Archive
_________________________________________________________________________________
Document Name: OMB Circular A-130, Mgt. of Federal Recources
Date: 06/28/93
Owner: OMB
_________________________________________________________________________________
Mgt. of Federal Recources, New OMB Circular A-130--6.28.93
OFFICE OF MANAGEMENT AND BUDGET
Management of Federal Information Resources
AGENCY: Office of Management and Budget, Executive Office of the
President.
ACTION: Revision of OMB Circular No. A-130.
SUMMARY: The Office of Management and Budget (OMB) is revising
Circular No. A-130, Management of Federal Information Resources.
This notice revises those portions of the circular concerning
information management policy, including policies relating to
information dissemination, records management, and cooperation
with State and local governments. This Circular supersedes OMB
Circular Nos. A-3 and A-114.
DATE: This Circular is effective June 25, 1993.
ELECTRONIC AVAILABILITY: This document is available on the
Internet via anonymous File Transfer Protocol
(FTP) from 1Anis.nsf.net1A as
1A/omb/omb.a130.rev21A (do not use any capital letters in the
file name). For those who do not have FTP capability, the
document can also be retrieved via mail query by sending an
electronic mail message to nis-info@nis.nsf.net with no subject,
and with send omb.a130.rev2 as the first line of the body of the
message. For assistance using FTP, mail query, or electronic
mail, please contact your system administrator.
FOR FURTHER INFORMATION CONTACT: Peter N. Weiss, Information
Policy Branch, Office of Information and Regulatory Affairs,
Office of Management and Budget, Room 3235 New Executive Office
Building, Washington, D.C. 20503. Telephone: (202) 395-4814.
SUPPLEMENTARY INFORMATION:
Background
The Paperwork Reduction Act (PRA) (44 U.S.C. Chapter 35) assigns
the Director of OMB responsibility for maintaining a
comprehensive set of information resources management (IRM)
policies and for promoting the application of information
technology to improve the use and dissemination of information by
Federal agencies.
To fulfill these responsibilities, OMB issued Circular No. A-130,
Management of Federal Information Resources (50 FR 52730;
December 24, 1985), which provided a policy framework for the
management of Federal information resources. Since the Circular
was issued in 1985, Federal agencies have introduced major new
information programs involving the electronic collection and
dissemination of information. Congress has also enacted several
laws bearing on the Circular, especially amendments to the PRA
(Public Law 99-500), the Computer Security Act of 1987 (Public
Law 100-235), the Computer Matching and Privacy Protection Act of
1988 (Public Law 100-503), and the Computer Matching and Privacy
Protection Amendments of 1990 (Public Law 101- 508). Since
publication of the Circular, OMB has addressed the need for
additional guidance in several notices:
(1) Notice of Policy Guidance on Electronic Collection of
Information (52 FR 29454; August 7, 1987);
(2) Advance Notice of Further Policy Development on Dissemination
of Information (54 FR 214; January 4, 1989);
(3) Second Advance Notice of Further Policy Development on
Dissemination of Information (54 FR 25554; June 15, 1989);
(4) Advance Notice of Plans for Revision of OMB Circular No.
A-130 (56 FR 9026; March 4, 1991);
(5) Proposed Revision of OMB Circular No. A-130 (57 FR 18296;
April 29, 1992).
Also, consistent with the October 1, 1991, Notice of Rescission
of OMB Circulars (56 FR 49824), OMB is incorporating into
Circular No. A-130 certain provisions of existing Circular No.
A-3, Government Publications, and of Circular No. A-114,
Management of Federal Audiovisual Activities. As of the effective
date of these revisions, Circular Nos. A-3 and A-114 are
rescinded.
The purpose of the revision is to bring into proper perspective
the following key areas that were not sufficiently emphasized in
the original circular:
(1) IRM planning, with special focus on the information life
cycle.
(2) The role of State and local governments in the management of
information resources, and the need for Federal agencies to
consider the effects of their information activities on those
governments.
(3) Records management, with a special focus on the need to
properly manage electronic records.
(4) Electronic collection and dissemination of information,
identifying those conditions where agencies should consider using
electronic techniques in order to reduce costs or provide better
services.
(5) Information dissemination policy, stating the basic
responsibility of all agencies to disseminate information
consistent with their missions, and laying out the structure and
substance of agency dissemination management programs.
Structure of this Revision
This revision affects primarily Section 6 of the Circular,
Definitions; Section 7, Basic Considerations and Assumptions;
Section 8a, Information Management Policy, and Appendix IV,
Analysis of Key Sections. Minor changes are made in other
sections. The structural outline of the Circular, together with
notations as to which parts are changed, is presented below.
Outline of OMB Circular No. A-130 [as Revised]:
1. Purpose: [Unchanged]
2. Rescissions: [Rescinds Circular No. A-3, Government
Publications, and Circular No. A-114, Management of Federal
Audiovisual Activities.]
3. Authorities: [Cites additional statutory authorities for the
Circular.]
4. Applicability and Scope: [Unchanged]
5. Background: [Unchanged]
6. Definitions: [Changed]
7. Basic Considerations and Assumptions: [Changed]
8. Policies:
a. Information Management Policy: [Changed]
b. Information Systems and Information Technology Management:
[Unchanged]
9. Assignment of Responsibilities: [Changed]
10. Oversight: [Changed]
11. Effective Date: [Changed]
12. Inquiries: [Unchanged]
13. Sunset Review Date: [Changed]
Appendix I: Federal Agency Responsibilities for Maintaining
Records about Individuals [Changed]
Appendix II: Cost Accounting, Cost Recovery, and Interagency
Sharing of Information Technology Facilities [Unchanged]
Appendix III: Security of Federal Automated Information Systems
[Unchanged]
Appendix IV: Analysis of Key Sections [Changes reflecting
revisions to policy.]
The revised portions are printed in their entirety.
Summary of Revisions
Section 3. Authorities. This notice adds a reference to the
Computer Security Act of 1987 and the Chief Financial Officers
Act of 1990.
Section 6. Definitions. OMB defines the terms ``record'' and
``records management'' as set forth at 44 U.S.C. 3301 and 44
U.S.C. 2901(2) respectively because the newly proposed policy
explicitly covers records management, and defines the terms
``information life cycle'' and ``information dissemination
product'' because policy statements regarding records management
and information dissemination use the terms. The term
``audiovisual production'' is defined in order to incorporate
policy presently contained in Circular No. A-114. The revision
modifies the definition of the term ``information'' for clarity.
The term ``government information'' is expanded to include
information created, collected, processed, disseminated, or
disposed of by ``or for'' the Federal Government. The term
``access to information'' is deleted because its use has caused
confusion.
Section 7. Basic Considerations and Assumptions. Aside from minor
stylistic changes and renumbering, the revisions are as follows:
Subsection 7d revises a statement, taken from the public notice
of June 15, 1989, to recognize that the benefits to be derived
from government information may not always be quantifiable.
Subsection 7e in the current Circular is deleted; the intended
meaning is adequately stated in OMB Circular No. A-76.
Subsection 7i is a new statement emphasizing the need for
strategic planning in the management of information resources.
Subsection 7j is a new statement stressing the need for Federal
Government cooperation with State and local governments in the
management of information resources.
Subsection 7l is a revision of the present 7f adding a statement
about the potential benefits of electronic dissemination of
information.
Section 8a. Information Management Policy. The section begins
with a set of policy statements concerning IRM planning with
special emphasis on the information life cycle. Both in the
planning statements and elsewhere, are new policy statements
concerning the role of State and local governments and concerning
records management. Also included are new policy statements
regarding electronic collection and dissemination of information.
The information dissemination policy statements are the most
extensively revised, incorporating the concepts set forth in the
June 15, 1989, notice (54 FR 25554).
Section 8a(1). Information Management Planning. This policy is
new. However, Section 8a(1)(d), pertaining to acquiring
information through sharing from existing sources, is
incorporated from the existing Circular at 8a(2).
Section 8a(2) and (3). Information Collection. Section 8a(2)
states the applicable information collection principles derived
primarily from PRA. Section 8a(3) sets forth a new policy
concerning situations under which electronic information
collection is appropriate. These statements revise those proposed
in the August 7, 1987, notice (52 FR 29454).
Section 8a(4). Records Management. Section 8a(4) sets forth basic
policy regarding records management.
Sections 8a(5) and 8a(6). Information Dissemination Policy. The
notice of June 15, 1989, set forth certain conclusions about the
proper role for executive branch agencies in government
information dissemination and the boundaries between Federal and
nonfederal roles. OMB has used these conclusions as a starting
point for revising information dissemination policy.
Section 8a(5) states the basic responsibility of all agencies to
provide information to the public consistent with their missions.
It also sets forth guidance on how agencies should go about
disseminating information.
Section 8a(6) is a new policy that agencies maintain an
information dissemination management system to ensure the routine
performance of certain dissemination functions. The system and
its functions are new provisions; however, they set in place some
requirements originally contained in OMB Bulletins 88-14, 89-15,
90-09, and 91-16. Finally, this section incorporates certain
requirements from Circular No. A-3, Government Publications,
which is rescinded.
Section 8a(7). Avoiding Improperly Restrictive Practices. Section
8a(7) states a new policy concerning agency control over
information that it intends to disseminate. This section also
states policy regarding user charges for information
dissemination products.
Section 8a(8). Electronic Information Dissemination. New section
8a(8) sets forth policy about when agencies should consider
disseminating information in electronic format. This section
parallels section 8a(3) concerning electronic information
collection.
Section 8a(9). Information Safeguards. Section 8a(9) incorporates
policy statements found in the existing Circular at 8a(3) through
(6).
Section 9. Assignment of Responsibilities. New section 9(a)(10)
carries over the requirement in Circular No. A-114 that the head
of each agency designate an office with responsibility for
management oversight of agency audiovisual productions,
facilities and activities. Section 9(a)(11) adds a requirement
that the agency designated IRM official monitor agency compliance
with the policies contained in the Circular and act as an
ombudsman to consider alleged instances of agency failure to
comply.
Appendix I: Federal Agency Responsibilities for Maintaining
Records About Individuals. Changes to agency responsibilities
resulting from recent enactments of privacy legislation have
previously been issued in OMB guidance, and are incorporated into
Appendix I.
Appendix IV: Analysis of Key Sections. This appendix is
completely revised and provides a general context and explanation
of the contents of the key sections of the Circular. It explains
the changes made to the original Circular by this notice, and
reflects OMB's consideration and resolution of the comments
received in response to the revisions proposed on April 29, 1992
(57 FR 18296).
Plans for Development of Other Topics
The second phase of revisions to Circular No. A-130, which is
being published separately, will address the following areas:
Section 8b. Information Systems and Information Technology
Management. The revisions to Section 8b of the circular will
focus on strategic IRM planning and analysis of proposed
investments in information technology. The Circular will state
policy principles to guide agency planning and explain OMB's
expectations when reviewing agency budget requests for
investments in information technology. OMB intends to make more
explicit the policy connections between A-130 and OMB policy
documents including Circular Nos. A-109, A-123 and A-127, with
the goal of avoiding unnecessary overlap and harmonizing
definitions among all four. It will link the management of
information technology to agency strategic planning, stress
incorporating user needs when preparing requirements analyses,
and suggest policy level control and review mechanisms for IRM
policies and life cycle management of projects.
Appendix II: Cost Accounting, Cost Recovery, and Interagency
Sharing of Information Technology Facilities. OMB will revise
Appendix II to reflect changes in law made by the Chief Financial
Officers Act and the Budget Enforcement Act of 1990. These
requirements include ensuring that accounting and reimbursements
for sharing of information technology facilities are monitored
and approved. The revision will also address the use of revolving
funds for cost recovery and accounting for inter-agency and
intra-agency reimbursements. In addition, the revision will
address the budgetary scoring of capital leases and
lease-to-purchase agreements for information technology.
Appendix III: Security of Federal Automated Information Systems.
OMB will revise Appendix III to incorporate requirements of the
Computer Security Act of 1987, including requirements for
security plans described in OMB Bulletin 90-08. Those revisions
will incorporate changes based on the experience gained in recent
computer security visits to major agencies. OMB will also work
with the National Institute of Standards and Technology to
implement recommendations of the Computer Security and Privacy
Advisory Board (established by the Computer Security Act)
regarding better coordination between this Circular and OMB
Circular No. A-123.
Accordingly, Circular No. A-130 is revised as set forth below.
Sally Katzen,
Administrator,
Office of Information and Regulatory Affairs.
Circular No. A-130_Revised
Transmittal Memorandum No. 1
To the Heads of Executive Departments and Establishments
Subject: Management of Federal Information Resources.
Circular No. A-130 provides uniform government-wide information
resources management policies as required by the Paperwork
Reduction Act of 1980, 44 U.S.C. Chapter 35. This Transmittal
Memorandum contains updated guidance on those portions of the
Circular dealing with information resources management planning,
records management and information dissemination policy. It also
contains a revised Appendix I, ``Federal Agency Responsibilities
for Maintaining Records About Individuals,'' and a revised
Appendix IV, ``Analysis of Key Sections.''
This Circular replaces and rescinds OMB Circular No. A-3,
``Government Publications,'' dated May 2, 1985, and OMB Circular
No. A-114, ``Management of Federal Audiovisual Activities,''
dated March 20, 1985.
Leon E. Panetta,
Director.
Circular No. A-130_Revised
Transmittal Memorandum No. 1
Memorandum for Heads of Executive Departments and Establishments
Subject: Management of Federal Information Resources.
1. Purpose: This Circular establishes policy for the management
of Federal information resources. Procedural and analytic
guidelines for implementing specific aspects of these policies
are included as appendices.
2. Rescissions: This Circular rescinds OMB Circulars No.
A-3, A-71, A-90, A-108, A-114, and A-121, and all Transmittal
Memoranda to those circulars.
3. Authorities: This Circular is issued pursuant to the Paperwork
Reduction Act (PRA), as amended (44 U.S.C. Chapter 35); the
Privacy Act, as amended (5 U.S.C. 552a); the Chief Financial
Officers Act (31 U.S.C. 3512 et seq.); the Federal Property and
Administrative Services Act, as amended (40 U.S.C. 759 and 487);
the Computer Security Act (40 U.S.C. 759 note); the Budget and
Accounting Act, as amended (31 U.S.C. Chapter 11); Executive
Order No. 12046 of March 27, 1978; and Executive Order No. 12472
of April 3, 1984.
4. Applicability and Scope:
a. The policies in this Circular apply to the information
activities of all agencies of the executive branch of the Federal
Government.
b. Information classified for national security purposes should
also be handled in accordance with the appropriate national
security directives. National security emergency preparedness
activities should be conducted in accordance with Executive Order
No. 12472.
5. Background: The Paperwork Reduction Act establishes a broad
mandate for agencies to perform their information management
activities in an efficient, effective, and economical manner. To
assist agencies in an integrated approach to information
resources management, the Act requires that the Director of OMB
develop and implement uniform and consistent information
resources management policies; oversee the development and
promote the use of information management principles, standards,
and guidelines; evaluate agency information management practices
in order to determine their adequacy and efficiency; and
determine compliance of such practices with the policies,
principles, standards, and guidelines promulgated by the
Director.
6. Definitions:
a. The term ``agency'' means any executive department, military
department, government corporation, government controlled
corporation, or other establishment in the executive branch of
the Federal Government, or any independent regulatory agency.
Within the Executive Office of the President, the term includes
only OMB and the Office of Administration.
b. The term ``audiovisual production'' means a unified
presentation, developed according to a plan or script, containing
visual imagery, sound or both, and used to convey information.
c. The term ``dissemination'' means the government initiated
distribution of information to the public. Not considered
dissemination within the meaning of this Circular is distribution
limited to government employees or agency contractors or
grantees, intra- or inter-agency use or sharing of government
information, and responses to requests for agency records under
the Freedom of Information Act (5 U.S.C. 552) or Privacy Act.
d. The term ``government information'' means information created,
collected, processed, disseminated, or disposed of by or for the
Federal Government.
e. The term ``government publication'' means information which is
published as an individual document at government expense, or as
required by law. (44 U.S.C. 1901)
f. The term ``information'' means any communication or
representation of knowledge such as facts, data, or opinions in
any medium or form, including textual, numerical, graphic,
cartographic, narrative, or audiovisual forms.
g. The term ``information dissemination product'' means any book,
paper, map, machine-readable material, audiovisual production, or
other documentary material, regardless of physical form or
characteristic, disseminated by an agency to the public.
h. The term ``information life cycle'' means the stages through
which information passes, typically characterized as creation or
collection, processing, dissemination, use, storage, and
disposition.
i. The term ``information resources management'' means the
planning, budgeting, organizing, directing, training, and
administrative control associated with government information
resources. The term encompasses both information itself and the
related resources, such as personnel, equipment, funds, and
information technology.
j. The term ``information system'' means the organized
collection, processing, maintenance, transmission, and
dissemination of information in accordance with defined
procedures, whether automated or manual.
k. The term ``information technology'' means the hardware and
software operated by a Federal agency or by a contractor of a
Federal agency or other organization that processes information
on behalf of the Federal Government to accomplish a Federal
function, regardless of the technology involved, whether
computers, telecommunications, or others. It includes automatic
data processing equipment as that term is defined in Section
111(a)(2) of the Federal Property and Administrative Services Act
of 1949. For the purposes of this Circular, automatic data
processing and telecommunications activities related to certain
critical national security missions, as defined in 44 U.S.C.
3502(2) and 10 U.S.C. 2315, are excluded.
l. The term ``information technology facility'' means an
organized grouping of personnel, hardware, software, and physical
facilities, a primary function of which is the operation of
information technology.
m. The term ``major information system'' means an information
system that requires special continuing management attention
because of its importance to an agency mission; its high
development, operating, or maintenance costs; or its significant
impact on the administration of agency programs, finances,
property, or other resources.
n. The term ``records'' means all books, papers, maps,
photographs, machine-readable materials, or other documentary
materials, regardless of physical form or characteristics, made
or received by an agency of the United States Government under
Federal law or in connection with the transaction of public
business and preserved or appropriate for preservation by that
agency or its legitimate successor as evidence of the
organization, functions, policies, decisions, procedures,
operations, or other activities of the government or because of
the informational value of the data in them. Library and museum
material made or acquired and preserved solely for reference or
exhibition purposes, extra copies of documents preserved only for
convenience of reference, and stocks of publications and of
processed documents are not included. (44 U.S.C. 3301)
o. The term ``records management'' means the planning,
controlling, directing, organizing, training, promoting, and
other managerial activities involved with respect to records
creation, records maintenance and use, and records disposition in
order to achieve adequate and proper documentation of the
policies and transactions of the Federal Government and effective
and economical management of agency operations. (44 U.S.C.
2901(2))
7. Basic Considerations and Assumptions:
a. The Federal Government is the largest single producer,
collector, consumer, and disseminator of information in the
United States. Because of the extent of the government's
information activities, and the dependence of those activities
upon public cooperation, the management of Federal information
resources is an issue of continuing importance to all Federal
agencies, State and local governments, and the public.
b. Government information is a valuable national resource. It
provides the public with knowledge of the government, society,
and economy_past, present, and future. It is a means to ensure
the accountability of government, to manage the government's
operations, to maintain the healthy performance of the economy,
and is itself a commodity in the marketplace.
c. The free flow of information between the government and the
public is essential to a democratic society. It is also essential
that the government minimize the Federal paperwork burden on the
public, minimize the cost of its information activities, and
maximize the usefulness of government information.
d. In order to minimize the cost and maximize the usefulness of
government information, the expected public and private benefits
derived from government information should exceed the public and
private costs of the information, recognizing that the benefits
to be derived from government information may not always be
quantifiable.
e. The nation can benefit from government information
disseminated both by Federal agencies and by diverse nonfederal
parties, including State and local government agencies,
educational and other not-for-profit institutions, and for-profit
organizations.
f. Because the public disclosure of government information is
essential to the operation of a democracy, management of Federal
information resources should protect the public's right of access
to government information.
g. The individual's right to privacy must be protected in Federal
Government information activities involving personal information.
h. Systematic attention to the management of government records
is an essential component of sound public resources management
which ensures public accountability. Together with records
preservation, it protects the government's historical record and
guards the legal and financial rights of the government and the
public.
i. Strategic planning is basic to the operation of sound
government programs. This planning ensures that the management of
information resources reflects agency strategic priorities within
budgetary limitations.
j. Because State and local governments are important producers of
government information for many areas such as health, social
welfare, labor, transportation, and education, the Federal
Government must cooperate with these governments in the
management of information resources.
k. The open and efficient exchange of scientific and technical
government information, subject to applicable national security
controls and the proprietary rights of others, fosters excellence
in scientific research and effective use of Federal research and
development funds.
l. Modern information technology presents opportunities to
improve the management of government programs to provide better
service to the public. The availability of government information
in diverse media, including electronic formats, permits the
public greater flexibility in using the information.
m. Federal Government information resources management policies
and activities can affect, and be affected by, the information
policies and activities of other nations.
8. Policy_a. Information Management Policy
(1) Information Management Planning. Agencies shall plan in an
integrated manner for managing information throughout its life
cycle. Agencies shall:
(a) Consider, at each stage of the information life cycle, the
effects of decisions and actions on other stages of the life
cycle, particularly those concerning information dissemination;
(b) Consider the effects of their actions on members of the
public and ensure consultation with the public as appropriate;
(c) Consider the effects of their actions on State and local
governments and ensure consultation with those governments as
appropriate;
(d) Seek to satisfy new information needs through interagency or
intergovernmental sharing of information, or through commercial
sources, where appropriate, before creating or collecting new
information;
(e) Integrate planning for information systems with plans for
resource allocation and use, including budgeting, acquisition,
and use of information technology;
(f) Train personnel in skills appropriate to management of
information;
(g) Protect government information commensurate with the risk and
magnitude of harm that could result from the loss, misuse, or
unauthorized access to or modification of such information;
(h) Use voluntary standards and Federal Information Processing
Standards where appropriate or required;
(i) Consider the effects of their actions on the privacy rights
of individuals, and ensure that appropriate legal and technical
safeguards are implemented;
(j) Record, preserve, and make accessible sufficient information
to ensure the management and accountability of agency programs,
and to protect the legal and financial rights of the Federal
Government;
(k) Incorporate records management and archival functions into
the design, development, and implementation of information
systems;
(l) Provide for public access to records where required or
appropriate.
(2) Information Collection. Agencies shall collect or create only
that information necessary for the proper performance of agency
functions and which has practical utility.
(3) Electronic Information Collection. Agencies shall use
electronic collection techniques where such techniques reduce
burden on the public, increase efficiency of government programs,
reduce costs to the government and the public, and/or provide
better service to the public. Conditions favorable to electronic
collection include:
(a) The information collection seeks a large volume of data
and/or reaches a large proportion of the public;
(b) The information collection recurs frequently;
(c) The structure, format, and/or definition of the information
sought by the information collection does not change
significantly over several years;
(d) The agency routinely converts the information collected to
electronic format;
(e) A substantial number of the affected public are known to have
ready access to the necessary information technology and to
maintain the information in electronic form;
(f) Conversion to electronic reporting, if mandatory, will not
impose substantial costs or other adverse effects on the public,
especially State and local governments and small business
entities.
(4) Records Management. Agencies shall:
(a) Ensure that records management programs provide adequate and
proper documentation of agency activities;
(b) Ensure the ability to access records regardless of form or
medium;
(c) In a timely fashion, establish, and obtain the approval of
the Archivist of the United States for, retention schedules for
Federal records; and
(d) Provide training and guidance as appropriate to all agency
officials and employees and contractors regarding their Federal
records management responsibilities.
(5) Providing Information to the Public. Agencies have a
responsibility to provide information to the public consistent
with their missions. Agencies shall discharge this responsibility
by:
(a) Providing information, as required by law, describing agency
organization, activities, programs, meetings, systems of records,
and other information holdings, and how the public may gain
access to agency information resources;
(b) Providing access to agency records under provisions of the
Freedom of Information Act and the Privacy Act, subject to the
protections and limitations provided for in these Acts;
(c) Providing such other information as is necessary or
appropriate for the proper performance of agency functions; and
(d) In determining whether and how to disseminate information to
the public, agencies shall:
(i) Disseminate information in a manner that achieves the best
balance between the goals of maximizing the usefulness of the
information and minimizing the cost to the government and the
public;
(ii) Disseminate information dissemination products on equitable
and timely terms;
(iii) Take advantage of all dissemination channels, Federal and
nonfederal, including State and local governments, libraries and
private sector entities, in discharging agency information
dissemination responsibilities;
(iv) Help the public locate government information maintained by
or for the agency.
(6) Information Dissemination Management System. Agencies shall
maintain and implement a management system for all information
dissemination products which shall, at a minimum:
(a) Assure that information dissemination products are necessary
for proper performance of agency functions (44 U.S.C. 1108);
(b) Consider whether an information dissemination product
available from other Federal or nonfederal sources is equivalent
to an agency information dissemination product and reasonably
fulfills the dissemination responsibilities of the agency;
(c) Establish and maintain inventories of all agency information
dissemination products;
(d) Develop such other aids to locating agency information
dissemination products including catalogs and directories, as may
reasonably achieve agency information dissemination objectives;
(e) Identify in information dissemination products the source of
the information, if from another agency;
(f) Ensure that members of the public with disabilities whom the
agency has a responsibility to inform have a reasonable ability
to access the information dissemination products;
(g) Ensure that government publications are made available to
depository libraries through the facilities of the Government
Printing Office, as required by law (44 U.S.C. Part 19);
(h) Provide electronic information dissemination products to the
Government Printing Office for distribution to depository
libraries;
(i) Establish and maintain communications with members of the
public and with State and local governments so that the agency
creates information dissemination products that meet their
respective needs;
(j) Provide adequate notice when initiating, substantially
modifying, or terminating significant information dissemination
products; and
(k) Ensure that, to the extent existing information dissemination
policies or practices are inconsistent with the requirements of
this Circular, a prompt and orderly transition to compliance with
the requirements of this Circular is made.
(7) Avoiding Improperly Restrictive Practices. Agencies shall:
(a) Avoid establishing, or permitting others to establish on
their behalf, exclusive, restricted, or other distribution
arrangements that interfere with the availability of information
dissemination products on a timely and equitable basis;
(b) Avoid establishing restrictions or regulations, including the
charging of fees or royalties, on the reuse, resale, or
redissemination of Federal information dissemination products by
the public; and,
(c) Set user charges for information dissemination products at a
level sufficient to recover the cost of dissemination but no
higher. They shall exclude from calculation of the charges costs
associated with original collection and processing of the
information. Exceptions to this policy are:
(i) Where statutory requirements are at variance with the policy;
(ii) Where the agency collects, processes, and disseminates the
information for the benefit of a specific identifiable group
beyond the benefit to the general public;
(iii) Where the agency plans to establish user charges at less
than cost of dissemination because of a determination that higher
charges would constitute a significant barrier to properly
performing the agency's functions, including reaching members of
the public whom the agency has a responsibility to inform; or
(iv)Where the Director of OMB determines an exception is
warranted.
(8) Electronic Information Dissemination. Agencies shall use
electronic media and formats, including public networks, as
appropriate and within budgetary constraints, in order to make
government information more easily accessible and useful to the
public. The use of electronic media and formats for information
dissemination is appropriate under the following conditions:
(a) The agency develops and maintains the information
electronically;
(b) Electronic media or formats are practical and cost effective
ways to provide public access to a large, highly detailed volume
of information;
(c) The agency disseminates the product frequently;
(d) The agency knows a substantial portion of users have ready
access to the necessary information technology and training to
use electronic information dissemination products;
(e) A change to electronic dissemination, as the sole means of
disseminating the product, will not impose substantial
acquisition or training costs on users, especially State and
local governments and small business entities.
(9) Safeguards. Agencies shall:
(a) Ensure that information is protected commensurate with the
risk and magnitude of the harm that would result from the loss,
misuse, or unauthorized access to or modification of such
information;
(b) Limit the collection of information which identifies
individuals to that which is legally authorized and necessary for
the proper performance of agency functions;
(c) Limit the sharing of information that identifies individuals
or contains proprietary information to that which is legally
authorized, and impose appropriate conditions on use where a
continuing obligation to ensure the confidentiality of the
information exists;
(d) Provide individuals, upon request, access to records about
them maintained in Privacy Act systems of records, and permit
them to amend such records as are in error consistent with the
provisions of the Privacy Act.
b. Information Systems and Information Technology Management.
[This Section is unaffected by this revision. See 50 FR 52730
(December 24, 1985).]
9. Assignment of Responsibilities_a. All Federal Agencies. The
head of each agency shall:
(1) Have primary responsibility for managing agency information
resources;
(2) Ensure that the information policies, principles, standards,
guidelines, rules, and regulations prescribed by OMB are
implemented appropriately within the agency;
(3) Develop internal agency information policies and procedures
and oversee, evaluate, and otherwise periodically review agency
information resources management activities for conformity with
the policies set forth in this Circular;
(4) Develop agency policies and procedures that provide for
timely acquisition of required information technology;
(5) Maintain an inventory of the agencies' major information
systems and information dissemination programs;
(6) Create, maintain, and dispose of a record of agency
activities in accordance with the Federal Records Act of 1950, as
amended;
(7) Identify to the Director, OMB, statutory, regulatory, and
other impediments to efficient management of Federal information
resources and recommend to the Director legislation, policies,
procedures, and other guidance to improve such management;
(8) Assist OMB in the performance of its functions under the PRA
including making services, personnel, and facilities available to
OMB for this purpose to the extent practicable;
(9) Appoint a senior official, as required by 44 U.S.C. 3506(b),
who shall report directly to the agency head to carry out the
responsibilities of the agency under the PRA. The head of the
agency shall keep the Director, OMB, advised as to the name,
title, authority, responsibilities, and organizational resources
of the senior official. For purposes of this paragraph, military
departments and the Office of the Secretary of Defense may each
appoint one official.
(10) Designate an office with responsibility for management
oversight of agency audiovisual productions and establish an
appropriate program for the management of audiovisual
productions, facilities, and activities in conformance with the
requirements contained at 36 CFR 1232.4.
(11) Direct the senior official appointed pursuant to 44 U.S.C.
3506(b) to monitor agency compliance with the policies,
procedures, and guidance in this Circular. Acting as an
ombudsman, the senior official shall consider alleged instances
of agency failure to comply with this Circular and recommend or
take corrective action as appropriate. The senior official shall
report annually, not later than February 1st of each year, to the
Director those instances of alleged failure to comply with this
Circular and their resolution.
b. Department of State. The Secretary of State shall:
(1) Advise the Director, OMB, on the development of United States
positions and policies on international information policy issues
affecting Federal Government information activities and ensure
that such positions and policies are consistent with Federal
information resources management policy;
(2) Ensure, in consultation with the Secretary of Commerce, that
the United States is represented in the development of
international information technology standards, and advise the
Director, OMB, of such activities.
c. Department of Commerce. The Secretary of Commerce shall:
(1) Develop and issue Federal Information Processing Standards
and guidelines necessary to ensure the efficient and effective
acquisition management security, and use of information
technology;
(2) Advise the Director, OMB, on the development of policies
relating to the procurement and management of Federal
tele-communications resources;
(3) Provide OMB and the agencies with scientific and technical
advisory services relating to the development and use of
information technology;
(4) Conduct studies and evaluations concerning telecommunications
technology, and concerning the improvement, expansion, testing,
operation, and use of Federal tele-communications systems and
advise the Director, OMB, and appropriate agencies of the
recommendations that result from such studies;
(5) Develop, in consultation with the Secretary of State and the
Director of OMB, plans, policies, and programs relating to
international telecommunications issues affecting government
information activities;
(6) Identify needs for standardization of telecommunications and
information processing technology, and develop standards, in
consultation with the Secretary of Defense and the Administrator
of General Services, to ensure efficient application of such
technology;
(7) Ensure that the Federal Government is represented in the
development of national and, in consultation with the Secretary
of State, international information technology standards, and
advise the Director, OMB, of such activities.
d. Department of Defense. The Secretary of Defense shall develop,
in consultation with the Administrator of General Services,
uniform Federal telecommunications standards and guidelines to
ensure national security, emergency preparedness, and continuity
of government.
e. General Services Administration. The Administrator of General
Services shall:
(1) Advise the Director, OMB, and agency heads on matters
affecting the procurement of information technology;
(2) Coordinate and, when required, provide for the purchase,
lease, and maintenance of information technology required by
Federal agencies;
(3) Develop criteria for timely procurement of information
technology and delegate procurement authority to agencies that
comply with the criteria;
(4) Provide guidelines and regulations for Federal agencies, as
authorized by law, on the acquisition, maintenance, and
disposition of information technology;
(5) Develop policies and guidelines that facilitate the sharing
of information technology among agencies as required by this
Circular;
(6) Review agencies' information resources management activities
to meet the objectives of the triennial reviews required by the
PRA and report the results to the Director, OMB;
(7) Manage the Automatic Data Processing Fund and the Federal
Telecommunications Fund in accordance with the Federal Property
and Administrative Services Act as amended;
(8) Establish procedures for approval, implementation, and
dissemination of Federal telecommunications standards and
guidelines and for implementation of Federal Information
Processing Standards.
f. Office of Personnel Management. The Director, Office of
Personnel Management, shall:
(1) Develop and conduct training programs for Federal personnel
on information resources management including end-user computing;
(2) Evaluate periodically future personnel management and
staffing requirements for Federal information resources
management;
(3) Establish personnel security policies and develop training
programs for Federal personnel associated with the design,
operation, or maintenance of information systems.
g. National Archives and Records Administration. The Archivist of
the United States shall:
(1) Administer the Federal records management program in
accordance with the National Archives and Records Act;
(2) Assist the Director, OMB, in developing standards and
guidelines relating to the records management program.
h. Office of Management and Budget. The Director of the Office of
Management and Budget shall:
(1) Provide overall leadership and coordination of Federal
information resources management within the executive branch;
(2) Serve as the President's principal adviser on procurement and
management of Federal telecommunications systems, and develop and
establish policies for procurement and management of such
systems;
(3) Issue policies, procedures, and guidelines to assist agencies
in achieving integrated, effective, and efficient information
resources management;
(4) Initiate and review proposals for changes in legislation,
regulations, and agency procedures to improve Federal information
resources management;
(5) Review and approve or disapprove agency proposals for
collection of information from the public, as defined by 5 CFR
1320.7;
(6) Develop and publish annually in consultation with the
Administrator of General Services, a five-year plan for meeting
the information technology needs of the Federal Government;
(7) Evaluate agencies' information resources management and
identify cross-cutting information policy issues through the
review of agency information programs, information collection
budgets, information technology acquisition plans, fiscal
budgets, and by other means;
(8) Provide policy oversight for the Federal records management
function conducted by the National Archives and Records
Administration and coordinate records management policies and
programs with other information activities;
(9) Review, with the advice and assistance of the Administrator
of General Services, selected agencies' information resources
management activities to meet the objectives of the triennial
reviews required by the PRA;
(10) Review agencies' policies, practices, and programs
pertaining to the security, protection, sharing, and disclosure
of information, in order to ensure compliance with the Privacy
Act and related statutes;
(11) Resolve information technology procurement disputes between
agencies and the General Services Administration pursuant to
Section 111 of the Federal Property and Administrative Services
Act;
(12) Review proposed U.S. Government Position and Policy
statements on international issues affecting Federal Government
information activities and advise the Secretary of State as to
their consistency with Federal information resources management
policy.
10. Oversight:
a. The Director, OMB, will use information technology planning
reviews, fiscal budget reviews, information collection budget
reviews, management reviews, GSA reviews of agency information
resources management measures, and such other measures as he
deems necessary to evaluate the adequacy and efficiency of each
agency's information resources management and compliance with
this Circular.
b. The Director, OMB, may, upon written request of an agency,
grant a waiver from particular requirements of this Circular.
Requests for waivers must detail the reasons why a particular
waiver is sought, identify the duration of the waiver sought, and
include a plan for the prompt and orderly transition to full
compliance with the requirements of this Circular. Notice of each
waiver request shall be published promptly by the agency in the
Federal Register, with a copy of the waiver request made
available to the public on request.
11. Effectiveness: This Circular is effective upon issuance.
Nothing in this Circular shall be construed to confer a private
right of action on any person.
12. Inquiries: All questions or inquiries should be addressed to
the Office of Information and Regulatory Affairs, Office of
Management and Budget, Washington, D.C. 20503. Telephone: (202)
395-4814.
13. Sunset Review Date: OMB will review this Circular three years
from the date of issuance to ascertain its effectiveness.
Appendix I to OMB Circular No. A-130
Federal Agency Responsibilities for Maintaining Records About
Individuals
1. Purpose and Scope. This Appendix describes agency
responsibilities for implementing the reporting and publication
requirements of the Privacy Act of 1974, 5 U.S.C. 552a, as
amended (hereinafter ``the Act''). It applies to all agencies
subject to the Act. Note that this Appendix does not rescind
other guidance OMB has issued to help agencies interpret the
Privacy Act's provisions, e.g., Privacy Act Guidelines (40 FR
28949-28978, July 9, 1975), or Final Guidance for Conducting
Matching Programs (54 FR at 25819, June 19, 1989).
2. Definitions.
a. The terms ``agency,'' ``individual,'' ``maintain,''
``record,'' ``system of records,'' and ``routine use,'' as used
in this Appendix, are defined in the Act (5 U.S.C. 552a(a)).
b. Matching Agency. Generally, the Recipient Federal agency (or
the Federal source agency in a match conducted by a nonfederal
agency) is the matching agency and is responsible for meeting the
reporting and publication requirements associated with the
matching program. However, in large, multi-agency matching
programs, where the recipient agency is merely performing the
matches and the benefit accrues to the source agencies, the
partners should assign responsibility for compliance with the
administrative requirements in a fair and reasonable way. This
may mean having the matching agency carry out these requirements
for all parties, having one participant designated to do so, or
having each source agency do so for its own matching program(s).
c. Nonfederal Agency. Nonfederal agencies are State or local
governmental agencies receiving records from a Federal agency's
automated system of records to be used in a matching program.
d. Recipient Agency. Recipient agencies are Federal agencies or
their contractors receiving automated records from the Privacy
Act systems of records of other Federal agencies, or from State
or local governments, to be used in a matching program as defined
in the Act.
e. Source Agency. A source agency is a Federal agency that
discloses automated records from a system of records to another
Federal agency or to a State or local agency to be used in a
matching program. It is also a State or local agency that
discloses records to a Federal agency for use in a matching
program.
3. Assignment of Responsibilities.
a. All Federal Agencies. In addition to meeting the agency
requirements contained in the Act and the specific reporting and
publication requirements detailed in this Appendix, the head of
each agency shall ensure that the following reviews are conducted
as often as specified below, and be prepared to report to the
Director, OMB, the results of such reviews and the corrective
action taken to resolve problems uncovered. The head of each
agency shall:
(1) Section (m) Contracts. Review every two years a random
sample of agency contracts that provide for the maintenance of a
system of records on behalf of the agency to accomplish an agency
function, in order to ensure that the wording of each contract
makes the provisions of the Act binding on the contractor and his
or her employees. (See 5 U.S.C. 552a(m)(1))
(2) Recordkeeping Practices. Review annually agency
recordkeeping and disposal policies and practices in order to
assure compliance with the Act, paying particular attention to
the maintenance of automated records.
(3) Routine Use Disclosures. Review every four years the
routine use disclosures associated with each system of records in
order to ensure that the recipient's use of such records
continues to be compatible with the purpose for which the
disclosing agency collected the information.
(4) Exemption of Systems of Records. Review every four years
each system of records for which the agency has promulgated
exemption rules pursuant to Section (j) or (k) of the Act in
order to determine whether such exemption is still needed.
(5) Matching Programs. Review annually each ongoing matching
program in which the agency has participated during the year,
either as a source or as a matching agency, in order to ensure
that the requirements of the Act, the OMB guidance, and any
agency regulations, operating instructions, or guidelines have
been met.
(6) Privacy Act Training. Review annually agency training
practices in order to ensure that all agency personnel are
familiar with the requirements of the Act, with the agency's
implementing regulation, and with any special requirements of
their specific jobs.
(7) Violations. Review annually the actions of agency personnel
that have resulted either in the agency being found civilly
liable under Section (g) of the Act, or an employee being found
criminally liable under the provisions of Section (i) of the Act,
in order to determine the extent of the problem and to find the
most effective way to prevent recurrence of the problem.
(8) Systems of Records Notices. Review annually each system of
records notice to ensure that it accurately describes the system
of records. Where minor changes are needed, e.g., the name of
the system manager, ensure that an amended notice is published in
the Federal Register. Agencies may choose to make one annual
comprehensive publication consolidating such minor changes. This
requirement is distinguished from and in addition to the
requirement to report to OMB and Congress significant changes to
systems of records and to publish those changes in the Federal
Register (See paragraph 4c of this Appendix).
b. Department of Commerce. The Secretary of Commerce shall,
consistent with guidelines issued by the Director, OMB, develop
and issue standards and guidelines for ensuring the security of
information protected by the Act in automated information
systems.
c. The Department of Defense, General Services Administration,
and National Aeronautics and Space Administration. These
agencies shall, consistent with guidelines issued by the
Director, OMB, ensure that instructions are issued on what
agencies must do in order to comply with the requirements of
Section (m) of the Act when contracting for the operation of a
system of records to accomplish an agency purpose.
d. Office of Personnel Management. The Director of the Office
of Personnel Management shall, consistent with guidelines issued
by the Director, OMB:
(1) Develop and maintain governmentwide standards and procedures
for civilian personnel information processing and recordkeeping
directives to assure conformance with the Act.
(2) Develop and conduct Privacy Act training programs for agency
personnel, including both the conduct of courses in various
substantive areas (e.g., administrative, information technology)
and the development of materials that agencies can use in their
own courses. The assignment of this responsibility to OPM does
not affect the responsibility of individual agency heads for
developing and conducting training programs tailored to the
specific needs of their own personnel.
e. National Archives and Records Administration. The Archivist
of the United States through the Office of the Federal Register,
shall, consistent with guidelines issued by the Director, OMB:
(1) Issue instructions on the format of the agency notices and
rules required to be published under the Act.
(2) Compile and publish every two years, the rules promulgated
under 5 U.S.C. 552a(f) and agency notices published under 5
U.S.C. 552a(e)(4) in a form available to the public at low cost.
(3) Issue procedures governing the transfer of records to
Federal Records Centers for storage, processing, and servicing
pursuant to 44 U.S.C. 3103. For purposes of the Act, such
records are considered to be maintained by the agency that
deposited them. The Archivist may disclose deposited records
only according to the access rules established by the agency that
deposited them.
f. Office of Management and Budget. The Director of the Office
of Management and Budget will:
(1) Issue guidelines and directives to the agencies to implement
the Act.
(2) Assist the agencies, at their request, in implementing their
Privacy Act programs.
(3) Review new and altered system of records and matching
program reports submitted pursuant to Section (o) of the Act.
(4) Compile the biennial report of the President to Congress in
accordance with Section (s) of the Act.
(5) Compile and issue a biennial report on the agencies'
implementation of the computer matching provisions of the Privacy
Act, pursuant to Section (u)(6) of the Act.
4. Reporting Requirements. (See Table 1 at the end of this
Appendix for due dates and recipient addresses.)
a. Biennial Privacy Act Report. To provide the necessary
information for the biennial report of the President, agencies
shall submit a biennial report to OMB, covering their Privacy Act
activities for the calendar years covered by the reporting
period. The exact format of the report will be established by
OMB. At a minimum, however, agencies should collect and be
prepared to report the following data on a calendar year basis:
(1) A listing of publication activity during each year showing
the following:
* Total Number of Systems of Records (Exempt/NonExempt)
* Number of New Systems of Records Added (Exempt/NonExempt)
* Number Routine Uses Added
* Number Exemptions Added to Existing Systems
* Number Exemptions Deleted from Existing Systems
* Total Number of Automated Systems of Records (Exempt/NonExempt)
The agency should provide a brief narrative describing those
activities in detail, e.g., ``the Department added a (k)(1)
exemption to an existing system of records entitled
``Investigative Records of the Office of Investigations;'' or
``the agency added a new routine use to a system of records
entitled ``Employee Health Records'' that would permit disclosure
of health data to researchers under contract to the agency to
perform workplace risk analysis.''
(2) A brief description of any public comments received on
agency publication and implementation activities, and agency
response.
(3) Number of access and amendment requests from record subjects
citing the Privacy Act that were received during the calendar
year of the report. Also the disposition of requests from any
year that were completed during the calendar year of the report:
* Total Number of Access Requests
Number Granted in Whole
Number Granted in Part
Number Wholly Denied
Number For Which No Record Found
* Total Amendment Requests
Number Granted in Whole
Number Granted in Part
Number Wholly Denied
* Number of Appeals of Denials of Access
Number Granted in Whole
Number Granted in Part
Number Wholly Denied
Number For Which No Record Found
* Number of Appeals of Denials of Amendment
Number Granted in Whole
Number Granted in Part
Number Wholly Denied
(4) Number of instances in which individuals brought suit under
section (g) of the Privacy Act against the agency and the results
of any such litigation that resulted in a change to agency
practices or affected guidance issued by OMB.
(5) Results of any reviews undertaken in response to paragraph
3a of this Appendix.
(6) Description of agency Privacy Act training activities
conducted in accordance with paragraph 3a(6) of this Appendix.
b. Biennial Matching Activity Report. (See 5 U.S.C.
552a(u)(3)(D)). At the end of each calendar year, the Data
Integrity Board of each agency that has participated in matches
covered by the computer matching provisions of the Privacy Act
will collect data summarizing that year's matching activity. The
Act requires that such activity be reported every two years. OMB
will establish the exact format of the report, but agencies' Data
Integrity Boards should be prepared to report the data identified
below both to the agency head and to OMB.
(1) A listing of the names and positions of the members of the
Data Integrity Board and showing separately the name of the Board
Secretary, his or her agency mailing address, and telephone
number. Also show and explain any changes in membership or
structure occurring during the reporting year.
(2) A listing of each matching program, by title and purpose, in
which the agency participated during the reporting year. This
listing should show names of participant agencies, give a brief
description of the program, and give a citation including the
date to the Federal Register notice describing the program.
(3) For each matching program, an indication of whether the
cost/benefit analysis performed resulted in a favorable ratio.
The Data Integrity Board should explain why the agency proceeded
with any matching program for which an unfavorable ratio was
reached.
(4) For each program for which the Board waived a cost/benefit
analysis, reasons for the waiver and the results of match, if
tabulated.
(5) A description of each matching agreement the Board rejected
and an explanation of why it was rejected.
(6) A listing of any violations of matching agreements that have
been alleged or identified, and a discussion of any action taken.
(7) A discussion of any litigation involving the agency's
participation in any matching program.
(8) For any litigation based on allegations of inaccurate
records, an explanation of the steps the agency used to ensure
the integrity of its data as well as the verification process it
used in the matching program, including an assessment of the
adequacy of each.
c. New and Altered System of Records Report. The Act requires
agencies to publish notices in the Federal Register describing
new or altered systems of records, and to submit reports to OMB,
and to the Chair of the Committee on Government Operations of the
House of Representatives, and the Chair of the Committee on
Governmental Affairs of the Senate. The reports must be
transmitted at least 40 days prior to the operation of the new
system of records or the date on which the alteration to an
existing system takes place.
(1) When to Report Altered Systems of Records. Minor changes to
systems of records need not be reported. For example, a change
in the designation of the system manager due to a reorganization
would not require a report, so long as an individual's ability to
gain access to his or her records is not affected. Other
examples include changing applicable safeguards as a result of a
risk analysis, or deleting a routine use when there is no longer
a need for the disclosure. The following changes are those for
which a report is required:
(a) A significant increase in the number of individuals about
whom records are maintained. For example, a decision to expand a
system that originally covered only residents of public housing
in major cities to cover such residents nationwide would require
a report. Increases attributable to normal growth should not be
reported.
(b) A change that expands the types or categories of information
maintained. For example, a file covering physicians that has
been expanded to include other types of healthcare providers,
e.g., nurses, technicians, etc., would require a report.
(c) A change that alters the purpose for which the information
is used.
(d) A change to equipment configuration (either hardware or
software) that creates substantially greater access to the
records in the system of records. For example, locating
interactive terminals at regional offices for accessing a system
formerly accessible only at the headquarters would require a
report.
(e) The addition of an exemption pursuant to Section (j) or (k)
of the Act. Note that, in examining a rulemaking for a Privacy
Act exemption as part of a report of a new or altered system of
records, OMB will also review the rule under applicable
regulatory review procedures and agencies need not make a
separate submission for that purpose.
(f) The addition of a routine use pursuant to 5 U.S.C.
552a(b)(3).
(2) Reporting Changes to Multiple Systems of Records. When an
agency makes a change to an information technology installation
or a telecommunication network, or makes any other general
changes in information collection, processing, dissemination, or
storage that affect multiple systems of records, it may submit a
single, consolidated report, with changes to existing notices and
supporting documentation included in the submission.
(3) Contents of the New or Altered System Report. The report
for a new or altered system has three elements: a transmittal
letter, a narrative statement, and supporting documentation that
includes a copy of the proposed Federal Register notice. There
is no prescribed format for either the letter or the narrative
statement. The notice must appear in the format prescribed by
the Office of the Federal Register's Document Drafting Handbook.
(a) Transmittal Letter. The transmittal letter should be signed
by the senior agency official responsible for implementation of
the Act within the agency and should contain the name and
telephone number of the individual who can best answer questions
about the system of records. The letter should contain the
agency's assurance that the proposed system does not duplicate
any existing agency or governmentwide systems of records. The
letter sent to OMB may also include requests for waiver of the
time period for the review. The agency should indicate why it
cannot meet the established review period and what will be the
consequences of not obtaining the waiver, (see paragraph 4e
below).
(b) Narrative Statement. The narrative statement should be
brief. It should make reference, as appropriate, to information
in the supporting documentation rather than restating such
information. The statement should:
1. Describe the purpose for which the agency is establishing the
system of records.
2. Identify the authority under which the system of records is
maintained. The agency should avoid citing housekeeping
statutes, but rather cite the underlying programmatic authority
for collecting, maintaining, and using the information. When the
system is being operated to support an agency housekeeping
program, e.g., a carpool locator, the agency may, however, cite a
general housekeeping statute that authorizes the agency head to
keep such records as necessary.
3. Provide the agency's evaluation of the probable or potential
effect of the proposal on the privacy of individuals.
4. Provide a brief description of the steps taken by the agency
to minimize the risk of unauthorized access to the system of
records. A more detailed assessment of the risks and specific
administrative, technical, procedural, and physical safeguards
established shall be made available to OMB upon request.
5. Explain how each proposed routine use satisfies the
compatibility requirement of subsection (a)(7) of the Act. For
altered systems, this requirement pertains only to any newly
proposed routine use.
6. Provide OMB Control Numbers, expiration dates, and titles of
any OMB approved information collection requests (e.g., forms,
surveys, etc.) contained in the system of records. If the
request for OMB clearance of an information collection is
pending, the agency may simply state the title of the collection
and the date it was submitted for OMB clearance.
(c) Supporting Documentation. Attach the following to all new
or altered system of records reports:
1. A copy of the new or altered system of records notice in
Federal Register format, consistent with the provisions of 5
U.S.C. 552a(e)(4). For proposed altered systems the agency should
supply a copy of the original system of records notice to ensure
that reviewers can understand the changes proposed.
2. A copy in Federal Register format of any new exemption rules
or changes to published rules (consistent with the provisions of
5 U.S.C. 552a(f),(j), or (k)) that the agency proposes to issue
for the new or altered system.
(4) OMB Concurrence. Agencies may assume that OMB concurs in
the Privacy Act aspects of their proposal if OMB has not
commented within 40 days from the date the transmittal letter was
signed. Agencies should ensure that letters are transmitted
expeditiously after they are signed. Agencies may publish system
of records and routine use notices as well as proposed exemption
rules in the Federal Register at the same time that they send the
new or altered system report to OMB and Congress. The period for
OMB and congressional review and the notice and comment period
for routine uses and exemptions will then run concurrently. Note
that exemptions must be published as final rules before they are
effective.
d. New or Altered Matching Program Report. The Act requires
agencies to publish notices in the Federal Register describing
new or altered matching programs, and to submit reports to OMB,
and to Congress. The report must be received at least 40 days
prior to the initiation of any matching activity carried out
under a new or substantially altered matching program. For
renewals of continuing programs, the report must be dated at
least 40 days prior to the expiration of any existing matching
agreement.
(1) When to Report Altered Matching Programs. Agencies need not
report minor changes to matching programs. The term ``minor
change to a matching program'' means a change that does not
significantly alter the terms of the agreement under which the
program is being carried out. Examples of significant changes
include:
(a) Changing the purpose for which the program was established.
(b) Changing the matching population, either by including new
categories of record subjects or by greatly increasing the
numbers of records matched.
(c) Changing the legal authority covering the matching program.
(d) Changing the source or recipient agencies involved in the
matching program.
(2) Contents of New or Altered Matching Program Report. The
report for a new or altered matching program has three elements:
a transmittal letter, a narrative statement, and supporting
documentation that includes a copy of the proposed Federal
Register notice. There is no prescribed format for either the
letter or the narrative statement. The notice must appear in the
format prescribed by the Office of the Federal Register's
Document Drafting Handbook.
(a) Transmittal Letter. The transmittal letter should be signed
by the senior agency official responsible for implementation of
the Privacy Act within the agency and should contain the name and
telephone number of the individual who can best answer questions
about the matching program. The letter should state that a copy
of the matching agreement has been distributed to Congress as the
Act requires. The letter to OMB may also include a request for
waiver of the review time period.
(b) Narrative Statement. The narrative statement should be
brief. It should make reference, as appropriate, to information
in the supporting documentation rather than restating such
information. The statement should provide:
1. A description of the purpose of the matching program and the
authority under which it is being carried out.
2. A description of the security safeguards used to protect
against any unauthorized access or disclosure of records used in
the match.
3. If the cost/benefit analysis required by Section (u)(4)(A)
indicated an unfavorable ratio or was waived pursuant to OMB
guidance, an explanation of the basis on which the agency
justifies conducting the match.
(c) Supporting Documentation. Attach the following:
1. A copy of the Federal Register notice describing the matching
program.
2. For the Congressional report only, a copy of the matching
agreement.
(3) OMB Concurrence. Agencies may assume that OMB concurs in the
Privacy Act aspects of their proposal if OMB has not commented
within 40 days from the date the transmittal letter was signed.
Agencies should ensure that letters are transmitted expeditiously
after they are signed. Agencies may publish matching program
notices in the Federal Register at the same time that they send
the matching program report to OMB and Congress. The period for
OMB and congressional review and the notice and comment period
will then run concurrently.
e. Expediting the Review Process. The Director, OMB, may grant
a waiver of the 40-day review period for either systems of
records or matching program reviews. The agency must ask for the
waiver in the transmittal letter and demonstrate compelling
reasons. When a waiver is granted, the agency is not thereby
relieved of any other requirement of the Act. If no waiver is
granted, agencies may presume concurrence at the expiration of
the 40 day review period. Note that OMB cannot waive time
periods specifically established by the Act such as the 30 days
notice and comment period required for the adoption of a routine
use proposal pursuant to Section (b)(3) of the Act.
5. Publication Requirements. The Privacy Act requires agencies to
publish notices or rules in the Federal Register in the following
circumstances: when adopting a new or altered system of records,
when adopting a routine use or exemption for a system of records,
or when proposing to carry out a new or altered matching program.
(See paragraph 4c(1) and 4d(1) above on what constitutes a
reportable alteration.)
a. Publishing New or Altered Systems of Records Notices and
Exemption Rules.
(1) Who Publishes. The agency responsible for operating the
system of records makes the necessary publication. Publication
should be carried out at the departmental or agency level. Where
a system of records is to be operated exclusively by a component,
the department rather than the component should publish the
notice. Thus, for example, the Department of the Treasury would
publish a system of records notice covering a system operated
exclusively by the Internal Revenue Service. Note that if the
agency is proposing to exempt the system under Section (j) or (k)
of the Act, it must publish a rule in addition to the system of
records notice.
(a) Governmentwide Systems of Records. Certain agencies publish
systems of records containing records for which they have
governmentwide responsibilities. The records may be located in
other agencies, but they are being used under the authority of
and in conformance with the rules mandated by the publishing
agency. The Office of Personnel Management for example, has
published a number of governmentwide systems of records relating
to the operation of the government's personnel program. Agencies
should not publish systems of records that wholly or partly
duplicate existing governmentwide systems of records.
(b) Section (m) Contract Provisions. When an agency provides by
contract for the operation of a system of records, it should
ensure that a system of records notice describing the system has
been published. It should also review the notice to ensure that
it contains a routine use under Section (e)(4)(D) of the Act
permitting disclosure to the contractor and his or her personnel.
(2) When to Publish.
(a) System Notice. It must appear in the Federal Register
before the agency begins to operate the system, e.g., collect and
use the information.
(b) Routine Use. Must be published in the Federal Register 30
days before agency discloses records pursuant to its terms. If
the sole change to an existing system of records is to add a
routine use, the agency should either republish the entire system
of records notice, a condensed description of the system of
records, or a citation to the last full text Federal Register
publication. (Note that the addition of a routine use to an
existing system of records requires a report to OMB and Congress,
and that the review period for this report is 40 days.)
(c) Exemption Rule. Must be established through informal
rulemaking pursuant to the Administrative Procedure Act. This
process generally requires publication of a proposed rule, a
period during which the public may comment, publication of a
final rule, and the adoption of the final rule. Agencies may not
withhold records under an exemption until these requirements have
been met.
(3) Format. Agencies should follow the publication format
contained in the Office of the Federal Register Document Drafting
Handbook obtainable from the Government Printing Office.
b. Publishing Matching Notices.
(1) Who Publishes. Generally, the Recipient Federal agency (or
the Federal source agency in a match conducted by a nonfederal
agency) is responsible for publishing in the Federal Register a
notice describing the new or altered matching program. However,
in large, multi-agency matching programs, where the recipient
agency is merely performing the matches, and the benefit accrues
to the source agencies, the partners should assign responsibility
for compliance with the administrative requirements in a fair and
reasonable way. This may mean having the matching agency carry
out these requirements for all parties, having one participant
designated to do so, or having each source so for its own
matching program(s).
(2) Timing. Publication must occur at least 30 days prior to the
initiation of any matching activity carried out under a new or
substantially altered matching program. For renewals of
programs agencies wish to continue past the 30 month period of
initial eligibility (i.e., the initial 18 months plus a 1 year
extension), publication must occur at least 30 days prior to the
expiration of the existing matching agreement. (But note that a
report to OMB and the Congress is also required with a 40 day
review period).
(3) Format. The matching notice shall be in the format
prescribed by the Office of the Federal Register Document
Drafting Handbook and contain the following information:
(a) The name of the Recipient Agency.
(b) The Name(s) of the Source Agencies.
(c) The beginning and ending dates of the match.
(d) A brief description of the matching program, including its
purpose; the legal authorities authorizing its operation;
categories of individuals involved; and identification of records
used, including name(s) of Privacy Act Systems of records.
(e) The identification, address, and telephone number of a
Recipient Agency official who will answer public inquiries about
the program.
*THIS IS THE START OF A TABLE*
*TABLE TITLE*Table 1_Reporting Requirements
*BOX HEAD*Report
*BOX HEAD*When Due
*BOX HEAD*Recipient**
*END OF BOXHEAD*
Biennial Privacy Act Report ...June 30, 1994, 1996, 1998, 2000
...Administrator, OIRA
Biennial Matching Activity Report ...June 30, 1994, 1996, 1998,
2000 ...Administrator, OIRA
New System of Records Report ...When establishing a system of
records_at least 40 days before operating system*
...Administrator, OIRA, Congress
Altered System of Records Report ...When adding a new routine
use, exemption, or otherwise significantly altering an existing
system of records_at least 40 days before change to system takes
place* ...Administrator, OIRA, Congress
New Matching Program Report ...When establishing new matching
program_at least 40 days before operating program*
...Administrator, OIRA, Congress
Renewal of Existing Matching Program ...At least 40 days prior to
expiration of one year extension of original program_treat as new
program ...Administrator, OIRA, Congress
Altered Matching Program ...When making a significant change to
an existing matching program_at least 40 days before operating
altered program* ...Administrator, OIRA, Congress
Matching Agreements ...At least 40 days prior to start of
matching program* ...Congress
*TABLE FOOTNOTE*
* Review Period: Note that the statutory reporting requirement
is 30 days prior; the additional 10 days will ensure that OMB and
Congress have sufficient time to review the proposal. Agencies
should therefore ensure that reports are mailed expeditiously
after being signed.
*TABLE FOOTNOTE*
** Recipient Addresses: At bottom of envelope print ``PRIVACY ACT
REPORT''
*TABLE FOOTNOTE*
House of Representatives: The Chair of the House Committee on
Government Operations, 2157 RHOB, Washington, D.C. 20515-6143.
*TABLE FOOTNOTE*
Senate: The Chair of the Senate Committee on Governmental
Affairs, 340 SDOB, Washington, D.C. 20510-6250.
*TABLE FOOTNOTE*
Office of Management and Budget: The Administrator of the Office
of Information and Regulatory Affairs, Office of Management and
Budget, ATTN: Docket Library, NEOB Room 3201, Washington, D.C.
20503.
*THIS IS THE END OF A TABLE*
Appendix II to OMB Circular No. A-130
Cost Accounting, Cost Recovery, and Interagency Sharing of
Information Technology Facilities
[This Appendix is unchanged by this revision. See 50 FR 52730
(December 24, 1985).]
Appendix III to OMB Circular No. A-130
Security of Federal Automated Information Systems
[This Appendix is unchanged by this revision. See 50 FR 52730
(December 24, 1985).]
Appendix IV to OMB Circular No. A-130
Analysis of Key Sections
1. Purpose
The purpose of this Appendix is to provide a general context and
explanation for the contents of the key Sections of the Circular.
2. Background
The Paperwork Reduction Act (PRA) of 1980, Public Law 96-511, 94
Stat. 2812, codified at Chapter 35 of Title 44 of the United
States Code, establishes a broad mandate for agencies to perform
their information activities in an efficient, effective, and
economical manner. Section 3504 of the Act provides authority to
the Director, OMB, to develop and implement uniform and
consistent information resources management policies; oversee the
development and promote the use of information management
principles, standards, and guidelines; evaluate agency
information management practices in order to determine their
adequacy and efficiency, and determine compliance of such
practices with the policies, principles, standards, and
guidelines promulgated by the Director.
The Circular implements OMB authority under the Act with respect
to Section 3504(b), general information policy, Section 3504(e),
records management, Section 3504(f), privacy, and Section
3504(g), Federal automatic data processing and
telecommunications; the Privacy Act of 1974 (5 U.S.C. 552a); the
Chief Financial Officers Act (31 U.S.C. 3512 et seq.); Sections
111 and 206 of the Federal Property and Administrative Services
Act of 1949, as amended (40 U.S.C. 759 and 487, respectively);
the Computer Security Act, (40 U.S.C. 759 note); the Budget and
Accounting Act of 1921 (31 U.S.C. 1 et seq.); and Executive Order
No. 12046 of March 27, 1978, and Executive Order No. 12472 of
April 3, 1984, Assignment of National Security and Emergency
Telecommunications Functions. The Circular complements 5 CFR Part
1320, Controlling Paperwork Burden on the Public, which
implements other Sections of the PRA dealing with controlling the
reporting and recordkeeping burden placed on the public.
In addition, the Circular revises and consolidates policy and
procedures in seven previous OMB directives and rescinds those
directives, as follows:
A-3_Government Publications
A-71_Responsibilities for the Administration and Management of
Automatic Data Processing Activities Transmittal Memorandum No. 1
to Circular No. A-71_Security of Federal Automated lnformation
Systems
A-90_Cooperating with State and Local Governments to Coordinate
and Improve Information Systems
A-108_Responsibilities for the Maintenance of Records about
lndividuals by Federal Agencies
A-114_Management of Federal Audiovisual Activities
A-121_Cost Accounting, Cost Recovery, and Interagency Sharing of
Data Processing Facilities
3. Analysis
Section 6, Definitions. Access and Dissemination. The original
Circular No. A-130 distinguished between the terms ``access to
information'' and ``dissemination of information'' in order to
separate statutory requirements from policy considerations. The
first term means giving members of the public, at their request,
information to which they are entitled by a law such as the FOIA.
The latter means actively distributing information to the public
at the initiative of the agency. The distinction appeared useful
at the time Circular No. A-130 was written, because it allowed
OMB to focus discussion on Federal agencies' responsibilities for
actively distributing information. However, popular usage and
evolving technology have blurred differences between the terms
``access'' and ``dissemination'' and readers of the Circular were
confused by the distinction. For example, if an agency
``disseminates'' information via an online computer system, one
speaks of permitting users to ``access'' the information, and
online ``access'' becomes a form of ``dissemination.''
Thus, the revision defines only the term ``dissemination.''
Special considerations based on access statutes such as the
Privacy Act and the FOIA are explained in context.
Government Information
The definition of ``government information'' includes information
created, collected, processed, disseminated, or disposed of both
by and for the Federal Government. This recognizes the
increasingly distributed nature of information in electronic
environments. Many agencies, in addition to collecting
information for government use and for dissemination to the
public, require members of the public to maintain information or
to disclose it to the public. Sound information resources
management dictates that agencies consider the costs and benefits
of a full range of alternatives to meet government objectives. In
some cases, there is no need for the government actually to
collect the information itself, only to assure that it is made
publicly available. For example, banks insured by the FDIC must
provide statements of financial condition to bank customers on
request. Particularly when information is available in electronic
form, networks make the physical location of information
increasingly irrelevant.
The inclusion of information created, collected, processed,
disseminated, or disposed of for the Federal Government in the
definition of ``government information'' does not imply that
responsibility for implementing the provisions of the Circular
itself extends beyond the executive agencies to other entities.
Such an interpretation would be inconsistent with Section 4,
Applicability, and with existing law. For example, the courts
have held that requests to Federal agencies for release of
information under the FOIA do not always extend to those
performing information activities under grant or contract to a
Federal agency. Similarly, grantees may copyright information
where the government may not. Thus the information
responsibilities of grantees and contractors are not identical to
those of Federal agencies except to the extent that the agencies
make them so in the underlying grants or contracts. Similarly,
agency information resources management responsibilities do not
extend to other entities.
Information Dissemination Product
This notice defines the term ``information dissemination
product'' to include all information that is disseminated by
Federal agencies. While the provision of access to online
databases and search software included on compact disk, read-only
memory (CD-ROM) are often called information services rather than
products, there is no clear distinction and, moreover, no real
difference for policy purposes between the two. Thus, the term
``information dissemination product'' applies to both products
and services, and makes no distinction based on how the
information is delivered.
Section 8a(1). Information Management Planning. Parallel to new
Section 7, Basic Considerations and Assumptions, Section 8a
begins with information resources management planning. Planning
is the process of establishing a course of action to achieve
desired results with available resources. Planners translate
organizational missions into specific goals and, in turn, into
measurable objectives.
The PRA introduced the concept of information resources
management and the principle of information as an institutional
resource which has both value and associated costs. Information
resources management is a tool that managers use to achieve
agency objectives. Information resources management is successful
if it enables managers to achieve agency objectives efficiently
and effectively.
Information resources management planning is an integral part of
overall mission planning. Agencies need to plan from the outset
for the steps in the information life cycle. When creating or
collecting information, agencies must plan how they will process
and transmit the information, how they will use it, how they will
protect its integrity, what provisions they will make for access
to it, whether and how they will disseminate it, how they will
store and retrieve it, and finally, how the information will
ultimately be disposed of. They must also plan for the effects
their actions and programs will have on the public and State and
local governments.
The Role of State and Local Governments
OMB made additions at Sections 7a, 7e, and 7j, Basic
Considerations and Assumptions, concerning State and local
governments, and also in policy statements at Sections 8a(1)(c),
(3)(f), (6)(c), 9(e), and 10(c).
State and local governments, and tribal governments, cooperate as
major partners with the Federal Government in the collection,
processing, and dissemination of information. For example, State
governments are the principal collectors and/or producers of
information in the areas of health, welfare, education, labor
markets, transportation, the environment, and criminal justice.
The States supply the Federal Government with data on aid to
families with dependent children; medicare; school enrollments,
staffing, and financing; statistics on births, deaths, and
infectious diseases; population related data that form the basis
for national estimates; employment and labor market data; and
data used for census geography. National information resources
are greatly enhanced through these major cooperating efforts.
Federal agencies need to be sensitive to the role of State and
local governments, and tribal governments, in managing
information and in managing information technology. When
planning, designing, and carrying out information collections,
agencies should systematically consider what effect their
activities will have on cities, counties, and States, and take
steps to involve these governments as appropriate. Agencies
should ensure that their information collections impose the
minimum burden and do not duplicate or conflict with local
efforts or other Federal agency requirements or mandates. The
goal is that Federal agencies routinely integrate State and local
government concerns into Federal information resources management
practices. This goal is consistent with standards for State and
local government review of Federal policies and programs.
Training
Training is particularly important in view of the changing nature
of information resources management. Decentralization of
information technology has placed the management of automated
information and information technology directly in the hands of
nearly all agency personnel rather than in the hands of a few
employees at centralized facilities. Agencies must plan for
incorporating policies and procedures regarding computer
security, records management, protection of privacy, and other
safeguards into the training of every employee and contractor.
Section 8a(2). Information Collection. The PRA requires that the
creation or collection of information be carried out in an
efficient, effective, and economical manner. When Federal
agencies create or collect information_just as when they perform
any other program functions_they consume scarce resources. Such
activities must be continually evaluated for their relevance to
agency missions.
Agencies must justify the creation or collection of information
based on their statutory functions. Policy statement 8a(2) uses
the justification standard_``necessary for the proper performance
of the functions of the agency''_established by the PRA (44
U.S.C. 3504(c)(2)). Furthermore, the policy statement includes
the requirement that the information have practical utility, as
defined in the PRA (44 U.S.C. 3502(16)) and elaborated in 5 CFR
Part 1320. Practical utility includes such qualities of
information as accuracy, adequacy, and reliability. In the case
of general purpose statistics or recordkeeping, practical utility
means that actual uses can be demonstrated (5 CFR 1320.7(o)). It
should be noted that OMB's intent in placing emphasis on reducing
unjustified burden in collecting information, an emphasis
consistent with the Act, is not to diminish the importance of
collecting information whenever agencies have legitimate program
reasons for doing so. Rather, the concern is that the burdens
imposed should not exceed the benefits to be derived from the
information. Moreover, if the same benefit can be obtained by
alternative means that impose a lesser burden, that alternative
should be adopted.
Section 8a(3). Electronic Information Collection. Section 7l
articulates a basic assumption of the Circular that modern
information technology can help the government provide better
service to the public through improved management of government
programs. One potentially useful application of information
technology is in the government's collection of information.
While some information collections may not be good candidates for
electronic techniques, many are. Agencies with major electronic
information collection programs have found that automated
information collections allow them to meet program objectives
more efficiently and effectively. Electronic data interchange
(EDI) and related standards for the electronic exchange of
information will ease transmission and processing of routine
business transaction information such as invoices, purchase
orders, price information, bills of lading, health insurance
claims, and other common commercial documents. EDI holds similar
promise for the routine filing of regulatory information such as
tariffs, customs declarations, license applications, tax
information, and environmental reports.
Benefits to the public and agencies from electronic information
collection appear substantial. Electronic methods of collection
reduce paperwork burden, reduce errors, facilitate validation,
and provide increased convenience and more timely receipt of
benefits.
The policy in Section 8a(3) encourages agencies to explore the
use of automated techniques for collection of information, and
sets forth conditions conducive to the use of those techniques.
Section 8a(4). Records Management. Section 8a(4) begins with the
fundamental requirement for Federal records management, namely,
that agencies create and keep adequate and proper documentation
of their activities. Federal agencies cannot carry out their
missions in a responsible and responsive manner without adequate
recordkeeping. Section 7h articulates the basic considerations
concerning records management. Policy statements concerning
records management are also interwoven throughout Section 8a,
particularly in subsections on planning (8a(1)(i)), information
dissemination (8a(7)), and safeguards (8a(10)).
Records support the immediate needs of government_administrative,
legal, fiscal_and ensure its continuity. Records are essential
for protecting the rights and interests of the public, and for
monitoring the work of public servants. The government needs
records to ensure accountability to the public which includes
making the information available to the public.
Each stage of the information life cycle carries with it records
management responsibilities. Agencies need to record their plans,
carefully document the content and procedures of information
collection, ensure proper documentation as a feature of every
information system, keep records of dissemination programs, and,
finally, ensure that records of permanent value are preserved.
Preserving records for future generations is the archival
mission. Advances in technology affect the amount of information
that can be created and saved, and the ways this information can
be made available. Technological advances can ease the task of
records management; however, the rapid pace of change in modern
technology makes decisions about the appropriate application of
technology critical to records management. Increasingly the
records manager must be concerned with preserving valuable
electronic records in the context of a constantly changing
technological environment.
Records schedules are essential for the appropriate maintenance
and disposition of records. Records schedules must be prepared in
a timely fashion, implement the General Records Schedules issued
by the National Archives and Records Administration, be approved
by the Archivist of the United States, and be kept accurate and
current. (See 44 U.S.C. 3301 et seq.) The National Archives and
Records Administration and the General Services Administration
provide guidance and assistance to agencies in implementing
records management responsibilities. They also evaluate agencies'
records management programs to determine the extent to which they
are appropriately implementing their records management
responsibilities.
Sections 8a(5) and 8a(6). Information Dissemination Policy.
Section 8a(5). Providing information to the public. Every agency
has a responsibility to inform the public within the context of
its mission. This responsibility requires that agencies
distribute information at the agency's initiative, rather than
merely responding when the public requests information.
The FOIA requires each agency to publish in the Federal Register
current descriptions of agency organization, where and how the
public may obtain information, the general methods and procedural
requirements by which agency functions are determined, rules of
procedure, descriptions of forms and how to obtain them,
substantive regulations, statements of general policy, and
revisions to all the foregoing (5 U.S.C. 552(a)(1)). The Privacy
Act also requires publication of information concerning ``systems
of records'' which are records retrieved by individual identifier
such as name, Social Security Number, or fingerprint. The
government in the Sunshine Act requires agencies to publish
meeting announcements (5 U.S.C. 552b (e)(1)). The PRA (44 U.S.C.
3507(a)(2)) and its implementing regulations (5 CFR Part 1320)
require agencies to publish notices when they submit information
collection requests for OMB approval. The public's right of
access to government information under these statutes is balanced
against other concerns, such as an individual's right to privacy
and protection of the government's deliberative process.
As agencies satisfy these requirements, they provide the public
basic information about government activities. Other statutes
direct specific agencies to issue specific information
dissemination products or to conduct information dissemination
programs. Beyond generic and specific statutory requirements,
agencies have responsibilities to disseminate information as a
necessary part of performing their functions. For some agencies
the responsibility is made explicit and sweeping; for example,
the Agriculture Department is directed to ``.1A.1A. diffuse among
people of the United States, useful information on subjects
connected with agriculture. .1A.1A.'' (7 U.S.C. 2201) For other
agencies, the responsibility may be much more narrowly drawn.
Information dissemination is also a consequence of other agency
activities. Agency programs normally include an organized effort
to inform the public about the program. Most agencies carry out
programs that create or collect information with the explicit or
implicit intent that the information will be made public.
Disseminating information is in many cases the logical extension
of information creation or collection.
In other cases, agencies may have information that is not meant
for public dissemination but which may be the subject of requests
from the public. When the agency establishes that there is public
demand for the information and that it is in the public interest
to disseminate the information, the agency may decide to
disseminate it automatically.
The policy in Section 8a(5)(d) sets forth several factors for
agencies to take into account in conducting their information
dissemination programs. First, agencies must balance two goals:
maximizing the usefulness of the information to the government
and the public, and minimizing the cost to both. Deriving from
the basic purposes of the PRA (44 U.S.C. 3501), the two goals are
frequently in tension because increasing usefulness usually costs
more. Second, Section 8a(5)(d)(ii) requires agencies to conduct
information dissemination programs equitably and in a timely
manner. The word ``equal'' was removed from this Section since
there may be instances where, for example, an agency determines
that its mission includes disseminating information to certain
specific groups or members of the public, and the agency
determines that user charges will constitute a significant
barrier to carrying out this responsibility.
Section 8a(5)(d)(iii), requiring agencies to take advantage of
all dissemination channels, recognizes that information reaches
the public in many ways. Few persons may read a Federal Register
notice describing an agency action, but those few may be major
secondary disseminators of the information. They may be
affiliated with publishers of newspapers, newsletters,
periodicals, or books; affiliated with online database providers;
or specialists in certain information fields. While millions of
information users in the public may be affected by the agency's
action, only a handful may have direct contact with the agency's
own information dissemination products. As a deliberate strategy,
therefore, agencies should cooperate with the information's
original creators, as well as with secondary disseminators, in
order to further information dissemination goals and foster a
diversity of information sources. An adjunct responsibility to
this strategy is reflected in Section 8a(5)(d)(iv), which directs
agencies to assist the public in finding government information.
Agencies may accomplish this, for example, by specifying and
disseminating ``locator'' information, including information
about content, format, uses and limitations, location, and means
of access.
Section 8a(6). Information Dissemination Management System. This
Section requires agencies to maintain an information
dissemination management system which can ensure the routine
performance of certain functions, including the essential
functions previously required by Circular No. A-3. Smaller
agencies need not establish elaborate formal systems, so long as
the heads of the agencies can ensure that the functions are being
performed.
Subsection (6)(a) carries over a requirement from OMB Circular
No. A-3 that agencies' information dissemination products are to
be, in the words of 44 U.S.C. 1108, ``necessary in the
transaction of the public business required by law of the
agency.'' (Circular No. A-130 uses the expression ``necessary for
the proper performance of agency functions,'' which OMB considers
to be equivalent to the expression in 44 U.S.C. 1108.) The point
is that agencies should determine systematically the need for
each information dissemination product.
Section 8a(6)(b) recognizes that to carry out effective
information dissemination programs, agencies need knowledge of
the marketplace in which their information dissemination products
are placed. They need to know what other information
dissemination products users have available in order to design
the best agency product. As agencies are constrained by finite
budgets, when there are several alternatives from which to
choose, they should not expend public resources filling needs
which have already been met by others in the public or private
sector. Agencies have a responsibility not to undermine the
existing diversity of information sources.
At the same time, an agency's responsibility to inform the public
may be independent of the availability or potential availability
of a similar information dissemination product. That is, even
when another governmental or private entity has offered an
information dissemination product identical or similar to what
the agency would produce, the agency may conclude that it
nonetheless has a responsibility to disseminate its own product.
Agencies should minimize such instances of duplication but could
reach such a conclusion because legal considerations require an
official government information dissemination product.
Section 8a(6)(c) makes the Circular consistent with current
practice (See OMB Bulletins 88-15, 89-15, 90-09, and 91-16), by
requiring agencies to establish and maintain inventories of
information dissemination products. (These bulletins eliminated
annual reporting to OMB of title-by-title listings of
publications and the requirement for agencies to obtain OMB
approval for each new periodical. Publications are now reviewed
as necessary during the normal budget review process.)
Inventories help other agencies and the public identify
information which is available. This serves both to increase the
efficiency of the dissemination function and to avoid unnecessary
burdens of duplicative information collections. A corollary,
enunciated in Section 8a(6)(d), is that agencies can better serve
public information needs by developing finding aids for locating
information produced by the agencies. Finally, Section 8a(6)(f)
recognizes that there will be situations where agencies may have
to take appropriate steps to ensure that members of the public
with disabilities whom the agency has a responsibility to inform
have a reasonable ability to access the information dissemination
products.
Depository Library Program
Sections 8a(6)(g) and (h) pertain to the Federal Depository
Library Program. Agencies are to establish procedures to ensure
compliance with 44 U.S.C. 1902, which requires that government
publications (defined in 44 U.S.C. 1901 and repeated in Section 6
of the Circular) be made available to depository libraries
through the Government Printing Office (GPO).
Depository libraries are major partners with the Federal
Government in the dissemination of information and contribute
significantly to the diversity of information sources available
to the public. They provide a mechanism for wide distribution of
government information that guarantees basic availability to the
public. Executive branch agencies support the depository library
program both as a matter of law and on its merits as a means of
informing the public about the government. On the other hand, the
law places the administration of depository libraries with GPO.
Agency responsibility for the depository libraries is limited to
supplying government publications through GPO.
Agencies can improve their performance in providing government
publications as well as electronic information dissemination
products to the depository library program. For example, the
proliferation of ``desktop publishing'' technology in recent
years has afforded the opportunity for many agencies to produce
their own printed documents. Many such documents may properly
belong in the depository libraries but are not sent because they
are not printed at GPO. The policy requires agencies to establish
management controls to ensure that the appropriate documents
reach the GPO for inclusion in the depository library program.
At present, few agencies provide electronic information
dissemination products to the depository libraries. At the same
time, a small but growing number of information dissemination
products are disseminated only in electronic format.
OMB believes that, as a matter of policy, electronic information
dissemination products generally should be provided to the
depository libraries. Given that production and supply of
information dissemination products to the depository libraries is
primarily the responsibility of GPO, agencies should provide
appropriate electronic information dissemination products to GPO
for inclusion in the depository library program.
While cost may be a consideration, agencies should not conclude
without investigation that it would be prohibitively expensive to
place their electronic information dissemination products in the
depository libraries. For electronic information dissemination
products other than online services, agencies may have the option
of having GPO produce the information dissemination product for
them, in which case GPO would pay for depository library costs.
Agencies should consider this option if it would be a cost
effective alternative to the agency making its own arrangements
for production of the information dissemination product. Using
GPO's services in this manner is voluntary and at the agency's
discretion. Agencies could also consider negotiating other terms,
such as inviting GPO to participate in agency procurement orders
in order to distribute the necessary copies for the depository
libraries. With adequate advance planning, agencies should be
able to provide electronic information dissemination products to
the depository libraries at nominal cost.
In a particular case, substantial cost may be a legitimate reason
for not providing an electronic information dissemination product
to the depository library program. For example, for an agency
with a substantial number of existing titles of electronic
information dissemination products, furnishing copies of each to
the depository libraries could be prohibitively expensive. In
that situation, the agency should endeavor to make available
those titles with the greatest general interest, value, and
utility to the public. Substantial cost could also be an
impediment in the case of some online information services where
the costs associated with operating centralized databases would
make provision of unlimited direct access to numerous users
prohibitively expensive. In both cases, agencies should consult
with the GPO, in order to identify those information
dissemination products with the greatest public interest and
utility for dissemination. In all cases, however, where an agency
discontinues publication of an information dissemination product
in paper format in favor of electronic formats, the agency should
work with the GPO to ensure availability of the information
dissemination product to depository libraries.
Notice to the Public
Sections 8a(6)(i) and (j) present new practices for agencies to
observe in communicating with the public about information
dissemination. Among agencies' responsibilities for dissemination
is an active knowledge of, and regular consultation with, the
users of their information dissemination products. A primary
reason for communication with users is to gain their contribution
to improving the quality and relevance of government
information_how it is created, collected, and disseminated.
Consultations with users might include participation at
conferences and workshops, careful attention to correspondence
and telephone communications (e.g., logging and analyzing
inquiries), or formalized user surveys.
A key part of communicating with the public is providing adequate
notice of agency information dissemination plans. Because
agencies' information dissemination actions affect other agencies
as well as the public, agencies must forewarn other agencies of
significant actions. The decision to initiate, terminate, or
substantially modify the content, form, frequency, or
availability of significant products should also trigger
appropriate advance public notice. Where appropriate, the
Government Printing Office should be notified directly.
Information dissemination products deemed not to be significant
require no advance notice.
Examples of significant products (or changes to them) might be
those that:
(a) are required by law; e.g., a statutorily mandated report to
Congress;
(b) involve expenditure of substantial funds;
(c) by reason of the nature of the information, are matters of
continuing public interest; e.g., a key economic indicator;
(d) by reason of the time value of the information, command
public interest; e.g., monthly crop reports on the day of their
release;
(e) will be disseminated in a new format or medium; e.g.,
disseminating a printed product in electronic medium, or
disseminating a machine-readable data file via on-line access.
Where members of the public might consider a proposed new agency
product unnecessary or duplicative, the agency should solicit and
evaluate public comments. Where users of an agency information
dissemination product may be seriously affected by the
introduction of a change in medium or format, the agency should
notify users and consider their views before instituting the
change. Where members of the public consider an existing agency
product important and necessary, the agency should consider these
views before deciding to terminate the product. In all cases,
however, determination of what is a significant information
dissemination product and what constitutes adequate notice are
matters of agency judgment.
Achieving Compliance with the Circular's Requirements
Section 8a(6)(k) requires that the agency information
dissemination management system ensure that, to the extent
existing information dissemination policies or practices are
inconsistent with the requirements of this Circular, an orderly
transition to compliance with the requirements of this Circular
is made. For example, some agency information dissemination
products may be priced at a level which exceeds the cost of
dissemination, or the agency may be engaged in practices which
are otherwise unduly restrictive. In these instances, agencies
must plan for an orderly transition to the substantive policy
requirements of the Circular. The information dissemination
management system must be capable of identifying these situations
and planning for a reasonably prompt transition. Instances of
existing agency practices which cannot immediately be brought
into conformance with the requirements of the Circular are to be
addressed through the waiver procedures of Section 10(b).
Section 8a(7). Avoiding Improperly Restrictive Practices. Federal
agencies are often the sole suppliers of the information they
hold. The agencies have either created or collected the
information using public funds, usually in furtherance of unique
governmental functions, and no one else has it. Hence agencies
need to take care that their behavior does not inappropriately
constrain public access to government information.
When agencies use private contractors to accomplish
dissemination, they must take care that they do not permit
contractors to impose restrictions that undercut the agencies'
discharge of their information dissemination responsibilities.
The contractual terms should assure that, with respect to
dissemination, the contractor behaves as though the contractor
were the agency. For example, an agency practice of selling,
through a contractor, on-line access to a database but refusing
to sell copies of the database itself may be improperly
restrictive because it precludes the possibility of another firm
making the same service available to the public at a lower price.
If an agency is willing to provide public access to a database,
the agency should be willing to sell copies of the database
itself.
By the same reasoning, agencies should behave in an even-handed
manner in handling information dissemination products. If an
agency is willing to sell a database or database services to some
members of the public, the agency should sell the same products
under similar terms to other members of the public, unless
prohibited by statute. When an agency decides it has public
policy reasons for offering different terms of sale to different
groups in the public, the agency should provide a clear statement
of the policy and its basis.
Agencies should not attempt to exert control over the secondary
uses of their information dissemination products. In particular,
agencies should not establish exclusive, restricted, or other
distribution arrangements which interfere with timely and
equitable availability of information dissemination products, and
should not charge fees or royalties for the resale or
redissemination of government information. These principles
follow from the fact that the law prohibits the Federal
Government from exercising copyright.
Agencies should inform the public as to the limitations inherent
in the information dissemination product (e.g., possibility of
errors, degree of reliability, and validity) so that users are
fully aware of the quality and integrity of the information. If
circumstances warrant, an agency may wish to establish a
procedure by which disseminators of the agency's information may
at their option have the data and/or value-added processing
checked for accuracy and certified by the agency. Using this
method, rediseminators of the data would be able to respond to
the demand for integrity from purchasers and users. This approach
could be enhanced by the agency using its authority to trademark
its information disseminaton product, and requiring that
redisseminators who wish to use the trademark agree to
appropriate integrity procedures. These methods have the
possibility of promoting diversity, user responsiveness, and
efficiency as well as integrity. However, an agency's
responsibility to protect against misuse of a government
information dissemination product does not extend to restricting
or regulating how the public actually uses the information.
Agencies should not attempt to condition the resale or
redissemination of its information dissemination products by
members of the public.
User charges
Title 5 of the Independent Offices Appropriations Act of 1952 (31
U.S.C. 9701) establishes Federal policy regarding fees assessed
for government services, and for sale or use of government
property or resources. OMB Circular No. A-25, User Charges,
implements the statute. It provides for charges for government
goods and services that convey special benefits to recipients
beyond those accruing to the general public. It also establishes
that user charges should be set at a level sufficient to recover
the full cost of providing the service, resource, or property.
Since Circular No. A-25 is silent as to the extent of its
application to government information dissemination products,
full cost recovery for information dissemination products might
be interpreted to include the cost of collecting and processing
information rather than just the cost of dissemination. The
policy in Section 8a(8)(c) clarifies the policy of Circular No.
A-25 as it applies to information dissemination products.
Statutes such as FOIA and the Government in the Sunshine Act
establish a broad and general obligation on the part of Federal
agencies to make government information available to the public
and to avoid erecting barriers that impede public access. User
charges higher than the cost of dissemination may be a barrier to
public access. The economic benefit to society is maximized when
government information is publicly disseminated at the cost of
dissemination. Absent statutory requirements to the contrary, the
general standard for user charges for government information
dissemination products should be to recover no more than the cost
of dissemination. It should be noted in this connection that the
government has already incurred the costs of creating and
processing the information for governmental purposes in order to
carry out its mission.
Underpinning this standard is the FOIA fee structure which
establishes limits on what agencies can charge for access to
Federal records. That Act permits agencies to charge only the
direct reasonable cost of search, reproduction and, in certain
cases, review of requested records. In the case of FOIA requests
for information dissemination products, charges would be limited
to reasonable direct reproduction costs alone. No search would be
needed to find the product, thus no search fees would be charged.
Neither would the record need to be reviewed to determine if it
could be withheld under one of the Act's exemptions since the
agency has already decided to release it. Thus, FOIA provides an
information ``safety net'' for the public.
While OMB does not intend to prescribe procedures for pricing
government information dissemination products, the cost of
dissemination may generally be thought of as the sum of all costs
specifically associated with preparing a product for
dissemination and actually disseminating it to the public. When
an agency prepares an information product for its own internal
use, costs associated with such production would not generally be
recoverable as user charges on subsequent dissemination. When the
agency prepares the product for public dissemination, and
disseminates it, costs associated with preparation and actual
dissemination would be recoverable as user charges.
When agencies provide custom tailored information services to
specific individuals or groups, full cost recovery, including the
costs of collection and processing, is appropriate. For example,
if an agency prepares special tabulations or similar services
from its databases in answer to a specific request from the
public, all costs associated with fulfilling the request would be
charged, and the requester should be so informed before work is
begun.
In a few cases, agencies engaging in information collection
activities augment the information collection at the request of,
and with funds provided by, private sector groups. Since the
1920s, the Bureau of the Census has carried out, on request,
surveys of certain industries at greater frequency or at a
greater level of detail than Federal funding would permit,
because gathering the additional information is consistent with
Federal purposes and industry groups have paid the additional
information collection and processing costs. While the results of
these surveys are disseminated to the public at the cost of
dissemination, the existence and availability of the additional
government data are special benefits to certain recipients beyond
those accruing to the public. It is appropriate that those
recipients should bear the full costs of information collection
and processing, in addition to the normal costs of dissemination.
Agencies must balance the requirement to establish user charges
and the level of fees charged against other policies,
specifically, the proper performance of agency functions and the
need to ensure that information dissemination products reach the
public for whom they are intended. If an agency mission includes
disseminating information to certain specific groups or members
of the public and the agency determines that user charges will
constitute a significant barrier to carrying out this
responsibility, the agency may have grounds for reducing or
eliminating its user charges for the information dissemination
product, or for exempting some recipients from the charge. Such
reductions or eliminations should be the subject of agency
determinations on a case by case basis and justified in terms of
agency policies.
Section 8a(8). Electronic Information Dissemination. Advances in
information technology have changed government information
dissemination. Agencies now have available new media and formats
for dissemination, including CD-ROM, electronic bulletin boards,
and public networks. The growing public acceptance of electronic
data interchange (EDI) and similar standards enhances their
attractiveness as methods for government information
dissemination. For example, experiments with the use of
electronic bulletin boards to advertise Federal contracting
opportunities and to receive vendor quotes have achieved wider
dissemination of information about business opportunities with
the Federal Government than has been the case with traditional
notices and advertisements. Improved information dissemination
has increased the number of firms expressing interest in
participating in the government market and decreased prices to
the government due to expanded competition. In addition, the
development of public electronic information networks, such as
the Internet, provides an additional way for agencies to increase
the diversity of information sources available to the public.
Emerging standards such as Wide Area Information Servers (using
the NISO Z39.50 standard) will be used increasingly to facilitate
dissemination of government information such as environmental
data, international trade information, and economic statistics in
a networked environment.
A basic purpose of the PRA is ``to maximize the usefulness of
information collected, maintained, and disseminated by the
Federal Government.'' (44 U.S.C. 3501(3)) Agencies can frequently
enhance the value and practical utility of government information
as a national resource by disseminating information in electronic
media. Electronic collection and dissemination may substantially
increase the usefulness of government information dissemination
products for three reasons. First, information disseminated
electronically is likely to be more timely and accurate because
it does not require data re-entry. Second, electronic records
often contain more complete and current information because,
unlike paper, it is relatively easy to make frequent changes.
Finally, because electronic information is more easily
manipulated by the user and can be tailored to a wide variety of
needs, electronic information dissemination products are more
useful to the recipients.
As stated at Section 8a(1)(h), agencies should use voluntary
standards and Federal Information Processing Standards to the
extent appropriate in order to ensure the most cost effective and
widespread dissemination of information in electronic formats.
Agencies can frequently make government information more
accessible to the public and enhance the utility of government
information as a national resource by disseminating information
in electronic media. Agencies generally do not utilize data in
raw form, but edit, refine, and organize the data in order to
make it more accessible and useful for their own purposes.
Information is made more accessible to users by aggregating data
into logical groupings, tagging data with descriptive and other
identifiers, and developing indexing and retrieval systems to
facilitate access to particular data within a larger file. As a
general matter, and subject to budgetary, security, or legal
constraints, agencies should make available such features
developed for internal agency use as part of their information
dissemination products.
There will also be situations where the agency determines that
its mission will be furthered by providing enhancements beyond
those needed for its own use, particularly those that will
improve the public availability of government information over
the long term. In these instances, the agency should evaluate the
expected usefulness of the enhanced information in light of its
mission, and where appropriate construct partnerships with the
private sector to add these elements of value. This approach may
be particularly appropriate as part of a strategy to utilize new
technology enhancements, such as graphic images, as part of a
particular dissemination program.
Section 8a(9). Information Safeguards. The basic premise of this
Section is that agencies should provide an appropriate level of
protection to government information, given an assessment of the
risks associated with its maintenance and use. Among the factors
to be considered include meeting the specific requirements of the
Privacy Act of 1974 and the Computer Security Act of 1987.
In particular, agencies are to ensure that they meet the
requirements of the Privacy Act regarding information retrievable
by individual identifier. Such information is to be collected,
maintained, and protected so as to preclude intrusion into the
privacy of individuals and the unwarranted disclosure of personal
information. Individuals must be accorded access and amendment
rights to records, as provided in the Privacy Act. To the extent
that agencies share information which they have a continuing
obligation to protect, agencies should see that appropriate
safeguards are instituted. Appendix I prescribes agency
procedures for the maintenance of records about individuals,
reporting requirements to OMB and Congress, and other special
requirements of specific agencies, in accordance with the Privacy
Act.
This Section also incorporates the requirement of the Computer
Security Act of 1987 that agencies plan to secure their systems
commensurate with the risk and magnitude of loss or harm that
could result from the loss, misuse, or unauthorized access to
information contained in those systems. It includes assuring the
integrity, availability, and appropriate confidentiality of
information. It also involves protection against the harm that
could occur to individuals or entities outside of the Federal
Government as well as the harm to the Federal Government. Such
protection includes limits on collection and sharing of
information and procedures to assure the integrity of information
as well as requirements to adequately secure the information.
Incorporation of Circular No. A-114
OMB Circular No. A-114, Management of Federal Audiovisual
Activities, last revised on March 20, 1985, prescribes policies
and procedures to improve Federal audiovisual management.
Although OMB will rescind Circular No. A-114, its essential
policies and procedures will continue. This revision provides
information resources management policies and principles
independent of medium, including paper, electronic, or
audiovisual. By including the term ``audiovisual'' in the
definition of ``information,'' audiovisual materials are
incorporated into all policies of this Circular.
The requirement in Circular No. A-114 that the head of each
agency designate an office with responsibility for the management
oversight of an agency's audiovisual productions and that an
appropriate program for the management of audiovisual productions
in conformance with 36 CFR 1232.4 is incorporated into this
Circular at Section 9a(10). The requirement that audiovisual
activities be obtained consistent with OMB Circular No. A-76 is
covered by Sections 8a(1)(d), 8a(5)(d)(i) and 8a(6)(b).
Procurement policies contained in Circular No. A-114 will be
incorporated into an Office of Federal Procurement Policy Letter.
The National Archives and Records Administration will continue to
prescribe the records management and archiving practices of
agencies with respect to audiovisual productions at 36 CFR
1232.4, ``Audiovisual Records Management.''
Section 9a(11). Ombudsman. The senior agency official designated
by the head of each agency under 44 U.S.C. 3506(b) is charged
with carrying out the responsibilities of the agency under the
PRA. Agency senior information resources management officials are
responsible for ensuring that their agency practices are in
compliance with OMB policies. It is envisioned that the agency
senior information resources management official will work as an
ombudsman to investigate alleged instances of agency failure to
adhere to the policies set forth in the Circular and to recommend
or take corrective action as appropriate. Agency heads should
continue to use existing mechanisms to ensure compliance with
laws and policies.
* * * * *
[The remainder of Appendix IV, which covers sections not changed
in this revision, is also unchanged. See 50 FR 52730 (December
24, 1985).]
[FRDoc. ??-???? Filed ?-??-93; 8:45 am]
BILLING CODE 3110-01-F