts set forth in the June 15, 1989, notice (54 FR 25554).
Section 8a(1). Information Management Planning. This policy is new. However, Section 8a(1)(d), pertaining to acquiring information through sharing from existing sources is incorporated from the existing Circular at 8a(2).
Section 8a(2) and (3). Information Collection. Section 8a(2) states the applicable information collection principles derived primarily from PRA. Section 8a(3) introduces a new policy concerning situations under which electronic information collection is appropriate. These statements revise those proposed in the August 7, 1987, notice (52 FR 29454).
Section 8a(4). Records Management. Section 8a(4) sets forth basic policy regarding records management.
Sections 8a(5) and 8a(6). Information Dissemination Policy. The notice of June 15, 1989, set forth certain conclusions about the proper role for executive branch agencies in government information dissemination and the boundaries between Federal and nonfederal roles. OMB has used these conclusions as a starting point for revising information dissemination policy.
Section 8a(5) states the basic responsibility of all agencies to provide information to the public consistent with their missions. It also sets forth guidance on how agencies should go about disseminating information.
Section 8a(6) is a new policy that agencies maintain an information dissemination management system to ensure the routine performance of certain dissemination functions. The system and its functions are new provisions; however, they set in place some requirements originally contained in OMB Bulletins 88-14, 89-15, 90-09, and 91-16. Finally, this section incorporates certain requirements from Circular No. A-3, Government Publications, which is rescinded.
Section 8a(7). Avoiding Improperly Restrictive Practices. Section 8a(7) states a new policy concerning agency control over information that it intends to disseminate. This section also states policy regarding user charges for information dissemination products.
Section 8a(8). Electronic Information Dissemination. New section 8a(8) sets forth policy about when agencies should consider disseminating information in electronic format. This section parallels section 8a(3) concerning electronic information collection.
Section 8a(9). Information Safeguards. Section 8a(9) incorporates policy statements found in the existing Circular at 8a(3) through (6).
Section 9. Assignment of Responsibilities. New section 9(a)(10) carries over the requirement in Circular No. A-114 that the head of each agency designate an office with responsibility for management oversight of agency audiovisual productions, facilities and activities. Section 9(a)(11) adds a requirement that the agency designated IRM official monitor agency compliance with the policies contained in the Circular and act as an ombudsman to consider alleged instances of agency failure to comply.
Appendix I: Federal Agency Responsibilities for Maintaining Records About Individuals. Changes to agency responsibilities resulting from recent enactments of privacy legislation have previously been issued in OMB guidance, and are incorporated into Appendix I.
Appendix IV: Analysis of Key Sections. This appendix is completely revised and provides a general context and explanation of the contents of the key sections of the Circular. It explains the changes made to the original Circular by this notice, and reflects OMB's consideration and resolution of the comments received in response to the revisions proposed on April 29, 1992 (57 FR 18296).
Plans for Development of Other Topics
The second phase of revisions to Circular No. A-130, which is being published separately, will address the following areas:
Section 8b. Information Systems and Information Technology Management. The revisions to Section 8b of the circular will focus on strategic IRM planning and analysis of proposed investments in information technology. The Circular will state policy principles to guide agency planning and explain OMB's expectations when reviewing agency budget requests for investments in information technology. OMB intends to make more explicit the policy connections between A-130 and OMB policy documents including Circular Nos. A-109, A-123 and A-127, with the goal of avoiding unnecessary overlap and harmonizing definitions among all four. It will link the management of information technology to agency strategic planning, stress incorporating user needs when preparing requirements analyses, and suggest policy level control and review mechanisms for IRM policies and life cycle management of projects.
Appendix II: Cost Accounting, Cost Recovery, and Interagency Sharing of Information Technology Facilities. OMB will revise Appendix II to reflect changes in law made by the Chief Financial Officers Act and the Budget Enforcement Act of 1990. These requirements include ensuring that accounting and reimbursements for sharing of information technology facilities are monitored and approved. The revision will also address the use of revolving funds for cost recovery and accounting for inter-agency and intra-agency reimbursements. In addition, the revision will address the budgetary scoring of capital leases and lease-topurchase agreements for information technology.
Appendix III: Security of Federal Automated Information Systems. OMB will revise Appendix III to incorporate requirements of the Computer Security Act of 1987, including requirements for security plans described in OMB Bulletin 90-08. Those revisions will incorporate changes based on the experience gained in recent computer security visits to major agencies. OMB will also work with the National Institute of Standards and Technology to implement recommendations of the Computer Security and Privacy Advisory Board (established by the Computer Security Act) regarding better coordination between this Circular and OMB Circular No. A-123.
Accordingly, Circular No. A-130 is revised as set forth below.
Office of Information and
CIRCULAR NO. A-130 Revised Transmittal Memorandum No. 1
TO THE HEADS OF EXECUTIVE DEPARTMENTS AND ESTABLISHMENTS
SUBJECT: Management of Federal Information Resources
Circular No. A-130 provides uniform government-wide information resources management policies as required by the Paperwork Reduction Act of 1980, 44 U.S.C. Chapter 35. This Transmittal Memorandum contains updated guidance on those portions of the Circular dealing with information resources management planning, records management and information dissemination policy. It also contains a revised Appendix I, "Federal Agency Responsibilities for Maintaining Records About Individuals," and a revised Appendix IV, "Analysis of Key Sections."
This Circular replaces and rescinds OMB Circular No. A-3, "Government Publications," dated May 2, 1985, and OMB Circular No. A-114, "Management of Federal Audiovisual Activities," dated March 20, 1985.
Leon E. Panetta Director
Attachment CIRCULAR NO. A-130 Revised (Transmittal Memorandum No. 1)
MEMORANDUM FOR HEADS OF EXECUTIVE DEPARTMENTS AND ESTABLISHMENTS
SUBJECT: Management of Federal Information Resources
(1) Information Management Planning. Agencies shall plan in an integrated manner for managing information throughout its life cycle. Agencies shall:
(a) Consider, at each stage of the information life cycle, the effects of decisions and actions on other stages of the life cycle, particularly those concerning information dissemination;
(b) Consider the effects of their actions on members of the public and ensure consultation with the public as appropriate;
(c) Consider the effects of their actions on State and local governments and ensure consultation with those governments as appropriate;
(d) Seek to satisfy new information needs through interagency or intergovernmental sharing of information, or through commercial sources, where appropriate, before creating or collecting new information;
(e) Integrate planning for information systems with plans for resource allocation and use, including budgeting, acquisition, and use of information technology;
(f) Train personnel in skills appropriate to management of information;
(g) Protect government information commensurate with the risk and magnitude of harm that could result from the loss, misuse, or unauthorized access to or modification of such information;
(h) Use voluntary standards and Federal Information Processing Standards where appropriate or required;
(i) Consider the effects of their actions on the privacy rights of individuals, and ensure that appropriate legal and technical safeguards are implemented;
(j) Record, preserve, and make accessible sufficient information to ensure the management and accountability of agency programs, and to protect the legal and financial rights of the Federal Government;
(k) Incorporate records management and archival functions into the design, development, and implementation of information systems;
(l) Provide for public access to records where required or appropriate.
(2) Information Collection. Agencies shall collect or create only that information necessary for the proper performance of agency functions and which has practical utility.
(3) Electronic Information Collection. Agencies shall use electronic collection techniques where such techniques reduce burden on the public, increase efficiency of government programs, reduce costs to the government and the public, and/or provide better service to the public. Conditions favorable to electronic collection include:
(a) The information collection seeks a large volume of data and/or reaches a large proportion of the public;
(b) The information collection recurs frequently;
(c) The structure, format, and/or definition of the information sought by the information collection does not change significantly over several years;
(d) The agency routinely converts the information collected to electronic format;
(e) A substantial number of the affected public are known to have ready access to the necessary information technology and to maintain the information in electronic form;
(f) Conversion to electronic reporting, if mandatory, will not impose substantial costs or other adverse effects on the public, especially State and local governments and small business entities.
(4) Records Management. Agencies shall:
(a) Ensure that records management programs provide adequate and proper documentation of agency activities;
(b) Ensure the ability to access records regardless of form or medium;
(c) In a timely fashion, establish, and obtain the approval of the Archivist of the United States for, retention schedules for Federal records; and
(d) Provide training and guidance as appropriate to all agency officials and employees and contractors regarding their Federal records management responsibilities.
(5) Providing Information to the Public. Agencies have a responsibility to provide information to the public consistent with their missions. Agencies shall discharge this responsibility by:
(a) Providing information, as required by law, describing agency organization, activities, programs, meetings, systems of records, and other information holdings, and how the public may gain access to agency information resources;
(b) Providing access to agency records under provisions of the Freedom of Information Act and the Privacy Act, subject to the protections and limitations provided for in these Acts;
(c) Providing such other information as is necessary or appropriate for the proper performance of agency functions; and
(d) In determining whether and how to disseminate information to the public, agencies shall:
(i) Disseminate information in a manner that achieves the best balance between the goals of maximizing the usefulness of the information and minimizing the cost to the government and the public;
(ii) Disseminate information dissemination products on equitable and timely terms;
(iii) Take advantage of all dissemination channels, Federal and nonfederal, including State and local governments, libraries and private sector entities, in discharging agency information dissemination responsibilities;
(iv) Help the public locate government information maintained by or for the agency.
(6) Information Dissemination Management System. Agencies shall maintain and implement a management system for all information dissemination products which shall, at a minimum:
(a) Assure that information dissemination products are necessary for proper performance of agency functions (44 U.S.C. 1108);
(b) Consider whether an information dissemination product available from other Federal or nonfederal sources is equivalent to an agency information dissemination product and reasonably fulfills the dissemination responsibilities of the agency;
(c) Establish and maintain inventories of all agency information dissemination products;
(d) Develop such other aids to locating agency information dissemination products including catalogs and directories, as may reasonably achieve agency information dissemination objectives;
(e) Identify in information dissemination products the source of the information, if from another agency;
(f) Ensure that members of the public with disabilities whom the agency has a responsibility to inform have a reasonable ability to access the information dissemination products;
(g) Ensure that government publications are made available to depository libraries through the facilities of the Government Printing Office, as required by law (44 U.S.C. Part 19);
(h) Provide electronic information dissemination products to the Government Printing Office for distribution to depository libraries;
(i) Establish and maintain communications with members of the public and with State and local governments so that the agency creates information dissemination products that meet their respective needs;
(j) Provide adequate notice when initiating, substantially modifying, or terminating significant information dissemination products; and
(k) Ensure that, to the extent existing information dissemination policies or practices are inconsistent with the requirements of this Circular, a prompt and orderly transition to compliance with the requirements of this Circular is made.
(7) Avoiding Improperly Restrictive Practices. Agencies shall:
(a) Avoid establishing, or permitting others to establish on their behalf, exclusive, restricted, or other distribution arrangements that interfere with the availability of information dissemination products on a timely and equitable basis;
(b) Avoid establishing restrictions or regulations, including the charging of fees or royalties, on the reuse, resale, or redissemination of Federal information dissemination products by the public; and,
(c) Set user charges for information dissemination products at a level sufficient to recover the cost of dissemination but no higher. They shall exclude from calculation of the charges costs associated with original collection and processing of the information. Exceptions to this policy are:
(i) Where statutory requirements are at variance with the policy;
(ii) Where the agency collects, processes, and disseminates the information for the benefit of a specific identifiable group beyond the benefit to the general public;
(iii) Where the agency plans to establish user charges at less than cost of dissemination because of a determination that higher charges would constitute a significant barrier to properly performing the agency's functions, including reaching members of the public whom the agency has a responsibility to inform; or
(iv) Where the Director of OMB determines an exception is warranted.
(8) Electronic Information Dissemination. Agencies shall use electronic media and formats, including public networks, as appropriate and within budgetary constraints, in order to make government information more easily accessible and useful to the public. The use of electronic media and formats for information dissemination is appropriate under the following conditions:
(a) The agency develops and maintains the information electronically;
(b) Electronic media or formats are practical and cost effective ways to provide public access to a large, highly detailed volume of information;
(c) The agency disseminates the product frequently;
(d) The agency knows a substantial portion of users have ready access to the necessary information technology and training to use electronic information dissemination products;
(e) A change to electronic dissemination, as the sole means of disseminating the product, will not impose substantial acquisition or training costs on users, especially State and local governments and small business entities.
(9) Safeguards. Agencies shall:
(a) Ensure that information is protected commensurate with the risk and magnitude of the harm that would result from the loss, misuse, or unauthorized access to or modification of such information;
(b) Limit the collection of information which identifies individuals to that which is legally authorized and necessary for the proper performance of agency functions;
(c) Limit the sharing of information that identifies individuals or contains proprietary information to that which is legally authorized, and impose appropriate conditions on use where a continuing obligation to ensure the confidentiality of the information exists;
(d) Provide individuals, upon request, access to records about them maintained in Privacy Act systems of records, and permit them to amend such records as are in error consistent with the provisions of the Privacy Act.
b. Information Systems and Information Technology Management. [This Section is unaffected by this revision. See 50 FR 52730 (December 24, 1985).]
9. Assignment of Responsibilities:
(1) Have primary responsibility for managing agency information resources;
(2) Ensure that the information policies, principles, standards, guidelines, rules, and regulations prescribed by OMB are implemented appropriately within the agency;
(3) Develop internal agency information policies and procedures and oversee, evaluate, and otherwise periodically review agency information resources management activities for conformity with the policies set forth in this Circular;
(4) Develop agency policies and procedures that provide for timely acquisition of required information technology;
(5) Maintain an inventory of the agencies' major information systems and information dissemination programs;
(6) Create, maintain, and dispose of a record of agency activities in accordance with the Federal Records Act of 1950, as amended;
(7) Identify to the Director, OMB, statutory, regulatory, and other impediments to efficient management of Federal information resources and recommend to the Director legislation, policies, procedures, and other guidance to improve such management;
(8) Assist OMB in the performance of its functions under the PRA including making services, personnel, and facilities available to OMB for this purpose to the extent practicable;
(9) Appoint a senior official, as required by 44 U.S.C. 3506(b), who shall report directly to the agency head to carry out the responsibilities of the agency under the PRA. The head of the agency shall keep the Director, OMB, advised as to the name, title, authority, responsibilities, and organizational resources of the senior official. For purposes of this paragraph, military departments and the Office of the Secretary of Defense may each appoint one official.
(10) Designate an office with responsibility for management oversight of agency audiovisual productions and establish an appropriate program for the management of audiovisual productions, facilities, and activities in conformance with the requirements contained at 36 CFR 1232.4.
(11) Direct the senior official appointed pursuant to 44 U.S.C. 3506(b) to monitor agency compliance with the policies, procedures, and guidance in this Circular. Acting as an ombudsman, the senior official shall consider alleged instances of agency failure to comply with this Circular and recommend or take corrective action as appropriate. The senior official shall report annually, not later than February 1st of each year, to the Director those instances of alleged failure to comply with this Circular and their resolution.
b. Department of State. The Secretary of State shall:
(1) Advise the Director, OMB, on the development of United States positions and policies on international information policy issues affecting Federal Government information activities and ensure that such positions and policies are consistent with Federal information resources management policy;
(2) Ensure, in consultation with the Secretary of Commerce, that the United States is represented in the development of international information technology standards, and advise the Director, OMB, of such activities.
c. Department of Commerce. The Secretary of Commerce shall:
(1) Develop and issue Federal Information Processing Standards and guidelines necessary to ensure the efficient and effective acquisition management security, and use of information technology;
(2) Advise the Director, OMB, on the development of policies relating to the procurement and management of Federal telecommunications resources;
(3) Provide OMB and the agencies with scientific and technical advisory services relating to the development and use of information technology;
(4) Conduct studies and evaluations concerning telecommunications technology, and concerning the improvement, expansion, testing, operation, and use of Federal telecommunications systems and advise the Director, OMB, and appropriate agencies of the recommendations that result from such studies;
(5) Develop, in consultation with the Secretary of State and the Director of OMB, plans, policies, and programs relating to international telecommunications issues affecting government information activities;
(6) Identify needs for standardization of telecommunications and information processing technology, and develop standards, in consultation with the Secretary of Defense and the Administrator of General Services, to ensure efficient application of such technology;
(7) Ensure that the Federal Government is represented in the development of national and, in consultation with the Secretary of State, international information technology standards, and advise the Director, OMB, of such activities.
d. Department of Defense. The Secretary of Defense shall develop, in consultation with the Administrator of General Services, uniform Federal telecommunications standards and guidelines to ensure national security, emergency preparedness, and continuity of government.
e. General Services Administration. The Administrator of General Services shall:
(1) Advise the Director, OMB, and agency heads on matters affecting the procurement of information technology;
(2) Coordinate and, when required, provide for the purchase, lease, and maintenance of information technology required by Federal agencies;
(3) Develop criteria for timely procurement of information technology and delegate procurement authority to agencies that comply with the criteria;
(4) Provide guidelines and regulations for Federal agencies, as authorized by law, on the acquisition, maintenance, and disposition of information technology;
(5) Develop policies and guidelines that facilitate the sharing of information technology among agencies as required by this Circular;
(6) Review agencies' information resources management activities to meet the objectives of the triennial reviews required by the PRA and report the results to the Director, OMB;
(7) Manage the Automatic Data Processing Fund and the Federal Telecommunications Fund in accordance with the Federal Property and Administrative Services Act as amended;
(8) Establish procedures for approval, implementation, and dissemination of Federal telecommunications standards and guidelines and for implementation of Federal Information Processing Standards.
f. Office of Personnel Management. The Director, Office of Personnel Management, shall:
(1) Develop and conduct training programs for Federal personnel on information resources management including end-user computing;
(2) Evaluate periodically future personnel management and staffing requirements for Federal information resources management;
(3) Establish personnel security policies and develop training programs for Federal personnel associated with the design, operation, or maintenance of information systems.
g. National Archives and Records Administration. The Archivist of the United States shall:
(1) Administer the Federal records management program in accordance with the National Archives and Records Act;
(2) Assist the Director, OMB, in developing standards and guidelines relating to the records management program.
h. Office of Management and Budget. The Director of the Office of Management and Budget shall:
(1) Provide overall leadership and coordination of Federal information resources management within the executive branch;
(2) Serve as the President's principal adviser on procurement and management of Federal telecommunications systems, and develop and establish policies for procurement and management of such systems;
(3) Issue policies, procedures, and guidelines to assist agencies in achieving integrated, effective, and efficient information resources management;
(4) Initiate and review proposals for changes in legislation, regulations, and agency procedures to improve Federal information resources management;
(5) Review and approve or disapprove agency proposals for collection of information from the public, as defined by 5 CFR 1320.7;
(6) Develop and publish annually in consultation with the Administrator of General Services, a five-year plan for meeting the information technology needs of the Federal Government;
(7) Evaluate agencies' information resources management and identify cross-cutting information policy issues through the review of agency information programs, information collection budgets, information technology acquisition plans, fiscal budgets, and by other means;
(8) Provide policy oversight for the Federal records management function conducted by the National Archives and Records Administration and coordinate records management policies and programs with other information activities;
(9) Review, with the advice and assistance of the Administrator of General Services, selected agencies' information resources management activities to meet the objectives of the triennial reviews required by the PRA;
(10) Review agencies' policies, practices, and programs pertaining to the security, protection, sharing, and disclosure of information, in order to ensure compliance with the Privacy Act and related statutes;
(11) Resolve information technology procurement disputes between agencies and the General Services Administration pursuant to Section 111 of the Federal Property and Administrative Services Act;
(12) Review proposed U.S. Government Position and Policy statements on international issues affecting Federal Government information activities and advise the Secretary of State as to their consistency with Federal information resources management policy.
This Appendix describes agency responsibilities for implementing the reporting and publication requirements of the Privacy Act of 1974, 5 U.S.C. 552a, as amended (hereinafter "the Act"). It applies to all agencies subject to the Act. Note that this Appendix does not rescind other guidance OMB has issued to help agencies interpret the Privacy Act's provisions, e.g., Privacy Act Guidelines (40 FR 28949-28978, July 9, 1975), or Final Guidance for Conducting Matching Programs (54 FR at 25819, June 19, 1989).
(1) Section (m) Contracts. Review every two years a random sample of agency contracts that provide for the maintenance of a system of records on behalf of the agency to accomplish an agency function, in order to ensure that the wording of each contract makes the provisions of the Act binding on the contractor and his or her employees. (See 5 U.S.C. 552a(m)(1))
(2) Recordkeeping Practices. Review annually agency recordkeeping and disposal policies and practices in order to assure compliance with the Act, paying particular attention to the maintenance of automated records.
(3) Routine Use Disclosures. Review every four years the routine use disclosures associated with each system of records in order to ensure that the recipient's use of such records continues to be compatible with the purpose for which the disclosing agency collected the information.
(4) Exemption of Systems of Records. Review every four years each system of records for which the agency has promulgated exemption rules pursuant to Section (j) or (k) of the Act in order to determine whether such exemption is still needed.
(5) Matching Programs. Review annually each ongoing matching program in which the agency has participated during the year, either as a source or as a matching agency, in order to ensure that the requirements of the Act, the OMB guidance, and any agency regulations, operating instructions, or guidelines have been met.
(6) Privacy Act Training. Review annually agency training practices in order to ensure that all agency personnel are familiar with the requirements of the Act, with the agency's implementing regulation, and with any special requirements of their specific jobs.
(7) Violations. Review annually the actions of agency personnel that have resulted either in the agency being found civilly liable under Section (g) of the Act, or an employee being found criminally liable under the provisions of Section (i) of the Act, in order to determine the extent of the problem and to find the most effective way to prevent recurrence of the problem.
(8) Systems of Records Notices. Review annually each system of records notice to ensure that it accurately describes the system of records. Where minor changes are needed, e.g., the name of the system manager, ensure that an amended notice is published in the FEDERAL REGISTER. Agencies may choose to make one annual comprehensive publication consolidating such minor changes. This requirement is distinguished from and in addition to the requirement to report to OMB and Congress significant changes to systems of records and to publish those changes in the FEDERAL REGISTER (See paragraph 4c of this Appendix).
b. Department of Commerce. The Secretary of Commerce shall, consistent with guidelines issued by the Director, OMB, develop and issue standards and guidelines for ensuring the security of information protected by the Act in automated information systems.
c. The Department of Defense, General Services Administration, and National Aeronautics and Space Administration. These agencies shall, consistent with guidelines issued by the Director, OMB, ensure that instructions are issued on what agencies must do in order to comply with the requirements of Section (m) of the Act when contracting for the operation of a system of records to accomplish an agency purpose.
d. Office of Personnel Management. The Director of the Office of Personnel Management shall, consistent with guidelines issued by the Director, OMB:
(1) Develop and maintain government-wide standards and procedures for civilian personnel information processing and recordkeeping directives to assure conformance with the Act.
(2) Develop and conduct Privacy Act training programs for agency personnel, including both the conduct of courses in various substantive areas (e.g., administrative, information technology) and the development of materials that agencies can use in their own courses. The assignment of this responsibility to OPM does not affect the responsibility of individual agency heads for developing and conducting training programs tailored to the specific needs of their own personnel.
e. National Archives and Records Administration. The Archivist of the United States through the Office of the FEDERAL REGISTER, shall, consistent with guidelines issued by the Director, OMB:
(1) Issue instructions on the format of the agency notices and rules required to be published under the Act.
(2) Compile and publish every two years, the rules promulgated under 5 U.S.C. 552a(f) and agency notices published under 5 U.S.C. 552a(e)(4) in a form available to the public at low cost.
(3) Issue procedures governing the transfer of records to Federal Records Centers for storage, processing, and servicing pursuant to 44 U.S.C. 3103. For purposes of the Act, such records are considered to be maintained by the agency that deposited them. The Archivist may disclose deposited records only according to the access rules established by the agency that deposited them.
f. Office of Management and Budget. The Director of the Office of Management and Budget will:
(1) Issue guidelines and directives to the agencies to implement the Act.
(2) Assist the agencies, at their request, in implementing their Privacy Act programs.
(3) Review new and altered system of records and matching program reports submitted pursuant to Section (o) of the Act.
(4) Compile the biennial report of the President to Congress in accordance with Section (s) of the Act.
(5) Compile and issue a biennial report on the agencies' implementation of the computer matching provisions of the Privacy Act, pursuant to Section (u)(6) of the Act.
4. Reporting Requirements. The Privacy Act requires agencies to make the following kinds of reports:
ReportWhen DueRecipient**Biennial Privacy Act
ReportJune 30, 1994, 1996, 1998,
r, OIRABiennial Matching
Activity ReportJune 30, 1994, 1996, 1998, 2000Administrato
r, OIRANew System of
Records ReportWhen establishing a system of records - at least 40
days before operating
CongressAltered System of
Records ReportWhen adding a new routine use, exemption, or otherwise
significantly altering an
existing system of records -
at least 40 days before
change to system takes
CongressNew Matching Program
Report When establishing new
matching program - at least
40 days before operating
CongressRenewal of Existing
Matching ProgramAt least 40 days prior to expiration of one year
extension of original
program - treat as new
ProgramWhen making a significant
change to an existing
matching program - at least
40 days before operating
CongressMatching AgreementsAt least 40 days prior to start of matching program*Congress
* Review Period: Note that the statutory reporting requirement is 30 days prior; the additional 10 days will ensure that OMB and Congress have sufficient time to review the proposal. Agencies should therefore ensure that reports are mailed expeditiously after being signed.
House of Representatives:
The Chair of the House Committee on Government Operations, 2157 RHOB, Washington, D.C. 20515-6143.
The Chair of the Senate Committee on Governmental Affairs, 340 SDOB, Washington, D.C. 20510-6250.
Office of Management and Budget:
The Administrator of the Office of Information and Regulatory Affairs, Office of Management and Budget, ATTN: Docket Library, NEOB Room 3201, Washington, D.C. 20503.
(1) A listing of publication activity during the year showing the following:
The agency should provide a brief narrative describing those activities in detail, e.g., "the Department added a (k)(1) exemption to an existing system of records entitled "Investigative Records of the Office of Investigations;" or "the agency added a new routine use to a system of records entitled "Employee Health Records" that would permit disclosure of health data to researchers under contract to the agency to perform workplace risk analysis."
(2) A brief description of any public comments received on agency publication and implementation activities, and agency response.
(3) Number of access and amendment requests from record subjects citing the Privacy Act that were received during the calendar year of the report. Also the disposition of requests from any year that were completed during the calendar year of the report:
(4) Number of instances in which individuals brought suit under section (g) of the Privacy Act against the agency and the results of any such litigation that resulted in a change to agency practices or affected guidance issued by OMB.
(5) Results of any reviews undertaken in response to paragraph 3a of this Appendix.
(6) Description of agency Privacy Act training activities conducted in accordance with paragraph 3a(6) of this Appendix.
b. Biennial Matching Activity Report (See 5 U.S.C. 552a(u)(3)(D)). At the end of each calendar year, the Data Integrity Board of each agency that has participated in matches covered by the computer matching provisions of the Privacy Act will collect data summarizing that year's matching activity. The Act requires that such activity be reported every two years. OMB will establish the exact format of the report, but agencies' Data Integrity Boards should be prepared to report the data identified below both to the agency head and to OMB.
(1) A listing of the names and positions of the
of the Data Integrity Board and showing separately the name of the
Board Secretary, his or her agency mailing address, and telephone number. Also show and explain any changes in membership or structure occurring during the reporting year.
(2) A listing of each matching program, by title and purpose, in which the agency participated during the reporting year. This listing should show names of participant agencies, give a brief description of the program, and give a citation including the date to the FEDERAL REGISTER notice describing the program.
(3) For each matching program, an indication of
the cost/benefit analysis performed resulted in a favorable ratio.
The Data Integrity Board should explain why the agency proceeded with any matching program for which an unfavorable ratio was reached.
(4) For each program for which the Board waived a cost/benefit analysis, reasons for the waiver and the results of match, if tabulated.
(5) A description of each matching agreement the Board rejected and an explanation of why it was rejected.
(6) A listing of any violations of matching agreements that have been alleged or identified, and a discussion of any action taken.
(7) A discussion of any litigation involving the agency's participation in any matching program.
(8) For any litigation based on allegations of
inaccurate records, an explanation of the steps the agency used
ensure the integrity of its data as well as the verification process it used in the matching program, including an assessment of the adequacy of each.
c. New and Altered System of Records Report. The Act requires agencies to publish notices in the FEDERAL REGISTER describing new or altered systems of records, and to submit reports to OMB, and to the Chair of the Committee on Government Operations of the House of Representatives, and the Chair of the Committee on Governmental Affairs of the Senate. The reports must be transmitted at least 40 days prior to the operation of the new system of records or the date on which the alteration to an existing system takes place.
(1) When to Report Altered Systems of Records. Minor changes to systems of records need not be reported. For example, a change in the designation of the system manager due to a reorganization would not require a report, so long as an individual's ability to gain access to his or her records is not affected. Other examples include changing applicable safeguards as a result of a risk analysis or deleting a routine use when there is no longer a need for the disclosure. The following changes are those for which a report is required:
(a) A significant increase in the number of
individuals about whom records are maintained. For example, a
decision to expand a system that originally covered only
of public housing in major cities to cover such residents nationwide would require a report. Increases attributable to normal growth should not be reported.
(b) A change that expands the types or categories of information maintained. For example, a file covering physicians that has been expanded to include other types of healthcare providers, e.g., nurses, technicians, etc., would require a report.
(c) A change that alters the purpose for which
information is used.
(d) A change to equipment configuration (either
hardware or software) that creates substantially greater access
the records in the system of records. For example, locating interactive terminals at regional offices for accessing a system formerly accessible only at the headquarters would require a report.
(e) The addition of an exemption pursuant to Section (j) or (k) of the Act. Note that, in examining a rulemaking for a Privacy Act exemption as part of a report of a new or altered system of records, OMB will also review the rule under applicable regulatory review procedures and agencies need not make a separate submission for that purpose.
(f) The addition of a routine use pursuant to 5 U.S.C. 552a(b)(3).
(2) Reporting Changes to Multiple Systems of Records.
When an agency makes a change to an information technology
installation or a telecommunication network, or makes any other
general changes in information collection, processing,
dissemination, or storage that affect multiple systems of
it may submit a single, consolidated report, with changes to existing notices and supporting documentation included in the submission.
(3) Contents of the New or Altered System Report. The
report for a new or altered system has three elements: a
transmittal letter, a narrative statement, and supporting
documentation that includes a copy of the proposed FEDERAL
REGISTER notice. There is no prescribed format for either the
letter or the narrative statement. The notice must appear in the
format prescribed by the Office of the Federal Register's
(a) Transmittal Letter. The transmittal letter
should be signed by the senior agency official responsible for
implementation of the Act within the agency and should contain
name and telephone number of the individual who can best answer questions about the system of records. The letter should contain the agency's assurance that the proposed system does not duplicate
any existing agency or government-wide systems of records. The letter sent to OMB may also include requests for waiver of the time period for the review. The agency should indicate why it cannot meet the established review period and what will be the consequences of not obtaining the waiver, (see paragraph 4e below).
(b) Narrative Statement. The narrative statement should be brief. It should make reference, as appropriate, to information in the supporting documentation rather than restating such information. The statement should:
(c) Supporting Documentation. Attach the following to all new or altered system of records reports:
(4) OMB Concurrence. Agencies may assume that OMB
concurs in the Privacy Act aspects of their proposal if OMB has
not commented within 40 days from the date the transmittal letter
was signed. Agencies should ensure that letters are transmitted
expeditiously after they are signed. Agencies may publish system
of records and routine use notices as well as proposed exemption
rules in the FEDERAL REGISTER at the same time that they send the
new or altered system report to OMB and Congress. The period for
OMB and congressional review and the notice and comment period
routine uses and exemptions will then run concurrently. Note that
exemptions must be published as final rules before they are effective.
d. New or Altered Matching Program Report. The Act
agencies to publish notices in the FEDERAL REGISTER describing new
or altered matching programs, and to submit reports to OMB, and to
Congress. The report must be received at least 40 days prior to the initiation of any matching activity carried out under a new or
substantially altered matching program. For renewals of continuing programs, the report must be dated at least 40 days prior to the expiration of any existing matching agreement.
(1) When to Report Altered Matching Programs.
need not report minor changes to matching programs. The term "minor change to a matching program" means a change that does not significantly alter the terms of the agreement under which the program is being carried out. Examples of significant changes include:
(a) Changing the purpose for which the program
(b) Changing the matching population, either by including new categories of record subjects or by greatly increasing the numbers of records matched.
(c) Changing the legal authority covering the matching program.
(d) Changing the source or recipient agencies involved in the matching program.
(2) Contents of New or Altered Matching Program Report.
The report for a new or altered matching program has three
elements: a transmittal letter, a narrative statement, and
supporting documentation that includes a copy of the proposed
FEDERAL REGISTER notice. There is no prescribed format for
the letter or the narrative statement. The notice must appear in the format prescribed by the Office of the Federal Register's Document Drafting Handbook.
(a) Transmittal Letter. The transmittal letter should be signed by the senior agency official responsible for implementation of the Privacy Act within the agency and should contain the name and telephone number of the individual who can best answer questions about the matching program. The letter should state that a copy of the matching agreement has been distributed to Congress as the Act requires. The letter to OMB may also include a request for waiver of the review time period.
(b) Narrative Statement. The narrative statement should be brief. It should make reference, as appropriate, to information in the supporting documentation rather than restating such information. The statement should provide:
(c) Supporting Documentation. Attach the following:
(3) OMB Concurrence. Agencies may assume that OMB
concurs in the Privacy Act aspects of their proposal if OMB has
not commented within 40 days from the date the transmittal letter
was signed. Agencies should ensure that letters are transmitted
expeditiously after they are signed. Agencies may publish
program notices in the FEDERAL REGISTER at the same time that they
send the matching program report to OMB and Congress. The period for OMB and congressional review and the notice and comment period
will then run concurrently.
e. Expediting the Review Process. The Director, OMB, may
grant a waiver of the 40-day review period for either systems of
records or matching program reviews. The agency must ask for the
waiver in the transmittal letter and demonstrate compelling
reasons. When a waiver is granted, the agency is not thereby
relieved of any other requirement of the Act. If no waiver is
granted, agencies may presume concurrence at the expiration of
40 day review period. Note that OMB cannot waive time periods specifically established by the Act such as the 30 days notice and
comment period required for the adoption of a routine use proposal
pursuant to Section (b)(3) of the Act.
5. Publication Requirements. The Privacy Act requires agencies
to publish notices or rules in the FEDERAL REGISTER in the
following circumstances: when adopting a new or altered system
records, when adopting a routine use or exemption for a system of records, or when proposing to carry out a new or altered matching program. (See paragraph 4c(1) and 4d(1) above on what constitutes
a reportable alteration.)
(1) Who Publishes. The agency responsible for
operating the system of records makes the necessary publication.
Publication should be carried out at the departmental or agency
level. Where a system of records is to be operated exclusively
a component, the department rather than the component should publish the notice. Thus, for example, the Department of the Treasury would publish a system of records notice covering a system operated exclusively by the Internal Revenue Service. Note
that if the agency is proposing to exempt the system under Section
(j) or (k) of the Act, it must publish a rule in addition to the system of records notice.
(a) Government-wide Systems of Records. Certain agencies publish systems of records containing records for which they have government-wide responsibilities. The records may be located in other agencies, but they are being used under the authority of and in conformance with the rules mandated by the publishing agency. The Office of Personnel Management, for example, has published a number of government-wide systems of records relating to the operation of the government's personnel program. Agencies should not publish systems of records that wholly or partly duplicate existing government-wide systems of records.
(b) Section (m) Contract Provisions. When an agency provides by contract for the operation of a system of records, it should ensure that a system of records notice describing the system has been published. It should also review the notice to ensure that it contains a routine use under Section (e)(4)(D) of the Act permitting disclosure to the contractor and his or her personnel.
(2) When to Publish.
(a) System Notice. It must appear in the FEDERAL REGISTER before the agency begins to operate the system, e.g., collect and use the information.
(b) Routine Use. Must be published in the
REGISTER 30 days before agency discloses records pursuant to its terms. If the sole change to an existing system of records is to add a routine use, the agency should either republish the entire system of records notice, a condensed description of the system of
records, or a citation to the last full text FEDERAL REGISTER publication. (Note that the addition of a routine use to an existing system of records requires a report to OMB and Congress, and that the review period for this report is 40 days.)
(c) Exemption Rule. Must be established through
informal rulemaking pursuant to the Administrative Procedure Act.
This process generally requires publication of a proposed rule, a
period during which the public may comment, publication of a
rule, and the adoption of the final rule. Agencies may not withhold records under an exemption until these requirements have been met.
(3) Format. Agencies should follow the publication format contained in the Office of the Federal Register's Document Drafting Handbook obtainable from the Government Printing Office.
b. Publishing Matching Notices.
(1) Who Publishes. Generally, the Recipient Federal agency (or the Federal source agency in a match conducted by a nonfederal agency) is responsible for publishing in the FEDERAL REGISTER a notice describing the new or altered matching program. However, in large, multi-agency matching programs, where the recipient agency is merely performing the matches, and the benefit accrues to the source agencies, the partners should assign responsibility for compliance with the administrative requirements in a fair and reasonable way. This may mean having the matching agency carry out these requirements for all parties, having one participant designated to do so, or having each source so for its own matching program(s).
(2) Timing. Publication must occur at least 30 days prior to the initiation of any matching activity carried out under a new or substantially altered matching program. For renewals of programs agencies wish to continue past the 30 month period of initial eligibility (i.e., the initial 18 months plus a 1 year extension), publication must occur at least 30 days prior to the expiration of the existing matching agreement. (But note that a report to OMB and the Congress is also required with a 40 day review period).
(3) Format. The matching notice shall be in the format prescribed by the Office of the Federal Register's Document Drafting Handbook and contain the following information:
(a) The name of the Recipient Agency.
(b) The Name(s) of the Source Agencies.
(c) The beginning and ending dates of the match.
(d) A brief description of the matching program, including its purpose; the legal authorities authorizing its operation; categories of individuals involved; and identification of records used, including name(s) of Privacy Act Systems of records.
(e) The identification, address, and telephone number of a Recipient Agency official who will answer public inquiries about the program.
Appendix II to OMB Circular No. A-130 - Cost Accounting, Cost Recovery, and Interagency Sharing of Information Technology Facilities [This Appendix is unchanged by this revision. See 50 FR 52730 (December 24, 1985).]
Appendix III to OMB Circular No. A-130 - Security of Federal Automated Information Systems [This Appendix is unchanged by this revision. See 50 FR 52730 (December 24, 1985).]Appendix IV to OMB Circular No. A-130 - Analysis of Key Sections
The purpose of this Appendix is to provide a general context and explanation for the contents of the key Sections of the Circular.
The Paperwork Reduction Act (PRA) of 1980, Public Law 96-511, 94 Stat. 2812, codified at Chapter 35 of Title 44 of the United States Code, establishes a broad mandate for agencies to perform their information activities in an efficient, effective, and economical manner. Section 3504 of the Act provides authority to the Director, OMB, to develop and implement uniform and consistent information resources management policies; oversee the development and promote the use of information management principles, standards, and guidelines; evaluate agency information management practices in order to determine their adequacy and efficiency, and determine compliance of such practices with the policies, principles, standards, and guidelines promulgated by the Director.
The Circular implements OMB authority under the Act with respect to Section 3504(b), general information policy, Section 3504(e), records management, Section 3504(f), privacy, and Section 3504(g), Federal automatic data processing and telecommunications; the Privacy Act of 1974 (5 U.S.C. 552a); the Chief Financial Officers Act (31 U.S.C. 3512 et seq.); Sections 111 and 206 of the Federal Property and Administrative Services Act of 1949, as amended (40 U.S.C. 759 and 487, respectively); the Computer Security Act (40 U.S.C. 759 note); the Budget and Accounting Act of 1921 (31 U.S.C. 1 et seq.); and Executive Order No. 12046 of March 27, 1978, and Executive Order No. 12472 of April 3, 1984, Assignment of National Security and Emergency Telecommunications Functions. The Circular complements 5 CFR Part 1320, Controlling Paperwork Burden on the Public, which implements other Sections of the PRA dealing with controlling the reporting and recordkeeping burden placed on the public.
In addition, the Circular revises and consolidates policy and procedures in seven previous OMB directives and rescinds those directives, as follows:
A-3 - Government Publications
A-71 - Responsibilities for the Administration and Management
of Automatic Data Processing Activities Transmittal Memorandum No. 1 to Circular No. A-71 - Security of Federal Automated lnformation Systems
A-90 - Cooperating with State and Local Governments to
Coordinate and Improve Information Systems
A-108 - Responsibilities for the Maintenance of Records about
lndividuals by Federal Agencies
A-114 - Management of Federal Audiovisual Activities
A-121 - Cost Accounting, Cost Recovery, and Interagency
Sharing of Data Processing Facilities
Section 6, Definitions. Access and Dissemination. The original Circular No. A-130 distinguished between the terms "access to information" and "dissemination of information" in order to separate statutory requirements from policy considerations. The first term means giving members of the public, at their request, information to which they are entitled by a law such as the FOIA. The latter means actively distributing information to the public at the initiative of the agency. The distinction appeared useful at the time Circular No. A-130 was written, because it allowed OMB to focus discussion on Federal agencies' responsibilities for actively distributing information. However, popular usage and evolving technology have blurred differences between the terms "access" and "dissemination" and readers of the Circular were confused by the distinction. For example, if an agency "disseminates" information via an online computer system, one speaks of permitting users to "access" the information, and online "access" becomes a form of "dissemination."
Thus, the revision defines only the term "dissemination." Special considerations based on access statutes such as the Privacy Act and the FOIA are explained in context.
Government Information. The definition of "government information" includes information created, collected, processed, disseminated, or disposed of both by and for the Federal Government. This recognizes the increasingly distributed nature of information in electronic environments. Many agencies, in addition to collecting information for government use and for dissemination to the public, require members of the public to maintain information or to disclose it to the public. Sound information resources management dictates that agencies consider the costs and benefits of a full range of alternatives to meet government objectives. In some cases, there is no need for the government actually to collect the information itself, only to assure that it is made publicly available. For example, banks insured by the FDIC must provide statements of financial condition to bank customers on request. Particularly when information is available in electronic form, networks make the physical location of information increasingly irrelevant.
The inclusion of information created, collected, processed, disseminated, or disposed of for the Federal Government in the definition of "government information" does not imply that responsibility for implementing the provisions of the Circular itself extends beyond the executive agencies to other entities. Such an interpretation would be inconsistent with Section 4, Applicability, and with existing law. For example, the courts have held that requests to Federal agencies for release of information under the FOIA do not always extend to those performing information activities under grant or contract to a Federal agency. Similarly, grantees may copyright information where the government may not. Thus the information responsibilities of grantees and contractors are not identical to those of Federal agencies except to the extent that the agencies make them so in the underlying grants or contracts. Similarly, agency information resources management responsibilities do not extend to other entities.
Information Dissemination Product. This notice defines the term "information dissemination product" to include all information that is disseminated by Federal agencies. While the provision of access to online databases and search software included on compact disk, read-only memory (CD-ROM) are often called information services rather than products, there is no clear distinction and, moreover, no real difference for policy purposes between the two. Thus, the term "information dissemination product" applies to both products and services, and makes no distinction based on how the information is delivered.
Section 8a(1). Information Management Planning. Parallel to new Section 7, Basic Considerations and Assumptions, Section 8a begins with information resources management planning. Planning is the process of establishing a course of action to achieve desired results with available resources. Planners translate organizational missions into specific goals and, in turn, into measurable objectives.
The PRA introduced the concept of information resources management and the principle of information as an institutional resource which has both value and associated costs. Information resources management is a tool that managers use to achieve agency objectives. Information resources management is successful if it enables managers to achieve agency objectives efficiently and effectively.
Information resources management planning is an integral part of overall mission planning. Agencies need to plan from the outset for the steps in the information life cycle. When creating or collecting information, agencies must plan how they will process and transmit the information, how they will use it, how they will protect its integrity, what provisions they will make for access to it, whether and how they will disseminate it, how they will store and retrieve it, and finally, how the information will ultimately be disposed of. They must also plan for the effects their actions and programs will have on the public and State and local governments.
The Role of State and Local Governments. OMB made additions at Sections 7a, 7e, and 7j, Basic Considerations and Assumptions, concerning State and local governments, and also in policy statements at Sections 8a(1)(c), (3)(f), (6)(c), 9(e), and 10(c).
State and local governments, and tribal governments, cooperate as major partners with the Federal Government in the collection, processing, and dissemination of information. For example, State governments are the principal collectors and/or producers of information in the areas of health, welfare, education, labor markets, transportation, the environment, and criminal justice. The States supply the Federal Government with data on aid to families with dependent children; medicare; school enrollments, staffing, and financing; statistics on births, deaths, and infectious diseases; population related data that form the basis for national estimates; employment and labor market data; and data used for census geography. National information resources are greatly enhanced through these major cooperating efforts.
Federal agencies need to be sensitive to the role of State and local governments, and tribal governments, in managing information and in managing information technology. When planning, designing, and carrying out information collections, agencies should systematically consider what effect their activities will have on cities, counties, and States, and take steps to involve these governments as appropriate. Agencies should ensure that their information collections impose the minimum burden and do not duplicate or conflict with local efforts or other Federal agency requirements or mandates. The goal is that Federal agencies routinely integrate State and local government concerns into Federal information resources management practices. This goal is consistent with standards for State and local government review of Federal policies and programs.
Training. Training is particularly important in view of the changing nature of information resources management. Decentralization of information technology has placed the management of automated information and information technology directly in the hands of nearly all agency personnel rather than in the hands of a few employees at centralized facilities. Agencies must plan for incorporating policies and procedures regarding computer security, records management, protection of privacy, and other safeguards into the training of every employee and contractor.
Section 8a(2). Information Collection. The PRA requires that the creation or collection of information be carried out in an efficient, effective, and economical manner. When Federal agencies create or collect information -- just as when they perform any other program functions -- they consume scarce resources. Such activities must be continually evaluated for their relevance to agency missions.
Agencies must justify the creation or collection of information based on their statutory functions. Policy statement 8a(2) uses the justification standard -- "necessary for the proper performance of the functions of the agency" -- established by the PRA (44 U.S.C. 3504(c)(2)). Furthermore, the policy statement includes the requirement that the information have practical utility, as defined in the PRA (44 U.S.C. 3502(16)) and elaborated in 5 CFR Part 1320. Practical utility includes such qualities of information as accuracy, adequacy, and reliability. In the case of general purpose statistics or recordkeeping, practical utility means that actual uses can be demonstrated (5 CFR 1320.7(o)). It should be noted that OMB's intent in placing emphasis on reducing unjustified burden in collecting information, an emphasis consistent with the Act, is not to diminish the importance of collecting information whenever agencies have legitimate program reasons for doing so. Rather, the concern is that the burdens imposed should not exceed the benefits to be derived from the information. Moreover, if the same benefit can be obtained by alternative means that impose a lesser burden, that alternative should be adopted.
Section 8a(3). Electronic Information Collection. Section 7l articulates a basic assumption of the Circular that modern information technology can help the government provide better service to the public through improved management of government programs. One potentially useful application of information technology is in the government's collection of information. While some information collections may not be good candidates for electronic techniques, many are. Agencies with major electronic information collection programs have found that automated information collections allow them to meet program objectives more efficiently and effectively. Electronic data interchange (EDI) and related standards for the electronic exchange of information will ease transmission and processing of routine business transaction information such as invoices, purchase orders, price information, bills of lading, health insurance claims, and other common commercial documents. EDI holds similar promise for the routine filing of regulatory information such as tariffs, customs declarations, license applications, tax information, and environmental reports.
Benefits to the public and agencies from electronic information collection appear substantial. Electronic methods of collection reduce paperwork burden, reduce errors, facilitate validation, and provide increased convenience and more timely receipt of benefits.
The policy in Section 8a(3) encourages agencies to explore the use of automated techniques for collection of information, and sets forth conditions conducive to the use of those techniques.
Section 8a(4). Records Management. Section 8a(4) begins with the fundamental requirement for Federal records management, namely, that agencies create and keep adequate and proper documentation of their activities. Federal agencies cannot carry out their missions in a responsible and responsive manner without adequate recordkeeping. Section 7h articulates the basic considerations concerning records management. Policy statements concerning records management are also interwoven throughout Section 8a, particularly in subsections on planning (8a(1)(i)), information dissemination (8a(7)), and safeguards (8a(10)).
Records support the immediate needs of government -- administrative, legal, fiscal -- and ensure its continuity. Records are essential for protecting the rights and interests of the public, and for monitoring the work of public servants. The government needs records to ensure accountability to the public which includes making the information available to the public.
Each stage of the information life cycle carries with it records management responsibilities. Agencies need to record their plans, carefully document the content and procedures of information collection, ensure proper documentation as a feature of every information system, keep records of dissemination programs, and, finally, ensure that records of permanent value are preserved.
Preserving records for future generations is the archival mission. Advances in technology affect the amount of information that can be created and saved, and the ways this information can be made available. Technological advances can ease the task of records management; however, the rapid pace of change in modern technology makes decisions about the appropriate application of technology critical to records management. Increasingly the records manager must be concerned with preserving valuable electronic records in the context of a constantly changing technological environment.
Records schedules are essential for the appropriate maintenance and disposition of records. Records schedules must be prepared in a timely fashion, implement the General Records Schedules issued by the National Archives and Records Administration, be approved by the Archivist of the United States, and be kept accurate and current. (See 44 U.S.C. 3301 et seq.) The National Archives and Records Administration and the General Services Administration provide guidance and assistance to agencies in implementing records management responsibilities. They also evaluate agencies' records management programs to determine the extent to which they are appropriately implementing their records management responsibilities.
Sections 8a(5) and 8a(6). Information Dissemination Policy. Section 8a(5). Providing information to the public. Every agency has a responsibility to inform the public within the context of its mission. This responsibility requires that agencies distribute information at the agency's initiative, rather than merely responding when the public requests information.
The FOIA requires each agency to publish in the FEDERAL REGISTER current descriptions of agency organization, where and how the public may obtain information, the general methods and procedural requirements by which agency functions are determined, rules of procedure, descriptions of forms and how to obtain them, substantive regulations, statements of general policy, and revisions to all the foregoing (5 U.S.C. 552(a)(1)). The Privacy Act also requires publication of information concerning "systems of records" which are records retrieved by individual identifier such as name, Social Security Number, or fingerprint. The government in the Sunshine Act requires agencies to publish meeting announcements (5 U.S.C. 552b (e)(1)). The PRA (44 U.S.C. 3507(a)(2)) and its implementing regulations (5 CFR Part 1320) require agencies to publish notices when they submit information collection requests for OMB approval. The public's right of access to government information under these statutes is balanced against other concerns, such as an individual's right to privacy and protection of the government's deliberative process.
As agencies satisfy these requirements, they provide the public basic information about government activities. Other statutes direct specific agencies to issue specific information dissemination products or to conduct information dissemination programs. Beyond generic and specific statutory requirements, agencies have responsibilities to disseminate information as a necessary part of performing their functions. For some agencies the responsibility is made explicit and sweeping; for example, the Agriculture Department is directed to "...diffuse among people of the United States, useful information on subjects connected with agriculture...." (7 U.S.C. 2201) For other agencies, the responsibility may be much more narrowly drawn.
Information dissemination is also a consequence of other agency activities. Agency programs normally include an organized effort to inform the public about the program. Most agencies carry out programs that create or collect information with the explicit or implicit intent that the information will be made public. Disseminating information is in many cases the logical extension of information creation or collection.
In other cases, agencies may have information that is not meant for public dissemination but which may be the subject of requests from the public. When the agency establishes that there is public demand for the information and that it is in the public interest to disseminate the information, the agency may decide to disseminate it automatically.
The policy in Section 8a(5)(d) sets forth several factors for agencies to take into account in conducting their information dissemination programs. First, agencies must balance two goals: maximizing the usefulness of the information to the government and the public, and minimizing the cost to both. Deriving from the basic purposes of the PRA (44 U.S.C. 3501), the two goals are frequently in tension because increasing usefulness usually costs more. Second, Section 8a(5)(d)(ii) requires agencies to conduct information dissemination programs equitably and in a timely manner. The word "equal" was removed from this Section since there may be instances where, for example, an agency determines that its mission includes disseminating information to certain specific groups or members of the public, and the agency determines that user charges will constitute a significant barrier to carrying out this responsibility.
Section 8a(5)(d)(iii), requiring agencies to take advantage of all dissemination channels, recognizes that information reaches the public in many ways. Few persons may read a FEDERAL REGISTER notice describing an agency action, but those few may be major secondary disseminators of the information. They may be affiliated with publishers of newspapers, newsletters, periodicals, or books; affiliated with online database providers; or specialists in certain information fields. While millions of information users in the public may be affected by the agency's action, only a handful may have direct contact with the agency's own information dissemination products. As a deliberate strategy, therefore, agencies should cooperate with the information's original creators, as well as with secondary disseminators, in order to further information dissemination goals and foster a diversity of information sources. An adjunct responsibility to this strategy is reflected in Section 8a(5)(d)(iv), which directs agencies to assist the public in finding government information. Agencies may accomplish this, for example, by specifying and disseminating "locator" information, including information about content, format, uses and limitations, location, and means of access.
Section 8a(6). Information Dissemination Management System. This Section requires agencies to maintain an information dissemination management system which can ensure the routine performance of certain functions, including the essential functions previously required by Circular No. A-3. Smaller agencies need not establish elaborate formal systems, so long as the heads of the agencies can ensure that the functions are being performed.
Subsection (6)(a) carries over a requirement from OMB Circular No. A-3 that agencies' information dissemination products are to be, in the words of 44 U.S.C. 1108, "necessary in the transaction of the public business required by law of the agency." (Circular No. A-130 uses the expression "necessary for the proper performance of agency functions," which OMB considers to be equivalent to the expression in 44 U.S.C. 1108.) The point is that agencies should determine systematically the need for each information dissemination product.
Section 8a(6)(b) recognizes that to carry out effective information dissemination programs, agencies need knowledge of the marketplace in which their information dissemination products are placed. They need to know what other information dissemination products users have available in order to design the best agency product. As agencies are constrained by finite budgets, when there are several alternatives from which to choose, they should not expend public resources filling needs which have already been met by others in the public or private sector. Agencies have a responsibility not to undermine the existing diversity of information sources.
At the same time, an agency's responsibility to inform the public may be independent of the availability or potential availability of a similar information dissemination product. That is, even when another governmental or private entity has offered an information dissemination product identical or similar to what the agency would produce, the agency may conclude that it nonetheless has a responsibility to disseminate its own product. Agencies should minimize such instances of duplication but could reach such a conclusion because legal considerations require an official government information dissemination product.
Section 8a(6)(c) makes the Circular consistent with current practice (See OMB Bulletins 88-15, 89-15, 90-09, and 91-16), by requiring agencies to establish and maintain inventories of information dissemination products. (These bulletins eliminated annual reporting to OMB of title-by-title listings of publications and the requirement for agencies to obtain OMB approval for each new periodical. Publications are now reviewed as necessary during the normal budget review process.) Inventories help other agencies and the public identify information which is available. This serves both to increase the efficiency of the dissemination function and to avoid unnecessary burdens of duplicative information collections. A corollary, enunciated in Section 8a(6)(d), is that agencies can better serve public information needs by developing finding aids for locating information produced by the agencies. Finally, Section 8a(6)(f) recognizes that there will be situations where agencies may have to take appropriate steps to ensure that members of the public with disabilities whom the agency has a responsibility to inform have a reasonable ability to access the information dissemination products.
Depository Library Program. Sections 8a(6)(g) and (h) pertain to the Federal Depository Library Program. Agencies are to establish procedures to ensure compliance with 44 U.S.C. 1902, which requires that government publications (defined in 44 U.S.C. 1901 and repeated in Section 6 of the Circular) be made available to depository libraries through the Government Printing Office (GPO).
Depository libraries are major partners with the Federal Government in the dissemination of information and contribute significantly to the diversity of information sources available to the public. They provide a mechanism for wide distribution of government information that guarantees basic availability to the public. Executive branch agencies support the depository library program both as a matter of law and on its merits as a means of informing the public about the government. On the other hand, the law places the administration of depository libraries with GPO. Agency responsibility for the depository libraries is limited to supplying government publications through GPO.
Agencies can improve their performance in providing government publications as well as electronic information dissemination products to the depository library program. For example, the proliferation of "desktop publishing" technology in recent years has afforded the opportunity for many agencies to produce their own printed documents. Many such documents may properly belong in the depository libraries but are not sent because they are not printed at GPO. The policy requires agencies to establish management controls to ensure that the appropriate documents reach the GPO for inclusion in the depository library program.
At present, few agencies provide electronic information dissemination products to the depository libraries. At the same time, a small but growing number of information dissemination products are disseminated only in electronic format.
OMB believes that, as a matter of policy, electronic information dissemination products generally should be provided to the depository libraries. Given that production and supply of information dissemination products to the depository libraries is primarily the responsibility of GPO, agencies should provide appropriate electronic information dissemination products to GPO for inclusion in the depository library program.
While cost may be a consideration, agencies should not conclude without investigation that it would be prohibitively expensive to place their electronic information dissemination products in the depository libraries. For electronic information dissemination products other than online services, agencies may have the option of having GPO produce the information dissemination product for them, in which case GPO would pay for depository library costs. Agencies should consider this option if it would be a cost effective alternative to the agency making its own arrangements for production of the information dissemination product. Using GPO's services in this manner is voluntary and at the agency's discretion. Agencies could also consider negotiating other terms, such as inviting GPO to participate in agency procurement orders in order to distribute the necessary copies for the depository libraries. With adequate advance planning, agencies should be able to provide electronic information dissemination products to the depository libraries at nominal cost.
In a particular case, substantial cost may be a legitimate reason for not providing an electronic information dissemination product to the depository library program. For example, for an agency with a substantial number of existing titles of electronic information dissemination products, furnishing copies of each to the depository libraries could be prohibitively expensive. In that situation, the agency should endeavor to make available those titles with the greatest general interest, value, and utility to the public. Substantial cost could also be an impediment in the case of some online information services where the costs associated with operating centralized databases would make provision of unlimited direct access to numerous users prohibitively expensive. In both cases, agencies should consult with the GPO, in order to identify those information dissemination products with the greatest public interest and utility for dissemination. In all cases, however, where an agency discontinues publication of an information dissemination product in paper format in favor of electronic formats, the agency should work with the GPO to ensure availability of the information dissemination product to depository libraries.
Notice to the Public. Sections 8a(6)(i) and (j) present new practices for agencies to observe in communicating with the public about information dissemination. Among agencies' responsibilities for dissemination is an active knowledge of, and regular consultation with, the users of their information dissemination products. A primary reason for communication with users is to gain their contribution to improving the quality and relevance of government information -- how it is created, collected, and disseminated. Consultations with users might include participation at conferences and workshops, careful attention to correspondence and telephone communications (e.g., logging and analyzing inquiries), or formalized user surveys.
A key part of communicating with the public is providing adequate notice of agency information dissemination plans. Because agencies' information dissemination actions affect other agencies as well as the public, agencies must forewarn other agencies of significant actions. The decision to initiate, terminate, or substantially modify the content, form, frequency, or availability of significant products should also trigger appropriate advance public notice. Where appropriate, the Government Printing Office should be notified directly. Information dissemination products deemed not to be significant require no advance notice.
Examples of significant products (or changes to them) might be those that:
(a) are required by law; e.g., a statutorily mandated report to Congress; (b) involve expenditure of substantial funds; (c) by reason of the nature of the information, are matters of continuing public interest; e.g., a key economic indicator; (d) by reason of the time value of the information, command public interest; e.g., monthly crop reports on the day of their release; (e) will be disseminated in a new format or medium; e.g., disseminating a printed product in electronic medium, or disseminating a machine-readable data file via on-line access. Where members of the public might consider a proposed new
agency product unnecessary or duplicative, the agency should solicit and evaluate public comments. Where users of an agency information dissemination product may be seriously affected by the introduction of a change in medium or format, the agency should notify users and consider their views before instituting the change. Where members of the public consider an existing agency product important and necessary, the agency should consider these views before deciding to terminate the product. In all cases, however, determination of what is a significant information dissemination product and what constitutes adequate notice are matters of agency judgment.
Achieving Compliance with the Circular's Requirements. Section 8a(6)(k) requires that the agency information dissemination management system ensure that, to the extent existing information dissemination policies or practices are inconsistent with the requirements of this Circular, an orderly transition to compliance with the requirements of this Circular is made. For example, some agency information dissemination products may be priced at a level which exceeds the cost of dissemination, or the agency may be engaged in practices which are otherwise unduly restrictive. In these instances, agencies must plan for an orderly transition to the substantive policy requirements of the Circular. The information dissemination management system must be capable of identifying these situations and planning for a reasonably prompt transition. Instances of existing agency practices which cannot immediately be brought into conformance with the requirements of the Circular are to be addressed through the waiver procedures of Section 10(b).
Section 8a(7). Avoiding Improperly Restrictive Practices. Federal agencies are often the sole suppliers of the information they hold. The agencies have either created or collected the information using public funds, usually in furtherance of unique governmental functions, and no one else has it. Hence agencies need to take care that their behavior does not inappropriately constrain public access to government information.
When agencies use private contractors to accomplish dissemination, they must take care that they do not permit contractors to impose restrictions that undercut the agencies' discharge of their information dissemination responsibilities. The contractual terms should assure that, with respect to dissemination, the contractor behaves as though the contractor were the agency. For example, an agency practice of selling, through a contractor, on-line access to a database but refusing to sell copies of the database itself may be improperly restrictive because it precludes the possibility of another firm making the same service available to the public at a lower price. If an agency is willing to provide public access to a database, the agency should be willing to sell copies of the database itself.
By the same reasoning, agencies should behave in an evenhanded manner in handling information dissemination products. If an agency is willing to sell a database or database services to some members of the public, the agency should sell the same products under similar terms to other members of the public, unless prohibited by statute. When an agency decides it has public policy reasons for offering different terms of sale to different groups in the public, the agency should provide a clear statement of the policy and its basis.
Agencies should not attempt to exert control over the secondary uses of their information dissemination products. In particular, agencies should not establish exclusive, restricted, or other distribution arrangements which interfere with timely and equitable availability of information dissemination products, and should not charge fees or royalties for the resale or redissemination of government information. These principles follow from the fact that the law prohibits the Federal Government from exercising copyright.
Agencies should inform the public as to the limitations inherent in the information dissemination product (e.g., possibility of errors, degree of reliability, and validity) so that users are fully aware of the quality and integrity of the information. If circumstances warrant, an agency may wish to establish a procedure by which disseminators of the agency's information may at their option have the data and/or value-added processing checked for accuracy and certified by the agency. Using this method, redisseminators of the data would be able to respond to the demand for integrity from purchasers and users. This approach could be enhanced by the agency using its authority to trademark its information disseminaton product, and requiring that redisseminators who wish to use the trademark agree to appropriate integrity procedures. These methods have the possibility of promoting diversity, user responsiveness, and efficiency as well as integrity. However, an agency's responsibility to protect against misuse of a government information dissemination product does not extend to restricting or regulating how the public actually uses the information. Agencies should not attempt to condition the resale or redissemination of its information dissemination products by members of the public.
User charges. Title 5 of the Independent Offices Appropriations Act of 1952 (31 U.S.C. 9701) establishes Federal policy regarding fees assessed for government services, and for sale or use of government property or resources. OMB Circular No. A-25, User Charges, implements the statute. It provides for charges for government goods and services that convey special benefits to recipients beyond those accruing to the general public. It also establishes that user charges should be set at a level sufficient to recover the full cost of providing the service, resource, or property. Since Circular No. A-25 is silent as to the extent of its application to government information dissemination products, full cost recovery for information dissemination products might be interpreted to include the cost of collecting and processing information rather than just the cost of dissemination. The policy in Section 8a(8)(c) clarifies the policy of Circular No. A-25 as it applies to information dissemination products.
Statutes such as FOIA and the Government in the Sunshine Act establish a broad and general obligation on the part of Federal agencies to make government information available to the public and to avoid erecting barriers that impede public access. User charges higher than the cost of dissemination may be a barrier to public access. The economic benefit to society is maximized when government information is publicly disseminated at the cost of dissemination. Absent statutory requirements to the contrary, the general standard for user charges for government information dissemination products should be to recover no more than the cost of dissemination. It should be noted in this connection that the government has already incurred the costs of creating and processing the information for governmental purposes in order to carry out its mission.
Underpinning this standard is the FOIA fee structure which establishes limits on what agencies can charge for access to Federal records. That Act permits agencies to charge only the direct reasonable cost of search, reproduction and, in certain cases, review of requested records. In the case of FOIA requests for information dissemination products, charges would be limited to reasonable direct reproduction costs alone. No search would be needed to find the product, thus no search fees would be charged. Neither would the record need to be reviewed to determine if it could be withheld under one of the Act's exemptions since the agency has already decided to release it. Thus, FOIA provides an information "safety net" for the public.
While OMB does not intend to prescribe procedures for pricing government information dissemination products, the cost of dissemination may generally be thought of as the sum of all costs specifically associated with preparing a product for dissemination and actually disseminating it to the public. Whan an agency prepares an information product for its own internal use, costs associated with such production would not generally be recoverable as user charges on subsequent dissemination. When the agency prepares the product for public dissemination, and disseminates it, costs associated with preparation and actual dissemination would be recoverable as user charges.
When agencies provide custom tailored information services to specific individuals or groups, full cost recovery, including the cost of collection and processing, is appropriate. For example, if an agency prepares special tabulations or similar services from its databases in answer to a specific request from the public, all costs associated with fulfilling the request would be charged, and the requester should be so informed before work is begun.
In a few cases, agencies engaging in information collection activities augment the information collection at the request of, and with funds provided by, private sector groups. Since the 1920s, the Bureau of the Census has carried out, on request, surveys of certain industries at greater frequency or at a greater level of detail than Federal funding would permit, because gathering the additional information is consistent with Federal purposes and industry groups have paid the additional information collection and processing costs. While the results of these surveys are disseminated to the public at the cost of dissemination, the existence and availability of the additional government data are special benefits to certain recipients beyond those accruing to the public. It is appropriate that those recipients should bear the full costs of information collection and processing, in addition to the normal costs of dissemination.
Agencies must balance the requirement to establish user charges and the level of fees charged against other policies, specifically, the proper performance of agency functions and the need to ensure that information dissemination products reach the public for whom they are intended. If an agency mission includes disseminating information to certain specific groups or members of the public and the agency determines that user charges will constitute a significant barrier to carrying out this responsibility, the agency may have grounds for reducing or eliminating its user charges for the information dissemination product, or for exempting some recipients from the charge. Such reductions or eliminations should be the subject of agency determinations on a case by case basis and justified in terms of agency policies.
Section 8a(8). Electronic Information Dissemination. Advances in information technology have changed government information dissemination. Agencies now have available new media and formats for dissemination, including CD-ROM, electronic bulletin boards, and public networks. The growing public acceptance of electronic data interchange (EDI) and similar standards enhances their attractiveness as methods for government information dissemination. For example, experiments with the use of electronic bulletin boards to advertise Federal contracting opportunities and to receive vendor quotes have achieved wider dissemination of information about business opportunities with the Federal Government than has been the case with traditional notices and advertisements. Improved information dissemination has increased the number of firms expressing interest in participating in the government market and decreased prices to the government due to expanded competition. In addition, the development of public electronic information networks, such as the Internet, provides an additional way for agencies to increase the diversity of information sources available to the public. Emerging standards such as Wide Area Information Servers (using the NISO Z39.50 standard) will be used increasingly to facilitate dissemination of government information such as environmental data, international trade information, and economic statistics in a networked environment.
A basic purpose of the PRA is "to maximize the usefulness of information collected, maintained, and disseminated by the Federal Government." (44 U.S.C. 3501(3)) Agencies can frequently enhance the value and practical utility of government information as a national resource by disseminating information in electronic media. Electronic collection and dissemination may substantially increase the usefulness of government information dissemination products for three reasons. First, information disseminated electronically is likely to be more timely and accurate because it does not require data re-entry. Second, electronic records often contain more complete and current information because, unlike paper, it is relatively easy to make frequent changes. Finally, because electronic information is more easily manipulated by the user and can be tailored to a wide variety of needs, electronic information dissemination products are more useful to the recipients.
As stated at Section 8a(1)(h), agencies should use voluntary standards and Federal Information Processing Standards to the extent appropriate in order to ensure the most cost effective and widespread dissemination of information in electronic formats.
Agencies can frequently make government information more accessible to the public and enhance the utility of government information as a national resource by disseminating information in electronic media. Agencies generally do not utilize data in raw form, but edit, refine, and organize the data in order to make it more accessible and useful for their own purposes. Information is made more accessible to users by aggregating data into logical groupings, tagging data with descriptive and other identifiers, and developing indexing and retrieval systems to facilitate access to particular data within a larger file. As a general matter, and subject to budgetary, security or legal constraints, agencies should make available such features developed for internal agency use as part of their information dissemination products.
There will also be situations where the agency determines that its mission will be furthered by providing enhancements beyond those needed for its own use, particularly those that will improve the public availability of government information over the long term. In these instances, the agency should evaluate the expected usefulness of the enhanced information in light of its mission, and where appropriate construct partnerships with the private sector to add these elements of value. This approach may be particularly appropriate as part of a strategy to utilize new technology enhancements, such as graphic images, as part of a particular dissemination program.
Section 8a(9). Information Safeguards. The basic premise of this Section is that agencies should provide an appropriate level of protection to government information, given an assessment of the risks associated with its maintenance and use. Among the factors to be considered include meeting the specific requirements of the Privacy Act of 1974 and the Computer Security Act of 1987.
In particular, agencies are to ensure that they meet the requirements of the Privacy Act regarding information retrievable by individual identifier. Such information is to be collected, maintained, and protected so as to preclude intrusion into the privacy of individuals and the unwarranted disclosure of personal information. Individuals must be accorded access and amendment rights to records, as provided in the Privacy Act. To the extent that agencies share information which they have a continuing obligation to protect, agencies should see that appropriate safeguards are instituted. Appendix I prescribes agency procedures for the maintenance of records about individuals, reporting requirements to OMB and Congress, and other special requirements of specific agencies, in accordance with the Privacy Act.
This Section also incorporates the requirement of the Computer Security Act of 1987 that agencies plan to secure their systems commensurate with the risk and magnitude of loss or harm that could result from the loss, misuse, or unauthorized access to information contained in those systems. It includes assuring the integrity, availability, and appropriate confidentiality of information. It also involves protection against the harm that could occur to individuals or entities outside of the Federal Government as well as the harm to the Federal Government. Such protection includes limits on collection and sharing of information and procedures to assure the integrity of information as well as requirements to adequately secure the information.
Incorporation of Circular No. A-114. OMB Circular No. A-114, Management of Federal Audiovisual Activities, last revised on March 20, 1985, prescribes policies and procedures to improve Federal audiovisual management. Although OMB will rescind Circular No. A-114, its essential policies and procedures will continue. This revision provides information resources management policies and principles independent of medium, including paper, electronic, or audiovisual. By including the term "audiovisual" in the definition of "information," audiovisual materials are incorporated into all policies of this Circular.
The requirement in Circular No. A-114 that the head of each agency designate an office with responsibility for the management oversight of an agency's audiovisual productions and that an appropriate program for the management of audiovisual productions in conformance with 36 CFR 1232.4 is incorporated into this Circular at Section 9a(10). The requirement that audiovisual activities be obtained consistent with OMB Circular No. A-76 is covered by Sections 8a(1)(d), 8a(5)(d)(i) and 8a(6)(b).
Procurement policies contained in Circular No. A-114 will be incorporated into an Office of Federal Procurement Policy Letter. The National Archives and Records Administration will continue to prescribe the records management and archiving practices of agencies with respect to audiovisual productions at 36 CFR 1232.4, "Audiovisual Records Management."
Section 9a(11). Ombudsman. The senior agency official designated by the head of each agency under 44 U.S.C. 3506(b) is charged with carrying out the responsibilities of the agency under the PRA. Agency senior information resources management officials are responsible for ensuring that their agency practices are in compliance with OMB policies. It is envisioned that the agency senior information resources management official will work as an ombudsman to investigate alleged instances of agency failure to adhere to the policies set forth in the Circular and to recommend or take corrective action as appropriate. Agency heads should continue to use existing mechanisms to ensure compliance with laws and policies.
[The remainder of Appendix IV, which covers sections not changed in this revision, is also unchanged. See 50 FR 52730 (December 24, 1985).]