[Federal Register Volume 59, Number 141 (Monday, July 25, 1994)]
[Unknown Section]
[Page 0]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 94-18007]


[[Page Unknown]]

[Federal Register: July 25, 1994]


_______________________________________________________________________

Part V





Office of Management and Budget





_______________________________________________________________________




Management of Federal Information Resources; Notice
OFFICE OF MANAGEMENT AND BUDGET

 
Management of Federal Information Resources

AGENCY: Office of Management and Budget, Executive Office of the 
President.

ACTION: Revision of OMB Circular No. A-130, Transmittal 2, Management 
of Federal Information Resources.

-----------------------------------------------------------------------

SUMMARY: The Office of Management and Budget is revising Circular No. 
A-130, Management of Federal Information Resources (hereafter referred 
to as Circular A-130). The revision is being done in stages.
    Transmittal 1 to Circular A-130, effective June 25, 1993, and 
published on July 2, 1993 (58 FR 36068) addressed the Information 
Management Policy section of the Circular (Section 8a), as well as 
Appendix I, ``Federal Agency Responsibilities for Maintaining Records 
About Individuals.'' That issuance dealt primarily with how the Federal 
government manages its information holdings, particularly information 
exchange with the public.
    The revisions contained herein address agencies' internal 
management practices for information systems and information technology 
(Section 8b). These revisions to the circular: (1) promote agency 
investments in information technology that improve service delivery to 
the public, reduce burden on the public, and lower the cost of Federal 
program administration; (2) encourage agencies to use information 
technology as a strategic resource to promote fundamental reevaluation 
of federal agency work processes, organizational structures, and ways 
of interacting with the public; and (3) recognize the changes in the 
technical, legal, and operational environment that agencies face when 
managing information technology.
    Also, the revisions make minor changes to Section 5, 
``Background,'' Section 6, ``Definitions,'' Section 7, ``Basic 
Considerations and Assumptions,'' and Appendix IV, ``Analysis of Key 
Sections'' of the Circular.

DATE: The revisions to the Circular are effective July 15, 1994.

ELECTRONIC AVAILABILITY: This document is available in electronic form 
at no charge from FEDWORLD, a service of the National 
Technical Information Service. To access the document using a computer 
and a modem, dial (703) 321-8020; from the Internet, telnet to 
fedworld.gov (192.239.92.201). From the FEDWORLD menu, enter ``fsw-
house'', which will connect you to the White House Library of files. At 
the White House Library, enter ``fka130'', which will list all files in 
the system associated with OMB Circular A-130. The revised circular 
will be clearly marked with the word ``REVISED.'' These files can also 
be accessed using the Internet File Transfer Protocol by connecting to 
ftp.fedworld.gov (192.239.92.205). Go to directory ``w-house'' and look 
for files beginning with ``A-130.''

FOR FURTHER INFORMATION CONTACT: All questions or inquiries should be 
addressed to the Office of Information and Regulatory Affairs, Office 
of Management and Budget, Washington, D.C. 20503. Telephone: (202) 395-
3785. Interested parties may obtain copies of the original OMB Circular 
A-130 (50 FR 52730) and Transmittal 1 (58 FR 36070) from the Executive 
Office of the President, Publications Services, by calling (202) 395-
7732, between 9 am and 4 pm EST.

SUPPLEMENTARY INFORMATION

Background

    The Paperwork Reduction Act (44 U.S.C. Chapter 35) assigns the 
Director of the Office of Management and Budget (OMB) responsibility 
for maintaining a comprehensive set of information resources management 
policies, and for promoting the application of information technology 
to improve the use and dissemination of information in the operation of 
Federal programs. To fulfill these responsibilities, OMB originally 
issued Circular No. A-130, Management of Federal Information Resources 
(50 FR 52730; December 24, 1985), which provided a policy framework for 
Federal information resources management (IRM). Since the Circular was 
issued in 1985, Congress has enacted several laws bearing on the 
information technology management section of the Circular, especially 
amendments to the Paperwork Reduction Act (Pub. L. 99-500).
    OMB published four notices relating to this revision of the 
Circular. On March 4, 1991, OMB published a notice setting forth plans 
for revising all of the Circular (56 FR 9026) and on April 29, 1992, 
OMB specifically requested comments on topics for the proposed revision 
to Section 8b, Information Systems and Information Technology 
Management, of the Circular (57 FR 18296). On July 2, 1993, OMB 
published a notice (58 FR 36068) amending most of the Circular; in that 
notice, OMB stated its plans for amending other parts of the Circular 
(58 FR 36069-70). On September 10, 1993, OMB published a notice (58 FR 
47790) requesting comment on the proposed changes to the information 
technology portion of the Circular.

Structure of this Revision

    This revision substantially reorganizes Section 8b, Information 
Systems and Information Technology Management, which was issued in 1985 
(50 FR 52736-37, December 24, 1985). For the convenience of readers of 
the circular, this issuance fully incorporates and supersedes 
Transmittal 1 of Circular A-130, which revised Section 8a and other 
related sections dealing with information management (58 FR 36070, July 
2, 1993). This revision primarily addresses portions of the Circular 
that were not revised in the July 1993 Federal Register notice (i.e., 
Section 8b and Appendix II). However, this issuance also affects 
Section 5, Background, Section 6, Definitions, Section 7, Basic 
Considerations and Assumptions, and Appendix IV, Analysis of Key 
Sections, which were previously revised in the July 1993 notice.
    Outline of Circular A-130 [as Revised]:
    1. Purpose: [Unchanged; see 58 FR 36070]
    2. Rescissions: [Unchanged; see 58 FR 36070]
    3. Authorities: [Unchanged; see 58 FR 36070]
    4. Applicability and Scope: [Unchanged; see 58 FR 36070]
    5. Background: [Changed]
    6. Definitions: [Changed]
    7. Basic Considerations and Assumptions: [Changed]
    8. Policies:
    a. Information Management Policy: [Unchanged; see 58 FR 36071-73]
    b. Information Systems and Information Technology Management: 
[Changed]
    9. Assignment of Responsibilities: [Unchanged; see 58 FR 36073-74]
    10. Oversight: [Unchanged; see 58 FR 36074]
    11. Effectiveness: [Unchanged; see 58 FR 36074]
    12. Inquiries: [Unchanged; see 58 FR 36074]
    13. Sunset Review Date: [Unchanged; see 58 FR 36075]
    Appendix I: Federal Agency Responsibilities for Maintaining Records 
about Individuals [Unchanged; see 58 FR 36075-79]
    Appendix II: Cost Accounting, Cost Recovery, and Interagency 
Sharing of Information Technology Facilities [Deleted]
    Appendix III: Security of Federal Automated Information Systems 
[Unchanged; see 50 FR 52742-44]
    Appendix IV: Analysis of Key Sections [Changed]

Summary of Revisions

    Section 5. Background. This revision substitutes the term 
``information resources management'' for the term ``information 
management'' in the first sentence.
    Section 6. Definitions.
    This revision to the Circular adds definitions for the terms ``full 
costs,'' ``information management,'' ``information resources,'' 
``information processing service organization,'' ``information systems 
life cycle,'' ``major information systems,'' and ``service recipient.'' 
In addition, the revision amends the definitions for the terms 
``information resources management'' and ``information system.'' The 
following summarizes the changes to Section 6.
    The term ``full costs'' describes the costs agencies should account 
for when charging for services provided by an Information Processing 
Service Organization (IPSO). This definition is changed from the 
September 10, 1993, proposal (58 FR 47793). The new definition has been 
made more detailed in response to agency comments.
    The term ``information management'' is defined to distinguish the 
management of information from the management of information technology 
where necessary.
    The term ``information resources,'' implied in Circular A-130's 
previous definition of ``information resources management'' (Sec. 6i, 
58 FR 36070), is defined specifically in order to broaden the 
applicability of some policy statements beyond just information 
technology or just information.
    The term ``information resources management'' is changed from the 
July 2, 1993, issuance (Sec. 6i, 58 FR 36070) to emphasize the process 
of managing information resources instead of listing management 
activities for information resources.
    The term ``information system'' is changed from the July 2, 1993, 
issuance (Sec. 6j, 58 FR 36070) to stress that information systems are 
discrete sets of resources--not just processes.
    ``Information systems life cycle,'' a term formerly contained in 
Appendix IV (50 FR 52749), is moved into Section 6 consistent with the 
discussion of information systems management oversight in Section 
8b(3).
    The new term ``information processing services organization'' 
(IPSO) replaces the term ``information technology facility'' (Sec. 6l, 
58 FR 36071), which is deleted. This final issuance defines the term 
differently than proposed (Sec. 6l, 58 FR 47793) in response to agency 
comments.
    The definition of ``major information system'' is changed slightly 
from the proposal (Sec. 6m, 58 FR 47793) for clarity.
    ``Service recipient'' is a new term used solely in the context of 
interagency sharing or cross-servicing of information resources for 
purposes of establishing charge-back mechanisms. This term is being 
adopted rather than the term ``user'' proposed in the September 10, 
1993, notice (Sec. 6t, 58 FR 47793).
    Section 7. Basic Considerations and Assumptions.
    The September 10, 1993, notice proposed to amend two statements of 
basic considerations and assumptions (Sec. 7i and 7l), and to add one 
(Sec. 7n) (58 FR 47793). This notice amends Section 7i, as proposed; 
adds a new Section 7n, revised from the proposal; amends Section 7l, 
with most of the proposed revision being moved to new Sections 7o and 
7p; and adds a new Section 7q. These changes address:
    (1) The need for agencies to apply information resources to meet 
the mission needs of the agency as agreed upon through agency strategic 
planning processes,
    (2) The need for skills, training, and knowledge to support the 
management of information resources as the government moves toward 
program delivery to the public that relies more heavily on automation, 
and
    (3) The need for federal managers with program delivery 
responsibilities to assume responsibility for the effective stewardship 
of information resources to fulfill mission needs.
    (4) One basic consideration and assumption proposed (Section 7l, 58 
FR 47793) is split into two separate statements in this issuance to 
emphasize:
    (a) The need for agencies to recognize the opportunity that the 
introduction of information technology presents for organizational 
streamlining, work process redesign, and making public interactions 
with the Federal government more ``user-friendly'';
    (b) The availability of government information in electronic forms 
to improve the management and use of this information for the 
government and the public; and
    (5) The role of information resources in supporting the achievement 
of mission goals.
    Section 8b. Information Systems and Information Technology 
Management Policy.
    (1) Evaluation and Performance Measurement.
    This section expands on the guidance for evaluating investments in 
information technology previously found in Section 43 of OMB Circular 
No. A-11, Preparation and Submission of Budget Estimates, and OMB 
Circular No. A-94, Guidelines and Discount Rates for Benefit-Cost 
Analysis of Federal Programs (57 FR 53519, November 10, 1992). 
Additionally, OMB broadens the criteria for evaluating information 
systems to include benefits to the public. This policy requires 
agencies to prepare a benefit-cost analysis for each information system 
as a management oversight tool. The policy also requires agencies to 
devise an agency-wide investment strategy, using benefit-cost analyses 
for individual systems, that maximizes the return on investment on 
information technology across the agency.
    This section has been changed from the proposal (Sec. 8b(1), 58 FR 
47793-4) to emphasize the role of reengineering in ensuring the 
greatest return possible from investments in information technology. 
Other changes add operational risk as a criterion for evaluating 
individual information systems and require agencies to review benefits 
that have accrued from implementing an information system. Finally, 
this issuance requires agencies to consider the return on investments 
in information technology from an organization-wide perspective. These 
changes reflect comments from the General Accounting Office.
    (2) Strategic Information Resources Management (IRM) Planning.
    This section describes a planning framework that links the 
management of information resources to operational and strategic IRM 
planning and agency-wide strategic planning. In addition, it expands 
the scope of the current planning requirement beyond automatic data 
processing equipment to planning for all information resources.
    This section reflects changes from the proposal (Sec. 8b(2), 58 FR 
47794) to provide more detailed instructions on the content of agency 
planning requirements, in response to agency comments. In particular, 
some material previously required to be reported to OMB in Section 43 
of OMB Circular A-11 are now included in this Circular as required 
elements of agency operational information technology plans.
    (3) Information Systems Management Oversight.
    Section 8b(3) addresses the need for agencies to create management 
oversight processes that ensure information systems meet mission 
requirements. This represents a slight change in language and emphasis 
from the proposal (Sec. 8b(3), 58 FR 47794). The language in this final 
issuance stresses a higher level of agency management attention to the 
progress of major information systems projects, with less emphasis on 
the term ``life cycle management.''
    A new policy at Section 8b(3)(g) links the oversight of financial 
management systems through Circular No. A-127, Financial Management 
Systems (58 FR 41014-19, July 23, 1993), to the management of 
information systems more generally.
    (4) Use of Information Resources.
    A new policy is added at 8b(4) that prompts agencies to address the 
need for organization-wide frameworks for using information resources. 
This clarifies the proposal concerning information and information 
technology architectures contained in the section on IRM planning (Sec. 
8b(2)(c), FR 58 47794), in response to agency comments.
    The policy statement on the use of Federal Information Processing 
Standards (FIPS) is dropped from Section 8b of the Circular (Sec. 
8b(14), 50 FR 52737) because it is now covered in Section 8a(1)(h). 
This change recognizes that the Computer Security Act of 1987 amended 
the Brooks Act to give the Secretary of Commerce the responsibility for 
determining the applicability of FIPS (see 40 U.S.C. 759(d)).
    This section incorporates guidance formerly found in Appendix II 
(50 FR 52741-42) into Section 8b(4). This reflects changes in the 
technical environment surrounding the sharing of federal information 
processing services that allow for sharing of more than just mainframe 
computing resources. Moving this guidance into the policy section of 
the Circular gives it more prominence and fosters better integration of 
these principles in agencies' information technology management 
programs.
    Section 8b(4) also collapses and simplifies the guidance found in 
proposed Section 8b(5) (58 FR 47794-5). This change reflects agency 
comments that the proposal for Section 8b(5) was too burdensome and 
detailed to serve its intended purposes cost-effectively.
    Sec. 8b(4)(f) adds a policy statement stating the high-level policy 
principles of the Computer Security Act of 1987 (U.S.C. 759 note), as 
requested in several comments.
    (5) Acquisition of Information Technology.
    This section applies the economic principle of maximizing return on 
investment when acquiring information technology. This supports the 
criterion used in 8b(1) to evaluate investments in information 
technology for improvements in service delivery to the public. It had 
been proposed as part of a different section (Sec. 8b(4), 58 FR 47794), 
but now stands as a separate section in this issuance.
    4. Appendix II: Cost Accounting, Cost Recovery, and Interagency 
Sharing of Information Technology Facilities.
    In the July 1993 Federal Register notice (58 FR 36069-70), OMB 
stated its intention to revise the guidance in Appendix II, issued in 
1985 (50 FR 52741-42). In the September 10, 1993, notice OMB proposed 
to delete the guidance in Appendix II and place revised guidance in 
Section 8b (58 FR 47793). This notice contains the revised guidance in 
Section 8b. Accordingly, policy pertaining to cost accounting, cost 
recovery, and interagency sharing of information technology facilities 
has been deleted from Appendix II. Appendix II will be reserved for 
future policy topics.
    5. Appendix IV: Analysis of Key Sections.
    OMB has completely revised the portion of this appendix pertaining 
to Section 8b, Information Systems and Information Technology 
Management (see 50 FR 52748-50) to reflect the changes made in Section 
8b. Accordingly, Appendix IV now consists of the discussion concerning 
sections 1-8 and 9a(11) of the Circular, contained herein, plus the 
discussion of Section 9, Assignment of Responsibilities, and 10, 
Oversight, in Appendix IV from the 1985 issuance (50 FR 52750-51), 
which remains in effect.

Development of Future Topics

    Section 9, Assignment of Responsibilities, and Section 10, 
Oversight. As part of the final stage of revising the Circular, OMB 
will review the assignment of responsibilities and oversight provisions 
to ensure that they reflect changes in Section 8, Policies, of the 
Circular.
    Appendix III: Security of Federal Automated Information Systems.
    OMB did not amend Appendix III (50 FR 52742-44) in the July 1993 
Federal Register notice, and is not amending Appendix III in this 
notice. OMB intends to issue a proposal that would revise Appendix III 
to incorporate requirements of the Computer Security Act of 1987 
including requirements for security plans described in OMB Bulletin 90-
08. Those revisions will incorporate changes based on the experience 
gained in recent computer security visits to agencies by teams of staff 
from OMB, the National Institute of Standards and Technology (NIST), 
and the National Security Agency. OMB will also work with NIST to 
implement recommendations of the Computer Security and Privacy Advisory 
Board (established by the Computer Security Act) regarding better 
coordination between this Circular and OMB Circular No. A-123.
    Accordingly, Circular A-130 is revised as set forth below.
Sally Katzen,
Administrator, Office of Information and Regulatory Affairs

Circular No. A-130--Revised

    Transmittal Memorandum No. 2

To the Heads of Executive Departments and Establishments

SUBJECT: Management of Federal Information Resources
    Circular No. A-130 provides uniform government-wide information 
resources management policies as required by the Paperwork Reduction 
Act of 1980, 44 U.S.C. Chapter 35. This Transmittal Memorandum contains 
updated guidance on those portions of the Circular dealing with the 
management of information technology. It also contains a revised 
Appendix IV, ``Analysis of Key Sections'' and reprints Transmittal No. 
1 (58 FR 36070-36086) with a few changes.
Leon E. Panetta,
Director

Circular No. A-130--Revised

    Transmittal Memorandum No. 2

To the Heads of Executive Departments and Establishments

SUBJECT: Management of Federal Information Resources
    1. Purpose: This Circular establishes policy for the management of 
Federal information resources. Procedural and analytic guidelines for 
implementing specific aspects of these policies are included as 
appendices.
    2. Rescissions: This Circular rescinds OMB Circulars No. A-3, A-71, 
A-90, A-108, A-114, and A-121, and all Transmittal Memoranda to those 
circulars.
    3. Authorities: This Circular is issued pursuant to the Paperwork 
Reduction Act (PRA), as amended (44 U.S.C. Chapter 35); the Privacy 
Act, as amended (5 U.S.C. 552a); the Chief Financial Officers Act (31 
U.S.C. 3512 et seq.); the Federal Property and Administrative Services 
Act, as amended (40 U.S.C. 759 and 487); the Computer Security Act (40 
U.S.C. 759 note); the Budget and Accounting Act, as amended (31 U.S.C. 
Chapter 11); Executive Order No. 12046 of March 27, 1978; and Executive 
Order No. 12472 of April 3, 1984.
    4. Applicability and Scope:
    a. The policies in this Circular apply to the information 
activities of all agencies of the executive branch of the Federal 
government.
    b. Information classified for national security purposes should 
also be handled in accordance with the appropriate national security 
directives. National security emergency preparedness activities should 
be conducted in accordance with Executive Order No. 12472.
    5. Background: The Paperwork Reduction Act establishes a broad 
mandate for agencies to perform their information resources management 
activities in an efficient, effective, and economical manner. To assist 
agencies in an integrated approach to information resources management, 
the Act requires that the Director of OMB develop and implement uniform 
and consistent information resources management policies; oversee the 
development and promote the use of information management principles, 
standards, and guidelines; evaluate agency information resources 
management practices in order to determine their adequacy and 
efficiency; and determine compliance of such practices with the 
policies, principles, standards, and guidelines promulgated by the 
Director.
    6. Definitions:
    a. The term ``agency'' means any executive department, military 
department, government corporation, government controlled corporation, 
or other establishment in the executive branch of the Federal 
government, or any independent regulatory agency. Within the Executive 
Office of the President, the term includes only OMB and the Office of 
Administration.
    b. The term ``audiovisual production'' means a unified 
presentation, developed according to a plan or script, containing 
visual imagery, sound or both, and used to convey information.
    c. The term ``dissemination'' means the government initiated 
distribution of information to the public. Not considered dissemination 
within the meaning of this Circular is distribution limited to 
government employees or agency contractors or grantees, intra- or 
inter-agency use or sharing of government information, and responses to 
requests for agency records under the Freedom of Information Act (5 
U.S.C. 552) or Privacy Act.
    d. The term ``full costs,'' when applied to the expenses incurred 
in the operation of an Information Processing Services Organization 
(IPSO), is comprised of all direct, indirect, general, and 
administrative costs incurred in the operation of an IPSO. These costs 
include, but are not limited to, personnel, equipment, software, 
supplies, contracted services from private sector providers, space 
occupancy, intra-agency services from within the agency, inter-agency 
services from other Federal agencies, other services that are provided 
by State and local governments, and Judicial and Legislative branch 
organizations.
    e. The term ``government information'' means information created, 
collected, processed, disseminated, or disposed of by or for the 
Federal Government.
    f. The term ``government publication'' means information which is 
published as an individual document at government expense, or as 
required by law. (44 U.S.C. 1901)
    g. The term ``information'' means any communication or 
representation of knowledge such as facts, data, or opinions in any 
medium or form, including textual, numerical, graphic, cartographic, 
narrative, or audiovisual forms.
    h. The term ``information dissemination product'' means any book, 
paper, map, machine-readable material, audiovisual production, or other 
documentary material, regardless of physical form or characteristic, 
disseminated by an agency to the public.
    i. The term ``information life cycle'' means the stages through 
which information passes, typically characterized as creation or 
collection, processing, dissemination, use, storage, and disposition.
    j. The term ``information management'' means the planning, 
budgeting, manipulating, and controlling of information throughout its 
life cycle.
    k. The term ``information resources'' includes both government 
information and information technology.
    l. The term ``information processing services organization'' (IPSO) 
means a discrete set of personnel, information technology, and support 
equipment with the primary function of providing services to more than 
one agency on a reimbursable basis.
    m. The term ``information resources management'' means the process 
of managing information resources to accomplish agency missions. The 
term encompasses both information itself and the related resources, 
such as personnel, equipment, funds, and information technology.
    n. The term ``information system'' means a discrete set of 
information resources organized for the collection, processing, 
maintenance, transmission, and dissemination of information, in 
accordance with defined procedures, whether automated or manual.
    o. The term ``information system life cycle'' means the phases 
through which an information system passes, typically characterized as 
initiation, development, operation, and termination.
    p. The term ``information technology'' means the hardware and 
software operated by a Federal agency or by a contractor of a Federal 
agency or other organization that processes information on behalf of 
the Federal government to accomplish a Federal function, regardless of 
the technology involved, whether computers, telecommunications, or 
others. It includes automatic data processing equipment as that term is 
defined in Section 111(a)(2) of the Federal Property and Administrative 
Services Act of 1949. For the purposes of this Circular, automatic data 
processing and telecommunications activities related to certain 
critical national security missions, as defined in 44 U.S.C. 3502(2) 
and 10 U.S.C. 2315, are excluded.
    q. The term ``major information system'' means an information 
system that requires special management attention because of its 
importance to an agency mission; its high development, operating, or 
maintenance costs; or its significant role in the administration of 
agency programs, finances, property, or other resources.
    r. The term ``records'' means all books, papers, maps, photographs, 
machine-readable materials, or other documentary materials, regardless 
of physical form or characteristics, made or received by an agency of 
the United States Government under Federal law or in connection with 
the transaction of public business and preserved or appropriate for 
preservation by that agency or its legitimate successor as evidence of 
the organization, functions, policies, decisions, procedures, 
operations, or other activities of the government or because of the 
informational value of the data in them. Library and museum material 
made or acquired and preserved solely for reference or exhibition 
purposes, extra copies of documents preserved only for convenience of 
reference, and stocks of publications and of processed documents are 
not included. (44 U.S.C. 3301)
    s. The term ``records management'' means the planning, controlling, 
directing, organizing, training, promoting, and other managerial 
activities involved with respect to records creation, records 
maintenance and use, and records disposition in order to achieve 
adequate and proper documentation of the policies and transactions of 
the Federal Government and effective and economical management of 
agency operations. (44 U.S.C. 2901(2))
    t. The term ``service recipient'' means an agency organizational 
unit, programmatic entity, or chargeable account that receives 
information processing services from an Information Processing Services 
Organization (IPSO). A service recipient may be either internal or 
external to the organization responsible for providing information 
resources services, but normally does not report either to the manager 
or director of the IPSO or to the same immediate supervisor.
    7. Basic Considerations and Assumptions:
    a. The Federal Government is the largest single producer, 
collector, consumer, and disseminator of information in the United 
States. Because of the extent of the government's information 
activities, and the dependence of those activities upon public 
cooperation, the management of Federal information resources is an 
issue of continuing importance to all Federal agencies, State and local 
governments, and the public.
    b. Government information is a valuable national resource. It 
provides the public with knowledge of the government, society, and 
economy--past, present, and future. It is a means to ensure the 
accountability of government, to manage the government's operations, to 
maintain the healthy performance of the economy, and is itself a 
commodity in the marketplace.
    c. The free flow of information between the government and the 
public is essential to a democratic society. It is also essential that 
the government minimize the Federal paperwork burden on the public, 
minimize the cost of its information activities, and maximize the 
usefulness of government information.
    d. In order to minimize the cost and maximize the usefulness of 
government information, the expected public and private benefits 
derived from government information should exceed the public and 
private costs of the information, recognizing that the benefits to be 
derived from government information may not always be quantifiable.
    e. The nation can benefit from government information disseminated 
both by Federal agencies and by diverse nonfederal parties, including 
State and local government agencies, educational and other not-for-
profit institutions, and for-profit organizations.
    f. Because the public disclosure of government information is 
essential to the operation of a democracy, the management of Federal 
information resources should protect the public's right of access to 
government information.
    g. The individual's right to privacy must be protected in Federal 
Government information activities involving personal information.
    h. Systematic attention to the management of government records is 
an essential component of sound public resources management which 
ensures public accountability. Together with records preservation, it 
protects the government's historical record and guards the legal and 
financial rights of the government and the public.
    i. Agency strategic planning can improve the operation of 
government programs. The application of information resources should 
support an agency's strategic plan to fulfill its mission. The 
integration of IRM planning with agency strategic planning promotes the 
appropriate application of Federal information resources.
    j. Because State and local governments are important producers of 
government information for many areas such as health, social welfare, 
labor, transportation, and education, the Federal Government must 
cooperate with these governments in the management of information 
resources.
    k. The open and efficient exchange of scientific and technical 
government information, subject to applicable national security 
controls and the proprietary rights of others, fosters excellence in 
scientific research and effective use of Federal research and 
development funds.
    l. Information technology is not an end in itself. It is one set of 
resources that can improve the effectiveness and efficiency of Federal 
program delivery.
    m. Federal Government information resources management policies and 
activities can affect, and be affected by, the information policies and 
activities of other nations.
    n. Users of Federal information resources must have skills, 
knowledge, and training to manage information resources, enabling the 
Federal government to effectively serve the public through automated 
means.
    o. The application of up-to-date information technology presents 
opportunities to promote fundamental changes in agency structures, work 
processes, and ways of interacting with the public that improve the 
effectiveness and efficiency of Federal agencies.
    p. The availability of government information in diverse media, 
including electronic formats, permits agencies and the public greater 
flexibility in using the information.
    q. Federal managers with program delivery responsibilities should 
recognize the importance of information resources management to mission 
performance.
    8. Policy:
    a. Information Management Policy
    (1) Information Management Planning. Agencies shall plan in an 
integrated manner for managing information throughout its life cycle. 
Agencies shall:
    (a) Consider, at each stage of the information life cycle, the 
effects of decisions and actions on other stages of the life cycle, 
particularly those concerning information dissemination;
    (b) Consider the effects of their actions on members of the public 
and ensure consultation with the public as appropriate;
    (c) Consider the effects of their actions on State and local 
governments and ensure consultation with those governments as 
appropriate;
    (d) Seek to satisfy new information needs through interagency or 
intergovernmental sharing of information, or through commercial 
sources, where appropriate, before creating or collecting new 
information;
    (e) Integrate planning for information systems with plans for 
resource allocation and use, including budgeting, acquisition, and use 
of information technology;
    (f) Train personnel in skills appropriate to management of 
information;
    (g) Protect government information commensurate with the risk and 
magnitude of harm that could result from the loss, misuse, or 
unauthorized access to or modification of such information;
    (h) Use voluntary standards and Federal Information Processing 
Standards where appropriate or required;
    (i) Consider the effects of their actions on the privacy rights of 
individuals, and ensure that appropriate legal and technical safeguards 
are implemented;
    (j) Record, preserve, and make accessible sufficient information to 
ensure the management and accountability of agency programs, and to 
protect the legal and financial rights of the Federal Government;
    (k) Incorporate records management and archival functions into the 
design, development, and implementation of information systems;
    (l) Provide for public access to records where required or 
appropriate.
    (2) Information Collection. Agencies shall collect or create only 
that information necessary for the proper performance of agency 
functions and which has practical utility.
    (3) Electronic Information Collection. Agencies shall use 
electronic collection techniques where such techniques reduce burden on 
the public, increase efficiency of government programs, reduce costs to 
the government and the public, and/or provide better service to the 
public. Conditions favorable to electronic collection include:
    (a) The information collection seeks a large volume of data and/or 
reaches a large proportion of the public;
    (b) The information collection recurs frequently;
    (c) The structure, format, and/or definition of the information 
sought by the information collection does not change significantly over 
several years;
    (d) The agency routinely converts the information collected to 
electronic format;
    (e) A substantial number of the affected public are known to have 
ready access to the necessary information technology and to maintain 
the information in electronic form;
    (f) Conversion to electronic reporting, if mandatory, will not 
impose substantial costs or other adverse effects on the public, 
especially State and local governments and small business entities.
    (4) Records Management. Agencies shall:
    (a) Ensure that records management programs provide adequate and 
proper documentation of agency activities;
    (b) Ensure the ability to access records regardless of form or 
medium;
    (c) In a timely fashion, establish, and obtain the approval of the 
Archivist of the United States for, retention schedules for Federal 
records; and
    (d) Provide training and guidance as appropriate to all agency 
officials and employees and contractors regarding their Federal records 
management responsibilities.
    (5) Providing Information to the Public. Agencies have a 
responsibility to provide information to the public consistent with 
their missions. Agencies shall discharge this responsibility by:
    (a) Providing information, as required by law, describing agency 
organization, activities, programs, meetings, systems of records, and 
other information holdings, and how the public may gain access to 
agency information resources;
    (b) Providing access to agency records under provisions of the 
Freedom of Information Act and the Privacy Act, subject to the 
protections and limitations provided for in these Acts;
    (c) Providing such other information as is necessary or appropriate 
for the proper performance of agency functions; and
    (d) In determining whether and how to disseminate information to 
the public, agencies shall:
    (i) Disseminate information in a manner that achieves the best 
balance between the goals of maximizing the usefulness of the 
information and minimizing the cost to the government and the public;
    (ii) Disseminate information dissemination products on equitable 
and timely terms;
    (iii) Take advantage of all dissemination channels, Federal and 
nonfederal, including State and local governments, libraries and 
private sector entities, in discharging agency information 
dissemination responsibilities;
    (iv) Help the public locate government information maintained by or 
for the agency.
    (6) Information Dissemination Management System. Agencies shall 
maintain and implement a management system for all information 
dissemination products which shall, at a minimum:
    (a) Assure that information dissemination products are necessary 
for proper performance of agency functions (44 U.S.C. 1108);
    (b) Consider whether an information dissemination product available 
from other Federal or nonfederal sources is equivalent to an agency 
information dissemination product and reasonably fulfills the 
dissemination responsibilities of the agency;
    (c) Establish and maintain inventories of all agency information 
dissemination products;
    (d) Develop such other aids to locating agency information 
dissemination products including catalogs and directories, as may 
reasonably achieve agency information dissemination objectives;
    (e) Identify in information dissemination products the source of 
the information, if from another agency;
    (f) Ensure that members of the public with disabilities whom the 
agency has a responsibility to inform have a reasonable ability to 
access the information dissemination products;
    (g) Ensure that government publications are made available to 
depository libraries through the facilities of the Government Printing 
Office, as required by law (44 U.S.C. Part 19);
    (h) Provide electronic information dissemination products to the 
Government Printing Office for distribution to depository libraries;
    (i) Establish and maintain communications with members of the 
public and with State and local governments so that the agency creates 
information dissemination products that meet their respective needs;
    (j) Provide adequate notice when initiating, substantially 
modifying, or terminating significant information dissemination 
products; and
    (k) Ensure that, to the extent existing information dissemination 
policies or practices are inconsistent with the requirements of this 
Circular, a prompt and orderly transition to compliance with the 
requirements of this Circular is made.
    (7) Avoiding Improperly Restrictive Practices. Agencies shall:
    (a) Avoid establishing, or permitting others to establish on their 
behalf, exclusive, restricted, or other distribution arrangements that 
interfere with the availability of information dissemination products 
on a timely and equitable basis;
    (b) Avoid establishing restrictions or regulations, including the 
charging of fees or royalties, on the reuse, resale, or redissemination 
of Federal information dissemination products by the public; and,
    (c) Set user charges for information dissemination products at a 
level sufficient to recover the cost of dissemination but no higher. 
They shall exclude from calculation of the charges costs associated 
with original collection and processing of the information. Exceptions 
to this policy are:
    (i) Where statutory requirements are at variance with the policy;
    (ii) Where the agency collects, processes, and disseminates the 
information for the benefit of a specific identifiable group beyond the 
benefit to the general public;
    (iii) Where the agency plans to establish user charges at less than 
cost of dissemination because of a determination that higher charges 
would constitute a significant barrier to properly performing the 
agency's functions, including reaching members of the public whom the 
agency has a responsibility to inform; or
    (iv) Where the Director of OMB determines an exception is 
warranted.
    (8) Electronic Information Dissemination. Agencies shall use 
electronic media and formats, including public networks, as appropriate 
and within budgetary constraints, in order to make government 
information more easily accessible and useful to the public. The use of 
electronic media and formats for information dissemination is 
appropriate under the following conditions:
    (a) The agency develops and maintains the information 
electronically;
    (b) Electronic media or formats are practical and cost effective 
ways to provide public access to a large, highly detailed volume of 
information;
    (c) The agency disseminates the product frequently;
    (d) The agency knows a substantial portion of users have ready 
access to the necessary information technology and training to use 
electronic information dissemination products;
    (e) A change to electronic dissemination, as the sole means of 
disseminating the product, will not impose substantial acquisition or 
training costs on users, especially State and local governments and 
small business entities.
    (9) Safeguards. Agencies shall:
    (a) Ensure that information is protected commensurate with the risk 
and magnitude of the harm that would result from the loss, misuse, or 
unauthorized access to or modification of such information;
    (b) Limit the collection of information which identifies 
individuals to that which is legally authorized and necessary for the 
proper performance of agency functions;
    (c) Limit the sharing of information that identifies individuals or 
contains proprietary information to that which is legally authorized, 
and impose appropriate conditions on use where a continuing obligation 
to ensure the confidentiality of the information exists;
    (d) Provide individuals, upon request, access to records about them 
maintained in Privacy Act systems of records, and permit them to amend 
such records as are in error consistent with the provisions of the 
Privacy Act.
    b. Information Systems and Information Technology Management.
    (1) Evaluation and Performance Measurement. Agencies shall promote 
the appropriate application of Federal information resources as 
follows:
    (a) Seek opportunities to improve the effectiveness and efficiency 
of government programs through work process redesign and the judicious 
application of information technology;
    (b) Prepare, and update as necessary throughout the information 
system life cycle, a benefit-cost analysis for each information system:
    (i) at a level of detail appropriate to the size of the investment;
    (ii) consistent with the methodology described in OMB Circular No. 
A-94, ``Guidelines and Discount Rates for Benefit-Cost Analysis of 
Federal Programs;'' and
    (iii) that relies on systematic measures of mission performance, 
including the:
    (a) effectiveness of program delivery;
    (b) efficiency of program administration; and
    (c) reduction in burden, including information collection burden, 
imposed on the public;
    (c) Conduct benefit-cost analyses to support ongoing management 
oversight processes that maximize return on investment and minimize 
financial and operational risk for investments in major information 
systems on an agency-wide basis; and
    (d) Conduct post-implementation reviews of information systems to 
validate estimated benefits and document effective management practices 
for broader use.
    (2) Strategic Information Resources Management (IRM) Planning. 
Agencies shall establish and maintain strategic information resources 
management planning processes which include the following components:
    (a) Strategic IRM planning that addresses how the management of 
information resources promotes the fulfillment of an agency's mission. 
This planning process should support the development and maintenance of 
a strategic IRM plan that reflects and anticipates changes in the 
agency's mission, policy direction, technological capabilities, or 
resource levels;
    (b) Information planning that promotes the use of information 
throughout its life cycle to maximize the usefulness of information, 
minimize the burden on the public, and preserve the appropriate 
integrity, availability, and confidentiality of information. It shall 
specifically address the planning and budgeting for the information 
collection burden imposed on the public as defined by 5 C.F.R. 1320;
    (c) Operational information technology planning that links 
information technology to anticipated program and mission needs, 
reflects budget constraints, and forms the basis for budget requests. 
This planning should result in the preparation and maintenance of an 
up-to-date five-year plan, as required by 44 U.S.C. 3506, which 
includes:
    (i) a listing of existing and planned major information systems;
    (ii) a listing of planned information technology acquisitions;
    (iii) an explanation of how the listed major information systems 
and planned information technology acquisitions relate to each other 
and support the achievement of the agency's mission; and
    iv) a summary of computer security planning, as required by Section 
6 of the Computer Security Act of 1987 (40 U.S.C. 759 note); and
    (d) Coordination with other agency planning processes including 
strategic, human resources, and financial resources.
    (3) Information Systems Management Oversight. Agencies shall 
establish information system management oversight mechanisms that:
    (a) Ensure that each information system meets agency mission 
requirements;
    (b) Provide for periodic review of information systems to 
determine:
    (i) how mission requirements might have changed;
    (ii) whether the information system continues to fulfill ongoing 
and anticipated mission requirements; and
    (iii) what level of maintenance is needed to ensure the information 
system meets mission requirements cost effectively;
    (c) Ensure that the official who administers a program supported by 
an information system is responsible and accountable for the management 
of that information system throughout its life cycle;
    (d) Provide for the appropriate training for users of Federal 
information resources;
    (e) Prescribe Federal information system requirements that do not 
unduly restrict the prerogatives of State, local, and tribal 
governments;
    (f) Ensure that major information systems proceed in a timely 
fashion towards agreed-upon milestones in an information system life 
cycle, meet user requirements, and deliver intended benefits to the 
agency and affected publics through coordinated decision making about 
the information, human, financial, and other supporting resources; and
    (g) Ensure that financial management systems conform to the 
requirements of OMB Circular No. A-127, ``Financial Management 
Systems.''
    (4) Use of Information Resources. Agencies shall create and 
maintain management and technical frameworks for using information 
resources that document linkages between mission needs, information 
content, and information technology capabilities. These frameworks 
should guide both strategic and operational IRM planning. They should 
also address steps necessary to create an open systems environment. 
Agencies shall implement the following principles:
    (a) Develop information systems in a manner that facilitates 
necessary interoperability, application portability, and scalability of 
computerized applications across networks of heterogeneous hardware, 
software, and communications platforms;
    (b) Ensure that improvements to existing information systems and 
the development of planned information systems do not unnecessarily 
duplicate information systems available within the same agency, from 
other agencies, or from the private sector;
    (c) Share available information systems with other agencies to the 
extent practicable and legally permissible;
    (d) Meet information technology needs through intra-agency and 
inter-agency sharing, when it is cost effective, before acquiring new 
information technology resources;
    (e) For Information Processing Service Organizations (IPSOs) that 
have costs in excess of $5 million per year, agencies shall:
    (i) account for the full costs of operating all IPSOs;
    (ii) recover the costs incurred for providing IPSO services to all 
service recipients on an equitable basis commensurate with the costs 
required to provide those services; and
    (iii) document sharing agreements between service recipients and 
IPSOs; and
    (f) Establish a level of security for all information systems that 
is commensurate with the risk and magnitude of the harm resulting from 
the loss, misuse, or unauthorized access to or modification of the 
information contained in these information systems.
    (5) Acquisition of Information Technology. Agencies shall:
    (a) Acquire information technology in a manner that makes use of 
full and open competition and that maximizes return on investment;
    (b) Acquire off-the-shelf software from commercial sources, unless 
the cost effectiveness of developing custom software to meet mission 
needs is clear and has been documented;
    (c) Acquire information technology in accordance with OMB Circular 
No. A-109, ``Acquisition of Major Systems,'' where appropriate; and
    (d) Acquire information technology in a manner that considers the 
need for accommodations of accessibility for individuals with 
disabilities to the extent that needs for such access exist.
    9. Assignment of Responsibilities:
    a. All Federal Agencies. The head of each agency shall:
    (1) Have primary responsibility for managing agency information 
resources;
    (2) Ensure that the information policies, principles, standards, 
guidelines, rules, and regulations prescribed by OMB are implemented 
appropriately within the agency;
    (3) Develop internal agency information policies and procedures and 
oversee, evaluate, and otherwise periodically review agency information 
resources management activities for conformity with the policies set 
forth in this Circular;
    (4) Develop agency policies and procedures that provide for timely 
acquisition of required information technology;
    (5) Maintain an inventory of the agencies' major information 
systems and information dissemination programs;
    (6) Create, maintain, and dispose of a record of agency activities 
in accordance with the Federal Records Act of 1950, as amended;
    (7) Identify to the Director, OMB, statutory, regulatory, and other 
impediments to efficient management of Federal information resources 
and recommend to the Director legislation, policies, procedures, and 
other guidance to improve such management;
    (8) Assist OMB in the performance of its functions under the PRA 
including making services, personnel, and facilities available to OMB 
for this purpose to the extent practicable;
    (9) Appoint a senior official, as required by 44 U.S.C. 3506(b), 
who shall report directly to the agency head to carry out the 
responsibilities of the agency under the PRA. The head of the agency 
shall keep the Director, OMB, advised as to the name, title, authority, 
responsibilities, and organizational resources of the senior official. 
For purposes of this paragraph, military departments and the Office of 
the Secretary of Defense may each appoint one official.
    (10) Designate an office with responsibility for management 
oversight of agency audiovisual productions and establish an 
appropriate program for the management of audiovisual productions, 
facilities, and activities in conformance with the requirements 
contained at 36 CFR 1232.4.
    (11) Direct the senior official appointed pursuant to 44 U.S.C. 
3506(b) to monitor agency compliance with the policies, procedures, and 
guidance in this Circular. Acting as an ombudsman, the senior official 
shall consider alleged instances of agency failure to comply with this 
Circular and recommend or take corrective action as appropriate. The 
senior official shall report annually, not later than February 1st of 
each year, to the Director those instances of alleged failure to comply 
with this Circular and their resolution.
    b. Department of State. The Secretary of State shall:
    (1) Advise the Director, OMB, on the development of United States 
positions and policies on international information policy issues 
affecting Federal Government information activities and ensure that 
such positions and policies are consistent with Federal information 
resources management policy;
    (2) Ensure, in consultation with the Secretary of Commerce, that 
the United States is represented in the development of international 
information technology standards, and advise the Director, OMB, of such 
activities.
    c. Department of Commerce. The Secretary of Commerce shall:
    (1) Develop and issue Federal Information Processing Standards and 
guidelines necessary to ensure the efficient and effective acquisition, 
management, security, and use of information technology;
    (2) Advise the Director, OMB, on the development of policies 
relating to the procurement and management of Federal 
telecommunications resources;
    (3) Provide OMB and the agencies with scientific and technical 
advisory services relating to the development and use of information 
technology;
    (4) Conduct studies and evaluations concerning telecommunications 
technology, and concerning the improvement, expansion, testing, 
operation, and use of Federal tele communications systems and advise 
the Director, OMB, and appropriate agencies of the recommendations that 
result from such studies;
    (5) Develop, in consultation with the Secretary of State and the 
Director of OMB, plans, policies, and programs relating to 
international telecommunications issues affecting government 
information activities;
    (6) Identify needs for standardization of telecommunications and 
information processing technology, and develop standards, in 
consultation with the Secretary of Defense and the Administrator of 
General Services, to ensure efficient application of such technology;
    (7) Ensure that the Federal Government is represented in the 
development of national and, in consultation with the Secretary of 
State, international information technology standards, and advise the 
Director, OMB, of such activities.
    d. Department of Defense. The Secretary of Defense shall develop, 
in consultation with the Administrator of General Services, uniform 
Federal telecommunications standards and guidelines to ensure national 
security, emergency preparedness, and continuity of government.
    e. General Services Administration. The Administrator of General 
Services shall:
    (1) Advise the Director, OMB, and agency heads on matters affecting 
the procurement of information technology;
    (2) Coordinate and, when required, provide for the purchase, lease, 
and maintenance of information technology required by Federal agencies;
    (3) Develop criteria for timely procurement of information 
technology and delegate procurement authority to agencies that comply 
with the criteria;
    (4) Provide guidelines and regulations for Federal agencies, as 
authorized by law, on the acquisition, maintenance, and disposition of 
information technology;
    (5) Develop policies and guidelines that facilitate the sharing of 
information technology among agencies as required by this Circular;
    (6) Review agencies' information resources management activities to 
meet the objectives of the triennial reviews required by the PRA and 
report the results to the Director, OMB;
    (7) Manage the Automatic Data Processing Fund and the Federal 
Telecommunications Fund in accordance with the Federal Property and 
Administrative Services Act as amended;
    (8) Establish procedures for approval, implementation, and 
dissemination of Federal telecommunications standards and guidelines 
and for implementation of Federal Information Processing Standards.
    f. Office of Personnel Management. The Director, Office of 
Personnel Management, shall:
    (1) Develop and conduct training programs for Federal personnel on 
information resources management including end-user computing;
    (2) Evaluate periodically future personnel management and staffing 
requirements for Federal information resources management;
    (3) Establish personnel security policies and develop training 
programs for Federal personnel associated with the design, operation, 
or maintenance of information systems.
    g. National Archives and Records Administration. The Archivist of 
the United States shall:
    (1) Administer the Federal records management program in accordance 
with the National Archives and Records Act;
    (2) Assist the Director, OMB, in developing standards and 
guidelines relating to the records management program.
    h. Office of Management and Budget. The Director of the Office of 
Management and Budget shall:
    (1) Provide overall leadership and coordination of Federal 
information resources management within the executive branch;
    (2) Serve as the President's principal adviser on procurement and 
management of Federal telecommunications systems, and develop and 
establish policies for procurement and management of such systems;
    (3) Issue policies, procedures, and guidelines to assist agencies 
in achieving integrated, effective, and efficient information resources 
management;
    (4) Initiate and review proposals for changes in legislation, 
regulations, and agency procedures to improve Federal information 
resources management;
    (5) Review and approve or disapprove agency proposals for 
collection of information from the public, as defined by 5 CFR 1320.7;
    (6) Develop and publish annually in consultation with the 
Administrator of General Services, a five-year plan for meeting the 
information technology needs of the Federal Government;
    (7) Evaluate agencies' information resources management and 
identify cross-cutting information policy issues through the review of 
agency information programs, information collection budgets, 
information technology acquisition plans, fiscal budgets, and by other 
means;
    (8) Provide policy oversight for the Federal records management 
function conducted by the National Archives and Records Administration 
and coordinate records management policies and programs with other 
information activities;
    (9) Review, with the advice and assistance of the Administrator of 
General Services, selected agencies' information resources management 
activities to meet the objectives of the triennial reviews required by 
the PRA;
    (10) Review agencies' policies, practices, and programs pertaining 
to the security, protection, sharing, and disclosure of information, in 
order to ensure compliance with the Privacy Act and related statutes;
    (11) Resolve information technology procurement disputes between 
agencies and the General Services Administration pursuant to Section 
111 of the Federal Property and Administrative Services Act;
    (12) Review proposed U.S. Government Position and Policy statements 
on international issues affecting Federal Government information 
activities and advise the Secretary of State as to their consistency 
with Federal information resources management policy.
    10. Oversight:
    a. The Director, OMB, will use information technology planning 
reviews, fiscal budget reviews, information collection budget reviews, 
management reviews, GSA reviews of agency information resources 
management measures and such other measures as the Director deems 
necessary to evaluate the adequacy and efficiency of each agency's 
information resources management and compliance with this Circular.
    b. The Director, OMB, may, upon written request of an agency, grant 
a waiver from particular requirements of this Circular. Requests for 
waivers must detail the reasons why a particular waiver is sought, 
identify the duration of the waiver sought, and include a plan for the 
prompt and orderly transition to full compliance with the requirements 
of this Circular. Notice of each waiver request shall be published 
promptly by the agency in the Federal Register, with a copy of the 
waiver request made available to the public on request.
    11. Effectiveness: This Circular is effective upon issuance. 
Nothing in this Circular shall be construed to confer a private right 
of action on any person.
    12. Inquiries: All questions or inquiries should be addressed to 
the Office of Information and Regulatory Affairs, Office of Management 
and Budget, Washington, D.C. 20503. Telephone: (202) 395-3785.
    13. Sunset Review Date: OMB will review this Circular three years 
from the date of issuance to ascertain its effectiveness.

Appendix I to OMB Circular No. A-130--Federal Agency 
Responsibilities for Maintaining Records About Individuals

    1. Purpose and Scope.
    This Appendix describes agency responsibilities for implementing 
the reporting and publication requirements of the Privacy Act of 1974, 
5 U.S.C. 552a, as amended (hereinafter ``the Act''). It applies to all 
agencies subject to the Act. Note that this Appendix does not rescind 
other guidance OMB has issued to help agencies interpret the Privacy 
Act's provisions, e.g., Privacy Act Guidelines (40 FR 28949-28978, July 
9, 1975), or Final Guidance for Conducting Matching Programs (54 FR at 
25819, June 19, 1989).
    2. Definitions.
    a. The terms ``agency,'' ``individual,'' ``maintain,'' ``record,'' 
``system of records,'' and ``routine use,'' as used in this Appendix, 
are defined in the Act (5 U.S.C. 552a(a)).
    b. Matching Agency. Generally, the Recipient Federal agency (or the 
Federal source agency in a match conducted by a nonfederal agency) is 
the matching agency and is responsible for meeting the reporting and 
publication requirements associated with the matching program. However, 
in large, multi-agency matching programs, where the recipient agency is 
merely performing the matches and the benefit accrues to the source 
agencies, the partners should assign responsibility for compliance with 
the administrative requirements in a fair and reasonable way. This may 
mean having the matching agency carry out these requirements for all 
parties, having one participant designated to do so, or having each 
source agency do so for its own matching program(s).
    c. Nonfederal Agency. Nonfederal agencies are State or local 
governmental agencies receiving records from a Federal agency's 
automated system of records to be used in a matching program.
    d. Recipient Agency. Recipient agencies are Federal agencies or 
their contractors receiving automated records from the Privacy Act 
systems of records of other Federal agencies, or from State or local 
governments, to be used in a matching program as defined in the Act.
    e. Source Agency. A source agency is a Federal agency that 
discloses automated records from a system of records to another Federal 
agency or to a State or local agency to be used in a matching program. 
It is also a State or local agency that discloses records to a Federal 
agency for use in a matching program.
    3. Assignment of Responsibilities.
    a. All Federal Agencies. In addition to meeting the agency 
requirements contained in the Act and the specific reporting and 
publication requirements detailed in this Appendix, the head of each 
agency shall ensure that the following reviews are conducted as often 
as specified below, and be prepared to report to the Director, OMB, the 
results of such reviews and the corrective action taken to resolve 
problems uncovered. The head of each agency shall:
    (1) Section (m) Contracts. Review every two years a random sample 
of agency contracts that provide for the maintenance of a system of 
records on behalf of the agency to accomplish an agency function, in 
order to ensure that the wording of each contract makes the provisions 
of the Act binding on the contractor and his or her employees. (See 5 
U.S.C. 552a(m)(1))
    (2) Recordkeeping Practices. Review annually agency recordkeeping 
and disposal policies and practices in order to assure compliance with 
the Act, paying particular attention to the maintenance of automated 
records.
    (3) Routine Use Disclosures. Review every four years the routine 
use disclosures associated with each system of records in order to 
ensure that the recipient's use of such records continues to be 
compatible with the purpose for which the disclosing agency collected 
the information.
    (4) Exemption of Systems of Records. Review every four years each 
system of records for which the agency has promulgated exemption rules 
pursuant to Section (j) or (k) of the Act in order to determine whether 
such exemption is still needed.
    (5) Matching Programs. Review annually each ongoing matching 
program in which the agency has participated during the year, either as 
a source or as a matching agency, in order to ensure that the 
requirements of the Act, the OMB guidance, and any agency regulations, 
operating instructions, or guidelines have been met.
    (6) Privacy Act Training. Review annually agency training practices 
in order to ensure that all agency personnel are familiar with the 
requirements of the Act, with the agency's implementing regulation, and 
with any special requirements of their specific jobs.
    (7) Violations. Review annually the actions of agency personnel 
that have resulted either in the agency being found civilly liable 
under Section (g) of the Act, or an employee being found criminally 
liable under the provisions of Section (i) of the Act, in order to 
determine the extent of the problem and to find the most effective way 
to prevent recurrence of the problem.
    (8) Systems of Records Notices. Review annually each system of 
records notice to ensure that it accurately describes the system of 
records. Where minor changes are needed, e.g., the name of the system 
manager, ensure that an amended notice is published in the Federal 
Register. Agencies may choose to make one annual comprehensive 
publication consolidating such minor changes. This requirement is 
distinguished from and in addition to the requirement to report to OMB 
and Congress significant changes to systems of records and to publish 
those changes in the Federal Register (See paragraph 4c of this 
Appendix).
    b. Department of Commerce. The Secretary of Commerce shall, 
consistent with guidelines issued by the Director, OMB, develop and 
issue standards and guidelines for ensuring the security of information 
protected by the Act in automated information systems.
    c. The Department of Defense, General Services Administration, and 
National Aeronautics and Space Administration. These agencies shall, 
consistent with guidelines issued by the Director, OMB, ensure that 
instructions are issued on what agencies must do in order to comply 
with the requirements of Section (m) of the Act when contracting for 
the operation of a system of records to accomplish an agency purpose.
    d. Office of Personnel Management. The Director of the Office of 
Personnel Management shall, consistent with guidelines issued by the 
Director, OMB:
    (1) Develop and maintain government-wide standards and procedures 
for civilian personnel information processing and recordkeeping 
directives to assure conformance with the Act.
    (2) Develop and conduct Privacy Act training programs for agency 
personnel, including both the conduct of courses in various substantive 
areas (e.g., administrative, information technology) and the 
development of materials that agencies can use in their own courses. 
The assignment of this responsibility to OPM does not affect the 
responsibility of individual agency heads for developing and conducting 
training programs tailored to the specific needs of their own 
personnel.
    e. National Archives and Records Administration. The Archivist of 
the United States through the Office of the Federal Register, shall, 
consistent with guidelines issued by the Director, OMB:
    (1) Issue instructions on the format of the agency notices and 
rules required to be published under the Act.
    (2) Compile and publish every two years, the rules promulgated 
under 5 U.S.C. 552a(f) and agency notices published under 5 U.S.C. 
552a(e)(4) in a form available to the public at low cost.
    (3) Issue procedures governing the transfer of records to Federal 
Records Centers for storage, processing, and servicing pursuant to 44 
U.S.C. 3103. For purposes of the Act, such records are considered to be 
maintained by the agency that deposited them. The Archivist may 
disclose deposited records only according to the access rules 
established by the agency that deposited them.
    f. Office of Management and Budget. The Director of the Office of 
Management and Budget will:
    (1) Issue guidelines and directives to the agencies to implement 
the Act.
    (2) Assist the agencies, at their request, in implementing their 
Privacy Act programs.
    (3) Review new and altered system of records and matching program 
reports submitted pursuant to Section (o) of the Act.
    (4) Compile the biennial report of the President to Congress in 
accordance with Section (s) of the Act.
    (5) Compile and issue a biennial report on the agencies' 
implementation of the computer matching provisions of the Privacy Act, 
pursuant to Section (u)(6) of the Act.
    4. Reporting Requirements. The Privacy Act requires agencies to 
make the following kinds of reports:

----------------------------------------------------------------------------------------------------------------
                    Report                          When Due                       Recipient**                  
----------------------------------------------------------------------------------------------------------------
Biennial Privacy Act Report                     June 30, 1994,    Administrator, OIRA                           
                                                 1996, 1998,                                                    
                                                 2000                                                           
Biennial Matching Activity Report               June 30, 1994,    Administrator, OIRA                           
                                                 1996, 1998,                                                    
                                                 2000                                                           
New System of Records Report                    When              Administrator, OIRA, Congress                 
                                                 establishing a                                                 
                                                 system of                                                      
                                                 records--at                                                    
                                                 least 40 days                                                  
                                                 before                                                         
                                                 operating                                                      
                                                 system*                                                        
Altered System of Records Report                When adding a     Administrator, OIRA, Congress                 
                                                 new routine                                                    
                                                 use, exemption,                                                
                                                 or otherwise                                                   
                                                 significantly                                                  
                                                 altering an                                                    
                                                 existing system                                                
                                                 of records--at                                                 
                                                 least 40 days                                                  
                                                 before change                                                  
                                                 to system takes                                                
                                                 place*                                                         
New Matching Program Report                     When              Administrator, OIRA, Congress                 
                                                 establishing                                                   
                                                 new matching                                                   
                                                 program--at                                                    
                                                 least 40 days                                                  
                                                 before                                                         
                                                 operating                                                      
                                                 program*                                                       
Renewal of Existing Matching Program            At least 40 days  Administrator, OIRA, Congress                 
                                                 prior to                                                       
                                                 expiration of                                                  
                                                 one year                                                       
                                                 extension of                                                   
                                                 original                                                       
                                                 program--treat                                                 
                                                 as new program                                                 
Altered Matching Program                        When making a     Administrator, OIRA, Congress                 
                                                 significant                                                    
                                                 change to an                                                   
                                                 existing                                                       
                                                 matching                                                       
                                                 program--at                                                    
                                                 least 40 days                                                  
                                                 before                                                         
                                                 operating                                                      
                                                 altered                                                        
                                                 program*                                                       
Matching Agreements                             At least 40 days  Congress                                      
                                                 prior to start                                                 
                                                 of matching                                                    
                                                 program*                                                       
----------------------------------------------------------------------------------------------------------------
*-Review Period: Note that the statutory reporting requirement is 30 days prior; the additional 10 days will    
  ensure that OMB and Congress have sufficient time to review the proposal. Agencies should therefore ensure    
  that reports are mailed expeditiously after being signed.                                                     
**-Recipient Addresses: At bottom of envelope print ``PRIVACY ACT REPORT''                                      

    House of Representatives:
    The Chair of the House Committee on Government Operations, 2157 
RHOB, Washington, D.C. 20515-6143.
    Senate:
    The Chair of the Senate Committee on Governmental Affairs, 340 
SDOB, Washington, D.C. 20510-6250.
    Office of Management and Budget:
    The Administrator of the Office of Information and Regulatory 
Affairs, Office of Management and Budget, ATTN: Docket Library, NEOB 
Room 3201, Washington, D.C. 20503.
    a. Biennial Privacy Act Report. To provide the necessary 
information for the biennial report of the President, agencies shall 
submit a biennial report to OMB, covering their Privacy Act activities 
for the calendar years covered by the reporting period. The exact 
format of the report will be established by OMB. At a minimum, however, 
agencies should collect and be prepared to report the following data on 
a calendar year basis:
    (1) A listing of publication activity during the year showing the 
following:
    *-Total Number of Systems of Records (Exempt/NonExempt)
    *-Number of New Systems of Records Added (Exempt/NonExempt)
    *-Number Routine Uses Added
    *-Number Exemptions Added to Existing Systems
    *-Number Exemptions Deleted from Existing Systems
    *-Total Number of Automated Systems of Records (Exempt/NonExempt)
    The agency should provide a brief narrative describing those 
activities in detail, e.g., ``the Department added a (k)(1) exemption 
to an existing system of records entitled ``Investigative Records of 
the Office of Investigations;'' or ``the agency added a new routine use 
to a system of records entitled ``Employee Health Records'' that would 
permit disclosure of health data to researchers under contract to the 
agency to perform workplace risk analysis.''
    (2) A brief description of any public comments received on agency 
publication and implementation activities, and agency response.
    (3) Number of access and amendment requests from record subjects 
citing the Privacy Act that were received during the calendar year of 
the report. Also the disposition of requests from any year that were 
completed during the calendar year of the report:
    *-Total Number of Access Requests
    Number Granted in Whole
    Number Granted in Part
    Number Wholly Denied
    Number For Which No Record Found
    *-Total Amendment Requests
    Number Granted in Whole
    Number Granted in Part
    Number Wholly Denied
    *-Number of Appeals of Denials of Access
    Number Granted in Whole
    Number Granted in Part
    Number Wholly Denied
    Number For Which No Record Found
    *-Number of Appeals of Denials of Amendment
    Number Granted in Whole
    Number Granted in Part
    Number Wholly Denied
    (4) Number of instances in which individuals brought suit under 
section (g) of the Privacy Act against the agency and the results of 
any such litigation that resulted in a change to agency practices or 
affected guidance issued by OMB.
    (5) Results of any reviews undertaken in response to paragraph 3a 
of this Appendix.
    (6) Description of agency Privacy Act training activities conducted 
in accordance with paragraph 3a(6) of this Appendix.
    b. Biennial Matching Activity Report (See 5 U.S.C. 552a(u)(3)(D)). 
At the end of each calendar year, the Data Integrity Board of each 
agency that has participated in matches covered by the computer 
matching provisions of the Privacy Act will collect data summarizing 
that year's matching activity. The Act requires that such activity be 
reported every two years. OMB will establish the exact format of the 
report, but agencies' Data Integrity Boards should be prepared to 
report the data identified below both to the agency head and to OMB.
    (1) A listing of the names and positions of the members of the Data 
Integrity Board and showing separately the name of the Board Secretary, 
his or her agency mailing address, and telephone number. Also show and 
explain any changes in membership or structure occurring during the 
reporting year.
    (2) A listing of each matching program, by title and purpose, in 
which the agency participated during the reporting year. This listing 
should show names of participant agencies, give a brief description of 
the program, and give a citation including the date to the Federal 
Register notice describing the program.
    (3) For each matching program, an indication of whether the cost/
benefit analysis performed resulted in a favorable ratio. The Data 
Integrity Board should explain why the agency proceeded with any 
matching program for which an unfavorable ratio was reached.
    (4) For each program for which the Board waived a cost/benefit 
analysis, reasons for the waiver and the results of match, if 
tabulated.
    (5) A description of each matching agreement the Board rejected and 
an explanation of why it was rejected.
    (6) A listing of any violations of matching agreements that have 
been alleged or identified, and a discussion of any action taken.
    (7) A discussion of any litigation involving the agency's 
participation in any matching program.
    (8) For any litigation based on allegations of inaccurate records, 
an explanation of the steps the agency used to ensure the integrity of 
its data as well as the verification process it used in the matching 
program, including an assessment of the adequacy of each.
    c. New and Altered System of Records Report. The Act requires 
agencies to publish notices in the Federal Register describing new or 
altered systems of records, and to submit reports to OMB, and to the 
Chair of the Committee on Government Operations of the House of 
Representatives, and the Chair of the Committee on Governmental Affairs 
of the Senate. The reports must be transmitted at least 40 days prior 
to the operation of the new system of records or the date on which the 
alteration to an existing system takes place.
    (1) When to Report Altered Systems of Records. Minor changes to 
systems of records need not be reported. For example, a change in the 
designation of the system manager due to a reorganization would not 
require a report, so long as an individual's ability to gain access to 
his or her records is not affected. Other examples include changing 
applicable safeguards as a result of a risk analysis or deleting a 
routine use when there is no longer a need for the disclosure. The 
following changes are those for which a report is required:
    (a) A significant increase in the number of individuals about whom 
records are maintained. For example, a decision to expand a system that 
originally covered only residents of public housing in major cities to 
cover such residents nationwide would require a report. Increases 
attributable to normal growth should not be reported.
    (b) A change that expands the types or categories of information 
maintained. For example, a file covering physicians that has been 
expanded to include other types of health care providers, e.g., nurses, 
technicians, etc., would require a report.
    (c) A change that alters the purpose for which the information is 
used.
    (d) A change to equipment configuration (either hardware or 
software) that creates substantially greater access to the records in 
the system of records. For example, locating interactive terminals at 
regional offices for accessing a system formerly accessible only at the 
headquarters would require a report.
    (e) The addition of an exemption pursuant to Section (j) or (k) of 
the Act. Note that, in examining a rulemaking for a Privacy Act 
exemption as part of a report of a new or altered system of records, 
OMB will also review the rule under applicable regulatory review 
procedures and agencies need not make a separate submission for that 
purpose.
    (f) The addition of a routine use pursuant to 5 U.S.C. 552a(b)(3).
    (2) Reporting Changes to Multiple Systems of Records. When an 
agency makes a change to an information technology installation or a 
telecommunication network, or makes any other general changes in 
information collection, processing, dissemination, or storage that 
affect multiple systems of records, it may submit a single, 
consolidated report, with changes to existing notices and supporting 
documentation included in the submission.
    (3) Contents of the New or Altered System Report. The report for a 
new or altered system has three elements: a transmittal letter, a 
narrative statement, and supporting documentation that includes a copy 
of the proposed Federal Register notice. There is no prescribed format 
for either the letter or the narrative statement. The notice must 
appear in the format prescribed by the Office of the Federal Register's 
Document Drafting Handbook.
    (a) Transmittal Letter. The transmittal letter should be signed by 
the senior agency official responsible for implementation of the Act 
within the agency and should contain the name and telephone number of 
the individual who can best answer questions about the system of 
records. The letter should contain the agency's assurance that the 
proposed system does not duplicate any existing agency or government-
wide systems of records. The letter sent to OMB may also include 
requests for waiver of the time period for the review. The agency 
should indicate why it cannot meet the established review period and 
what will be the consequences of not obtaining the waiver, (see 
paragraph 4e below).
    (b) Narrative Statement. The narrative statement should be brief. 
It should make reference, as appropriate, to information in the 
supporting documentation rather than restating such information. The 
statement should:
    1. Describe the purpose for which the agency is establishing the 
system of records.
    2. Identify the authority under which the system of records is 
maintained. The agency should avoid citing housekeeping statutes, but 
rather cite the underlying programmatic authority for collecting, 
maintaining, and using the information. When the system is being 
operated to support an agency housekeeping program, e.g., a carpool 
locator, the agency may, however, cite a general housekeeping statute 
that authorizes the agency head to keep such records as necessary.
    3. Provide the agency's evaluation of the probable or potential 
effect of the proposal on the privacy of individuals.
    4. Provide a brief description of the steps taken by the agency to 
minimize the risk of unauthorized access to the system of records. A 
more detailed assessment of the risks and specific administrative, 
technical, procedural, and physical safeguards established shall be 
made available to OMB upon request.
    5. Explain how each proposed routine use satisfies the 
compatibility requirement of subsection (a)(7) of the Act. For altered 
systems, this requirement pertains only to any newly proposed routine 
use.
    6. Provide OMB Control Numbers, expiration dates, and titles of any 
OMB approved information collection requests (e.g., forms, surveys, 
etc.) contained in the system of records. If the request for OMB 
clearance of an information collection is pending, the agency may 
simply state the title of the collection and the date it was submitted 
for OMB clearance.
    (c) Supporting Documentation. Attach the following to all new or 
altered system of records reports:
    1. A copy of the new or altered system of records notice in Federal 
Register format, consistent with the provisions of 5 U.S.C. 552a(e)(4). 
For proposed altered systems the agency should supply a copy of the 
original system of records notice to ensure that reviewers can 
understand the changes proposed.
    2. A copy in Federal Register format of any new exemption rules or 
changes to published rules (consistent with the provisions of 5 U.S.C. 
552a(f),(j), or (k)) that the agency proposes to issue for the new or 
altered system.
    (4) OMB Concurrence. Agencies may assume that OMB concurs in the 
Privacy Act aspects of their proposal if OMB has not commented within 
40 days from the date the transmittal letter was signed. Agencies 
should ensure that letters are transmitted expeditiously after they are 
signed. Agencies may publish system of records and routine use notices 
as well as proposed exemption rules in the Federal Register at the same 
time that they send the new or altered system report to OMB and 
Congress. The period for OMB and congressional review and the notice 
and comment period for routine uses and exemptions will then run 
concurrently. Note that exemptions must be published as final rules 
before they are effective.
    d. New or Altered Matching Program Report. The Act requires 
agencies to publish notices in the Federal Register describing new or 
altered matching programs, and to submit reports to OMB, and to 
Congress. The report must be received at least 40 days prior to the 
initiation of any matching activity carried out under a new or 
substantially altered matching program. For renewals of continuing 
programs, the report must be dated at least 40 days prior to the 
expiration of any existing matching agreement.
    (1) When to Report Altered Matching Programs. Agencies need not 
report minor changes to matching programs. The term ``minor change to a 
matching program'' means a change that does not significantly alter the 
terms of the agreement under which the program is being carried out. 
Examples of significant changes include:
    (a) Changing the purpose for which the program was established.
    (b) Changing the matching population, either by including new 
categories of record subjects or by greatly increasing the numbers of 
records matched.
    (c) Changing the legal authority covering the matching program.
    (d) Changing the source or recipient agencies involved in the 
matching program.
    (2) Contents of New or Altered Matching Program Report. The report 
for a new or altered matching program has three elements: a transmittal 
letter, a narrative statement, and supporting documentation that 
includes a copy of the proposed Federal Register notice. There is no 
prescribed format for either the letter or the narrative statement. The 
notice must appear in the format prescribed by the Office of the 
Federal Register's Document Drafting Handbook.
    (a) Transmittal Letter. The transmittal letter should be signed by 
the senior agency official responsible for implementation of the 
Privacy Act within the agency and should contain the name and telephone 
number of the individual who can best answer questions about the 
matching program. The letter should state that a copy of the matching 
agreement has been distributed to Congress as the Act requires. The 
letter to OMB may also include a request for waiver of the review time 
period.
    (b) Narrative Statement.  The narrative statement should be brief. 
It should make reference, as appropriate, to information in the 
supporting documentation rather than restating such information. The 
statement should provide:
    1. A description of the purpose of the matching program and the 
authority under which it is being carried out.
    2. A description of the security safeguards used to protect against 
any unauthorized access or disclosure of records used in the match.
    3. If the cost/benefit analysis required by Section (u)(4)(A) 
indicated an unfavorable ratio or was waived pursuant to OMB guidance, 
an explanation of the basis on which the agency justifies conducting 
the match.
    (c) Supporting Documentation. Attach the following:
    1. A copy of the Federal Register notice describing the matching 
program.
    2. For the Congressional report only, a copy of the matching 
agreement.
    (3) OMB Concurrence. Agencies may assume that OMB concurs in the 
Privacy Act aspects of their proposal if OMB has not commented within 
40 days from the date the transmittal letter was signed. Agencies 
should ensure that letters are transmitted expeditiously after they are 
signed. Agencies may publish matching program notices in the Federal 
Register at the same time that they send the matching program report to 
OMB and Congress. The period for OMB and congressional review and the 
notice and comment period will then run concurrently.
    e. Expediting the Review Process. The Director, OMB, may grant a 
waiver of the 40-day review period for either systems of records or 
matching program reviews. The agency must ask for the waiver in the 
transmittal letter and demonstrate compelling reasons. When a waiver is 
granted, the agency is not thereby relieved of any other requirement of 
the Act. If no waiver is granted, agencies may presume concurrence at 
the expiration of the 40 day review period. Note that OMB cannot waive 
time periods specifically established by the Act such as the 30 days 
notice and comment period required for the adoption of a routine use 
proposal pursuant to Section (b)(3) of the Act.
    5. Publication Requirements. The Privacy Act requires agencies to 
publish notices or rules in the Federal Register in the following 
circumstances: when adopting a new or altered system of records, when 
adopting a routine use or exemption for a system of records, or when 
proposing to carry out a new or altered matching program. (See 
paragraph 4c(1) and 4d(1) above on what constitutes a reportable 
alteration.)
    a. Publishing New or Altered Systems of Records Notices and 
Exemption Rules.
    (1) Who Publishes. The agency responsible for operating the system 
of records makes the necessary publication. Publication should be 
carried out at the departmental or agency level. Where a system of 
records is to be operated exclusively by a component, the department 
rather than the component should publish the notice. Thus, for example, 
the Department of the Treasury would publish a system of records notice 
covering a system operated exclusively by the Internal Revenue Service. 
Note that if the agency is proposing to exempt the system under Section 
(j) or (k) of the Act, it must publish a rule in addition to the system 
of records notice.
    (a) Government-wide Systems of Records. Certain agencies publish 
systems of records containing records for which they have government-
wide responsibilities. The records may be located in other agencies, 
but they are being used under the authority of and in conformance with 
the rules mandated by the publishing agency. The Office of Personnel 
Management, for example, has published a number of government-wide 
systems of records relating to the operation of the government's 
personnel program. Agencies should not publish systems of records that 
wholly or partly duplicate existing government-wide systems of records.
    (b) Section (m) Contract Provisions. When an agency provides by 
contract for the operation of a system of records, it should ensure 
that a system of records notice describing the system has been 
published. It should also review the notice to ensure that it contains 
a routine use under Section (e)(4)(D) of the Act permitting disclosure 
to the contractor and his or her personnel.
    (2) When to Publish.
    (a) System Notice. It must appear in the Federal Register before 
the agency begins to operate the system, e.g., collect and use the 
information.
    (b) Routine Use. Must be published in the Federal Register 30 days 
before agency discloses records pursuant to its terms. If the sole 
change to an existing system of records is to add a routine use, the 
agency should either republish the entire system of records notice, a 
condensed description of the system of records, or a citation to the 
last full text Federal Register publication. (Note that the addition of 
a routine use to an existing system of records requires a report to OMB 
and Congress, and that the review period for this report is 40 days.)
    (c) Exemption Rule. Must be established through informal rulemaking 
pursuant to the Administrative Procedure Act. This process generally 
requires publication of a proposed rule, a period during which the 
public may comment, publication of a final rule, and the adoption of 
the final rule. Agencies may not withhold records under an exemption 
until these requirements have been met.
    (3) Format. Agencies should follow the publication format contained 
in the Office of the Federal Register's Document Drafting Handbook 
obtainable from the Government Printing Office.
    b. Publishing Matching Notices.
    (1) Who Publishes. Generally, the Recipient Federal agency (or the 
Federal source agency in a match conducted by a nonfederal agency) is 
responsible for publishing in the Federal Register a notice describing 
the new or altered matching program. However, in large, multi-agency 
matching programs, where the recipient agency is merely performing the 
matches, and the benefit accrues to the source agencies, the partners 
should assign responsibility for compliance with the administrative 
requirements in a fair and reasonable way. This may mean having the 
matching agency carry out these requirements for all parties, having 
one participant designated to do so, or having each source so for its 
own matching program(s).
    (2) Timing. Publication must occur at least 30 days prior to the 
initiation of any matching activity carried out under a new or 
substantially altered matching program. For renewals of programs 
agencies wish to continue past the 30 month period of initial 
eligibility (i.e., the initial 18 months plus a 1 year extension), 
publication must occur at least 30 days prior to the expiration of the 
existing matching agreement. (But note that a report to OMB and the 
Congress is also required with a 40 day review period).
    (3) Format. The matching notice shall be in the format prescribed 
by the Office of the Federal Register's Document Drafting Handbook and 
contain the following information:
    (a) The name of the Recipient Agency.
    (b) The Name(s) of the Source Agencies.
    (c) The beginning and ending dates of the match.
    (d) A brief description of the matching program, including its 
purpose; the legal authorities authorizing its operation; categories of 
individuals involved; and identification of records used, including 
name(s) of Privacy Act Systems of records.
    (e) The identification, address, and telephone number of a 
Recipient Agency official who will answer public inquiries about the 
program.

Appendix II to OMB Circular No. A-130

Cost Accounting, Cost Recovery, and Interagency Sharing of Information 
Technology Facilities

    [As proposed in the September 10, 1993 notice (58 FR 47793), the 
guidance formerly found in Appendix II has been revised and placed in 
Section 8b. Appendix II is therefore deleted and is reserved for future 
topics.]

Appendix III to OMB Circular No. A-130

Security of Federal Automated Information Systems

    [Appendix III is unchanged by this revision. See 50 FR 52742-44 
(December 24, 1985).]

Appendix IV to OMB Circular No. A-130

Analysis of Key Sections

    1. Purpose
    The purpose of this Appendix is to provide a general context and 
explanation for the contents of the key Sections of the Circular.
    2. Background
    The Paperwork Reduction Act (PRA) of 1980, Public Law 96-511, 94 
Stat. 2812, codified at Chapter 35 of Title 44 of the United States 
Code, establishes a broad mandate for agencies to perform their 
information activities in an efficient, effective, and economical 
manner. Section 3504 of the Act provides authority to the Director, 
OMB, to develop and implement uniform and consistent information 
resources management policies; oversee the development and promote the 
use of information management principles, standards, and guidelines; 
evaluate agency information management practices in order to determine 
their adequacy and efficiency, and determine compliance of such 
practices with the policies, principles, standards, and guidelines 
promulgated by the Director.
    The Circular implements OMB authority under the Act with respect to 
Section 3504(b), general information policy, Section 3504(e), records 
management, Section 3504(f), privacy, and Section 3504(g), Federal 
automatic data processing and telecommunications; the Privacy Act of 
1974 (5 U.S.C. 552a); the Chief Financial Officers Act (31 U.S.C. 3512 
et seq.); Sections 111 and 206 of the Federal Property and 
Administrative Services Act of 1949, as amended (40 U.S.C. 759 and 487, 
respectively); the Computer Security Act (40 U.S.C. 759 note); the 
Budget and Accounting Act of 1921 (31 U.S.C. 1 et seq.); and Executive 
Order No. 12046 of March 27, 1978, and Executive Order No. 12472 of 
April 3, 1984, Assignment of National Security and Emergency 
Telecommunications Functions. The Circular complements 5 CFR Part 1320, 
Controlling Paperwork Burden on the Public, which implements other 
Sections of the PRA dealing with controlling the reporting and 
recordkeeping burden placed on the public.
    In addition, the Circular revises and consolidates policy and 
procedures in seven previous OMB directives and rescinds those 
directives, as follows:
    A-3--Government Publications
    A-71--Responsibilities for the Administration and Management of 
Automatic Data Processing Activities Transmittal Memorandum No. 1 to 
Circular No. A-71--Security of Federal Automated Information Systems
    A-90--Cooperating with State and Local Governments to Coordinate 
and Improve Information Systems
    A-108--Responsibilities for the Maintenance of Records about 
Individuals by Federal Agencies
    A-114--Management of Federal Audiovisual Activities
    A-121--Cost Accounting, Cost Recovery, and Interagency Sharing of 
Data Processing Facilities
    3. Analysis
    Section 6, Definitions. Access and Dissemination. The original 
Circular No. A-130 distinguished between the terms ``access to 
information'' and ``dissemination of information'' in order to separate 
statutory requirements from policy considerations. The first term means 
giving members of the public, at their request, information to which 
they are entitled by a law such as the FOIA. The latter means actively 
distributing information to the public at the initiative of the agency. 
The distinction appeared useful at the time Circular No. A-130 was 
written, because it allowed OMB to focus discussion on Federal 
agencies' responsibilities for actively distributing information. 
However, popular usage and evolving technology have blurred differences 
between the terms ``access'' and ``dissemination'' and readers of the 
Circular were confused by the distinction. For example, if an agency 
``disseminates'' information via an on-line computer system, one speaks 
of permitting users to ``access'' the information, and on-line 
``access'' becomes a form of ``dissemination.''
    Thus, the revision defines only the term ``dissemination.'' Special 
considerations based on access statutes such as the Privacy Act and the 
FOIA are explained in context.
    Government Information. The definition of ``government 
information'' includes information created, collected, processed, 
disseminated, or disposed of both by and for the Federal Government. 
This recognizes the increasingly distributed nature of information in 
electronic environments. Many agencies, in addition to collecting 
information for government use and for dissemination to the public, 
require members of the public to maintain information or to disclose it 
to the public. Sound information resources management dictates that 
agencies consider the costs and benefits of a full range of 
alternatives to meet government objectives. In some cases, there is no 
need for the government actually to collect the information itself, 
only to assure that it is made publicly available. For example, banks 
insured by the FDIC must provide statements of financial condition to 
bank customers on request. Particularly when information is available 
in electronic form, networks make the physical location of information 
increasingly irrelevant.
    The inclusion of information created, collected, processed, 
disseminated, or disposed of for the Federal Government in the 
definition of ``government information'' does not imply that 
responsibility for implementing the provisions of the Circular itself 
extends beyond the executive agencies to other entities. Such an 
interpretation would be inconsistent with Section 4, Applicability, and 
with existing law. For example, the courts have held that requests to 
Federal agencies for release of information under the FOIA do not 
always extend to those performing information activities under grant or 
contract to a Federal agency. Similarly, grantees may copyright 
information where the government may not. Thus the information 
responsibilities of grantees and contractors are not identical to those 
of Federal agencies except to the extent that the agencies make them so 
in the underlying grants or contracts. Similarly, agency information 
resources management responsibilities do not extend to other entities.
    Information Dissemination Product. This notice defines the term 
``information dissemination product'' to include all information that 
is disseminated by Federal agencies. While the provision of access to 
on-line databases and search software included on compact disk, read-
only memory (CD-ROM) are often called information services rather than 
products, there is no clear distinction and, moreover, no real 
difference for policy purposes between the two. Thus, the term 
``information dissemination product'' applies to both products and 
services, and makes no distinction based on how the information is 
delivered.
    Section 8a(1). Information Management Planning. Parallel to new 
Section 7, Basic Considerations and Assumptions, Section 8a begins with 
information resources management planning. Planning is the process of 
establishing a course of action to achieve desired results with 
available resources. Planners translate organizational missions into 
specific goals and, in turn, into measurable objectives.
    The PRA introduced the concept of information resources management 
and the principle of information as an institutional resource which has 
both value and associated costs. Information resources management is a 
tool that managers use to achieve agency objectives. Information 
resources management is successful if it enables managers to achieve 
agency objectives efficiently and effectively.
    Information resources management planning is an integral part of 
overall mission planning. Agencies need to plan from the outset for the 
steps in the information life cycle. When creating or collecting 
information, agencies must plan how they will process and transmit the 
information, how they will use it, how they will protect its integrity, 
what provisions they will make for access to it, whether and how they 
will disseminate it, how they will store and retrieve it, and finally, 
how the information will ultimately be disposed of. They must also plan 
for the effects their actions and programs will have on the public and 
State and local governments.
    The Role of State and Local Governments. OMB made additions at 
Sections 7a, 7e, and 7j, Basic Considerations and Assumptions, 
concerning State and local governments, and also in policy statements 
at Sections 8a(1)(c), (3)(f), (5)(d)(iii), and (8)(e).
    State and local governments, and tribal governments, cooperate as 
major partners with the Federal Government in the collection, 
processing, and dissemination of information. For example, State 
governments are the principal collectors and/or producers of 
information in the areas of health, welfare, education, labor markets, 
transportation, the environment, and criminal justice. The States 
supply the Federal Government with data on aid to families with 
dependent children; medicare; school enrollments, staffing, and 
financing; statistics on births, deaths, and infectious diseases; 
population related data that form the basis for national estimates; 
employment and labor market data; and data used for census geography. 
National information resources are greatly enhanced through these major 
cooperating efforts.
    Federal agencies need to be sensitive to the role of State and 
local governments, and tribal governments, in managing information and 
in managing information technology. When planning, designing, and 
carrying out information collections, agencies should systematically 
consider what effect their activities will have on cities, counties, 
and States, and take steps to involve these governments as appropriate. 
Agencies should ensure that their information collections impose the 
minimum burden and do not duplicate or conflict with local efforts or 
other Federal agency requirements or mandates. The goal is that Federal 
agencies routinely integrate State and local government concerns into 
Federal information resources management practices. This goal is 
consistent with standards for State and local government review of 
Federal policies and programs.
    Training. Training is particularly important in view of the 
changing nature of information resources management. Decentralization 
of information technology has placed the management of automated 
information and information technology directly in the hands of nearly 
all agency personnel rather than in the hands of a few employees at 
centralized facilities. Agencies must plan for incorporating policies 
and procedures regarding computer security, records management, 
protection of privacy, and other safeguards into the training of every 
employee and contractor.
    Section 8a(2). Information Collection. The PRA requires that the 
creation or collection of information be carried out in an efficient, 
effective, and economical manner. When Federal agencies create or 
collect information--just as when they perform any other program 
functions--they consume scarce resources. Such activities must be 
continually evaluated for their relevance to agency missions.
    Agencies must justify the creation or collection of information 
based on their statutory functions. Policy statement 8a(2) uses the 
justification standard--``necessary for the proper performance of the 
functions of the agency''--established by the PRA (44 U.S.C. 
3504(c)(2)). Furthermore, the policy statement includes the requirement 
that the information have practical utility, as defined in the PRA (44 
U.S.C. 3502(16)) and elaborated in 5 CFR Part 1320. Practical utility 
includes such qualities of information as accuracy, adequacy, and 
reliability. In the case of general purpose statistics or 
recordkeeping, practical utility means that actual uses can be 
demonstrated (5 CFR 1320.7(o)). It should be noted that OMB's intent in 
placing emphasis on reducing unjustified burden in collecting 
information, an emphasis consistent with the Act, is not to diminish 
the importance of collecting information whenever agencies have 
legitimate program reasons for doing so. Rather, the concern is that 
the burdens imposed should not exceed the benefits to be derived from 
the information. Moreover, if the same benefit can be obtained by 
alternative means that impose a lesser burden, that alternative should 
be adopted.
    Section 8a(3). Electronic Information Collection. Section 7l 
articulates a basic assumption of the Circular that modern information 
technology can help the government provide better service to the public 
through improved management of government programs. One potentially 
useful application of information technology is in the government's 
collection of information. While some information collections may not 
be good candidates for electronic techniques, many are. Agencies with 
major electronic information collection programs have found that 
automated information collections allow them to meet program objectives 
more efficiently and effectively. Electronic data interchange (EDI) and 
related standards for the electronic exchange of information will ease 
transmission and processing of routine business transaction information 
such as invoices, purchase orders, price information, bills of lading, 
health insurance claims, and other common commercial documents. EDI 
holds similar promise for the routine filing of regulatory information 
such as tariffs, customs declarations, license applications, tax 
information, and environmental reports.
    Benefits to the public and agencies from electronic information 
collection appear substantial. Electronic methods of collection reduce 
paperwork burden, reduce errors, facilitate validation, and provide 
increased convenience and more timely receipt of benefits.
    The policy in Section 8a(3) encourages agencies to explore the use 
of automated techniques for collection of information, and sets forth 
conditions conducive to the use of those techniques.
    Section 8a(4). Records Management. Section 8a(4) begins with the 
fundamental requirement for Federal records management, namely, that 
agencies create and keep adequate and proper documentation of their 
activities. Federal agencies cannot carry out their missions in a 
responsible and responsive manner without adequate recordkeeping. 
Section 7h articulates the basic considerations concerning records 
management. Policy statements concerning records management are also 
interwoven throughout Section 8a, particularly in subsections on 
planning (8a(1)(j)), information dissemination (8a(6)), and safeguards 
(8a(9)).
    Records support the immediate needs of government--administrative, 
legal, fiscal--and ensure its continuity. Records are essential for 
protecting the rights and interests of the public, and for monitoring 
the work of public servants. The government needs records to ensure 
accountability to the public which includes making the information 
available to the public. Each stage of the information life cycle 
carries with it records management responsibilities. Agencies need to 
record their plans, carefully document the content and procedures of 
information collection, ensure proper documentation as a feature of 
every information system, keep records of dissemination programs, and, 
finally, ensure that records of permanent value are preserved.
    Preserving records for future generations is the archival mission. 
Advances in technology affect the amount of information that can be 
created and saved, and the ways this information can be made available. 
Technological advances can ease the task of records management; 
however, the rapid pace of change in modern technology makes decisions 
about the appropriate application of technology critical to records 
management. Increasingly the records manager must be concerned with 
preserving valuable electronic records in the context of a constantly 
changing technological environment.
    Records schedules are essential for the appropriate maintenance and 
disposition of records. Records schedules must be prepared in a timely 
fashion, implement the General Records Schedules issued by the National 
Archives and Records Administration, be approved by the Archivist of 
the United States, and be kept accurate and current. (See 44 U.S.C. 
3301 et seq.) The National Archives and Records Administration and the 
General Services Administration provide guidance and assistance to 
agencies in implementing records management responsibilities. They also 
evaluate agencies' records management programs to determine the extent 
to which they are appropriately implementing their records management 
responsibilities.
    Sections 8a(5) and 8a(6). Information Dissemination Policy. Section 
8a(5). Every agency has a responsibility to inform the public within 
the context of its mission. This responsibility requires that agencies 
distribute information at the agency's initiative, rather than merely 
responding when the public requests information.
    The FOIA requires each agency to publish in the Federal Register 
current descriptions of agency organization, where and how the public 
may obtain information, the general methods and procedural requirements 
by which agency functions are determined, rules of procedure, 
descriptions of forms and how to obtain them, substantive regulations, 
statements of general policy, and revisions to all the foregoing (5 
U.S.C. 552(a)(1)). The Privacy Act also requires publication of 
information concerning ``systems of records'' which are records 
retrieved by individual identifier such as name, Social Security 
Number, or fingerprint. The Government in the Sunshine Act requires 
agencies to publish meeting announcements (5 U.S.C. 552b (e)(1)). The 
PRA (44 U.S.C. 3507(a)(2)) and its implementing regulations (5 CFR Part 
1320) require agencies to publish notices when they submit information 
collection requests for OMB approval. The public's right of access to 
government information under these statutes is balanced against other 
concerns, such as an individual's right to privacy and protection of 
the government's deliberative process.
    As agencies satisfy these requirements, they provide the public 
basic information about government activities. Other statutes direct 
specific agencies to issue specific information dissemination products 
or to conduct information dissemination programs. Beyond generic and 
specific statutory requirements, agencies have responsibilities to 
disseminate information as a necessary part of performing their 
functions. For some agencies the responsibility is made explicit and 
sweeping; for example, the Agriculture Department is directed to 
``...diffuse among people of the United States, useful information on 
subjects connected with agriculture....'' (7 U.S.C. 2201) For other 
agencies, the responsibility may be much more narrowly drawn.
    Information dissemination is also a consequence of other agency 
activities. Agency programs normally include an organized effort to 
inform the public about the program. Most agencies carry out programs 
that create or collect information with the explicit or implicit intent 
that the information will be made public. Disseminating information is 
in many cases the logical extension of information creation or 
collection.
    In other cases, agencies may have information that is not meant for 
public dissemination but which may be the subject of requests from the 
public. When the agency establishes that there is public demand for the 
information and that it is in the public interest to disseminate the 
information, the agency may decide to disseminate it automatically.
    The policy in Section 8a(5)(d) sets forth several factors for 
agencies to take into account in conducting their information 
dissemination programs. First, agencies must balance two goals: 
maximizing the usefulness of the information to the government and the 
public, and minimizing the cost to both. Deriving from the basic 
purposes of the PRA (44 U.S.C. 3501), the two goals are frequently in 
tension because increasing usefulness usually costs more. Second, 
Section 8a(5)(d)(ii) requires agencies to conduct information 
dissemination programs equitably and in a timely manner. The word 
``equal'' was removed from this Section since there may be instances 
where, for example, an agency determines that its mission includes 
disseminating information to certain specific groups or members of the 
public, and the agency determines that user charges will constitute a 
significant barrier to carrying out this responsibility.
    Section 8a(5)(d)(iii), requiring agencies to take advantage of all 
dissemination channels, recognizes that information reaches the public 
in many ways. Few persons may read a Federal Register notice describing 
an agency action, but those few may be major secondary disseminators of 
the information. They may be affiliated with publishers of newspapers, 
newsletters, periodicals, or books; affiliated with on-line database 
providers; or specialists in certain information fields. While millions 
of information users in the public may be affected by the agency's 
action, only a handful may have direct contact with the agency's own 
information dissemination products. As a deliberate strategy, 
therefore, agencies should cooperate with the information's original 
creators, as well as with secondary disseminators, in order to further 
information dissemination goals and foster a diversity of information 
sources. An adjunct responsibility to this strategy is reflected in 
Section 8a(5)(d)(iv), which directs agencies to assist the public in 
finding government information. Agencies may accomplish this, for 
example, by specifying and disseminating ``locator'' information, 
including information about content, format, uses and limitations, 
location, and means of access.
    Section 8a(6). Information Dissemination Management System. This 
Section requires agencies to maintain an information dissemination 
management system which can ensure the routine performance of certain 
functions, including the essential functions previously required by 
Circular No. A-3. Smaller agencies need not establish elaborate formal 
systems, so long as the heads of the agencies can ensure that the 
functions are being performed.
    Subsection (6)(a) carries over a requirement from OMB Circular No. 
A-3 that agencies' information dissemination products are to be, in the 
words of 44 U.S.C. 1108, ``necessary in the transaction of the public 
business required by law of the agency.'' (Circular No. A-130 uses the 
expression ``necessary for the proper performance of agency 
functions,'' which OMB considers to be equivalent to the expression in 
44 U.S.C. 1108.) The point is that agencies should determine 
systematically the need for each information dissemination product.
    Section 8a(6)(b) recognizes that to carry out effective information 
dissemination programs, agencies need knowledge of the marketplace in 
which their information dissemination products are placed. They need to 
know what other information dissemination products users have available 
in order to design the best agency product. As agencies are constrained 
by finite budgets, when there are several alternatives from which to 
choose, they should not expend public resources filling needs which 
have already been met by others in the public or private sector. 
Agencies have a responsibility not to undermine the existing diversity 
of information sources.
    At the same time, an agency's responsibility to inform the public 
may be independent of the availability or potential availability of a 
similar information dissemination product. That is, even when another 
governmental or private entity has offered an information dissemination 
product identical or similar to what the agency would produce, the 
agency may conclude that it nonetheless has a responsibility to 
disseminate its own product. Agencies should minimize such instances of 
duplication but could reach such a conclusion because legal 
considerations require an official government information dissemination 
product.
    Section 8a(6)(c) makes the Circular consistent with current 
practice (See OMB Bulletins 88-15, 89-15, 90-09, and 91-16), by 
requiring agencies to establish and maintain inventories of information 
dissemination products. (These bulletins eliminated annual reporting to 
OMB of title-by-title listings of publications and the requirement for 
agencies to obtain OMB approval for each new periodical. Publications 
are now reviewed as necessary during the normal budget review process.) 
Inventories help other agencies and the public identify information 
which is available. This serves both to increase the efficiency of the 
dissemination function and to avoid unnecessary burdens of duplicative 
information collections. A corollary, enunciated in Section 8a(6)(d), 
is that agencies can better serve public information needs by 
developing finding aids for locating information produced by the 
agencies. Finally, Section 8a(6)(f) recognizes that there will be 
situations where agencies may have to take appropriate steps to ensure 
that members of the public with disabilities whom the agency has a 
responsibility to inform have a reasonable ability to access the 
information dissemination products.
    Depository Library Program. Sections 8a(6)(g) and (h) pertain to 
the Federal Depository Library Program. Agencies are to establish 
procedures to ensure compliance with 44 U.S.C. 1902, which requires 
that government publications (defined in 44 U.S.C. 1901 and repeated in 
Section 6 of the Circular) be made available to depository libraries 
through the Government Printing Office (GPO).
    Depository libraries are major partners with the Federal Government 
in the dissemination of information and contribute significantly to the 
diversity of information sources available to the public. They provide 
a mechanism for wide distribution of government information that 
guarantees basic availability to the public. Executive branch agencies 
support the depository library program both as a matter of law and on 
its merits as a means of informing the public about the government. On 
the other hand, the law places the administration of depository 
libraries with GPO. Agency responsibility for the depository libraries 
is limited to supplying government publications through GPO.
    Agencies can improve their performance in providing government 
publications as well as electronic information dissemination products 
to the depository library program. For example, the proliferation of 
``desktop publishing'' technology in recent years has afforded the 
opportunity for many agencies to produce their own printed documents. 
Many such documents may properly belong in the depository libraries but 
are not sent because they are not printed at GPO. The policy requires 
agencies to establish management controls to ensure that the 
appropriate documents reach the GPO for inclusion in the depository 
library program.
    At present, few agencies provide electronic information 
dissemination products to the depository libraries. At the same time, a 
small but growing number of information dissemination products are 
disseminated only in electronic format.
    OMB believes that, as a matter of policy, electronic information 
dissemination products generally should be provided to the depository 
libraries. Given that production and supply of information 
dissemination products to the depository libraries is primarily the 
responsibility of GPO, agencies should provide appropriate electronic 
information dissemination products to GPO for inclusion in the 
depository library program.
    While cost may be a consideration, agencies should not conclude 
without investigation that it would be prohibitively expensive to place 
their electronic information dissemination products in the depository 
libraries. For electronic information dissemination products other than 
on-line services, agencies may have the option of having GPO produce 
the information dissemination product for them, in which case GPO would 
pay for depository library costs. Agencies should consider this option 
if it would be a cost effective alternative to the agency making its 
own arrangements for production of the information dissemination 
product. Using GPO's services in this manner is voluntary and at the 
agency's discretion. Agencies could also consider negotiating other 
terms, such as inviting GPO to participate in agency procurement orders 
in order to distribute the necessary copies for the depository 
libraries. With adequate advance planning, agencies should be able to 
provide electronic information dissemination products to the depository 
libraries at nominal cost.
    In a particular case, substantial cost may be a legitimate reason 
for not providing an electronic information dissemination product to 
the depository library program. For example, for an agency with a 
substantial number of existing titles of electronic information 
dissemination products, furnishing copies of each to the depository 
libraries could be prohibitively expensive. In that situation, the 
agency should endeavor to make available those titles with the greatest 
general interest, value, and utility to the public. Substantial cost 
could also be an impediment in the case of some on-line information 
services where the costs associated with operating centralized 
databases would make provision of unlimited direct access to numerous 
users prohibitively expensive. In both cases, agencies should consult 
with the GPO, in order to identify those information dissemination 
products with the greatest public interest and utility for 
dissemination. In all cases, however, where an agency discontinues 
publication of an information dissemination product in paper format in 
favor of electronic formats, the agency should work with the GPO to 
ensure availability of the information dissemination product to 
depository libraries.
    Notice to the Public. Sections 8a(6)(i) and (j) present new 
practices for agencies to observe in communicating with the public 
about information dissemination. Among agencies' responsibilities for 
dissemination is an active knowledge of, and regular consultation with, 
the users of their information dissemination products. A primary reason 
for communication with users is to gain their contribution to improving 
the quality and relevance of government information--how it is created, 
collected, and disseminated. Consultations with users might include 
participation at conferences and workshops, careful attention to 
correspondence and telephone communications (e.g., logging and 
analyzing inquiries), or formalized user surveys.
    A key part of communicating with the public is providing adequate 
notice of agency information dissemination plans. Because agencies' 
information dissemination actions affect other agencies as well as the 
public, agencies must forewarn other agencies of significant actions. 
The decision to initiate, terminate, or substantially modify the 
content, form, frequency, or availability of significant products 
should also trigger appropriate advance public notice. Where 
appropriate, the Government Printing Office should be notified 
directly. Information dissemination products deemed not to be 
significant require no advance notice.
    Examples of significant products (or changes to them) might be 
those that:
    (a) are required by law; e.g., a statutorily mandated report to 
Congress;
    (b) involve expenditure of substantial funds; (c) by reason of the 
nature of the information, are matters of continuing public interest; 
e.g., a key economic indicator;
    (d) by reason of the time value of the information, command public 
interest; e.g., monthly crop reports on the day of their release;
    (e) will be disseminated in a new format or medium; e.g., 
disseminating a printed product in electronic medium, or disseminating 
a machine-readable data file via on-line access.
    Where members of the public might consider a proposed new agency 
product unnecessary or duplicative, the agency should solicit and 
evaluate public comments. Where users of an agency information 
dissemination product may be seriously affected by the introduction of 
a change in medium or format, the agency should notify users and 
consider their views before instituting the change. Where members of 
the public consider an existing agency product important and necessary, 
the agency should consider these views before deciding to terminate the 
product. In all cases, however, determination of what is a significant 
information dissemination product and what constitutes adequate notice 
are matters of agency judgment.
    Achieving Compliance with the Circular's Requirements. Section 
8a(6)(k) requires that the agency information dissemination management 
system ensure that, to the extent existing information dissemination 
policies or practices are inconsistent with the requirements of this 
Circular, an orderly transition to compliance with the requirements of 
this Circular is made. For example, some agency information 
dissemination products may be priced at a level which exceeds the cost 
of dissemination, or the agency may be engaged in practices which are 
otherwise unduly restrictive. In these instances, agencies must plan 
for an orderly transition to the substantive policy requirements of the 
Circular. The information dissemination management system must be 
capable of identifying these situations and planning for a reasonably 
prompt transition. Instances of existing agency practices which cannot 
immediately be brought into conformance with the requirements of the 
Circular are to be addressed through the waiver procedures of Section 
10(b).
    Section 8a(7). Avoiding Improperly Restrictive Practices. Federal 
agencies are often the sole suppliers of the information they hold. The 
agencies have either created or collected the information using public 
funds, usually in furtherance of unique governmental functions, and no 
one else has it. Hence agencies need to take care that their behavior 
does not inappropriately constrain public access to government 
information.
    When agencies use private contractors to accomplish dissemination, 
they must take care that they do not permit contractors to impose 
restrictions that undercut the agencies' discharge of their information 
dissemination responsibilities. The contractual terms should assure 
that, with respect to dissemination, the contractor behaves as though 
the contractor were the agency. For example, an agency practice of 
selling, through a contractor, on-line access to a database but 
refusing to sell copies of the database itself may be improperly 
restrictive because it precludes the possibility of another firm making 
the same service available to the public at a lower price. If an agency 
is willing to provide public access to a database, the agency should be 
willing to sell copies of the database itself.
    By the same reasoning, agencies should behave in an even-handed 
manner in handling information dissemination products. If an agency is 
willing to sell a database or database services to some members of the 
public, the agency should sell the same products under similar terms to 
other members of the public, unless prohibited by statute. When an 
agency decides it has public policy reasons for offering different 
terms of sale to different groups in the public, the agency should 
provide a clear statement of the policy and its basis.
    Agencies should not attempt to exert control over the secondary 
uses of their information dissemination products. In particular, 
agencies should not establish exclusive, restricted, or other 
distribution arrangements which interfere with timely and equitable 
availability of information dissemination products, and should not 
charge fees or royalties for the resale or redissemination of 
government information. These principles follow from the fact that the 
law prohibits the Federal Government from exercising copyright.
    Agencies should inform the public as to the limitations inherent in 
the information dissemination product (e.g., possibility of errors, 
degree of reliability, and validity) so that users are fully aware of 
the quality and integrity of the information. If circumstances warrant, 
an agency may wish to establish a procedure by which disseminators of 
the agency's information may at their option have the data and/or 
value-added processing checked for accuracy and certified by the 
agency. Using this method, redisseminators of the data would be able to 
respond to the demand for integrity from purchasers and users. This 
approach could be enhanced by the agency using its authority to 
trademark its information dissemination product, and requiring that 
redisseminators who wish to use the trademark agree to appropriate 
integrity procedures. These methods have the possibility of promoting 
diversity, user responsiveness, and efficiency as well as integrity. 
However, an agency's responsibility to protect against misuse of a 
government information dissemination product does not extend to 
restricting or regulating how the public actually uses the information. 
Agencies should not attempt to condition the resale or redissemination 
of its information dissemination products by members of the public.
    User charges. Title 5 of the Independent Offices Appropriations Act 
of 1952 (31 U.S.C. 9701) establishes Federal policy regarding fees 
assessed for government services, and for sale or use of government 
property or resources. OMB Circular No. A-25, User Charges, implements 
the statute. It provides for charges for government goods and services 
that convey special benefits to recipients beyond those accruing to the 
general public. It also establishes that user charges should be set at 
a level sufficient to recover the full cost of providing the service, 
resource, or property. Since Circular No. A-25 is silent as to the 
extent of its application to government information dissemination 
products, full cost recovery for information dissemination products 
might be interpreted to include the cost of collecting and processing 
information rather than just the cost of dissemination. The policy in 
Section 8a(7)(c) clarifies the policy of Circular No. A-25 as it 
applies to information dissemination products.
    Statutes such as FOIA and the Government in the Sunshine Act 
establish a broad and general obligation on the part of Federal 
agencies to make government information available to the public and to 
avoid erecting barriers that impede public access. User charges higher 
than the cost of dissemination may be a barrier to public access. The 
economic benefit to society is maximized when government information is 
publicly disseminated at the cost of dissemination. Absent statutory 
requirements to the contrary, the general standard for user charges for 
government information dissemination products should be to recover no 
more than the cost of dissemination. It should be noted in this 
connection that the government has already incurred the costs of 
creating and processing the information for governmental purposes in 
order to carry out its mission.
    Underpinning this standard is the FOIA fee structure which 
establishes limits on what agencies can charge for access to Federal 
records. That Act permits agencies to charge only the direct reasonable 
cost of search, reproduction and, in certain cases, review of requested 
records. In the case of FOIA requests for information dissemination 
products, charges would be limited to reasonable direct reproduction 
costs alone. No search would be needed to find the product, thus no 
search fees would be charged. Neither would the record need to be 
reviewed to determine if it could be withheld under one of the Act's 
exemptions since the agency has already decided to release it. Thus, 
FOIA provides an information ``safety net'' for the public.
    While OMB does not intend to prescribe procedures for pricing 
government information dissemination products, the cost of 
dissemination may generally be thought of as the sum of all costs 
specifically associated with preparing a product for dissemination and 
actually disseminating it to the public. When an agency prepares an 
information product for its own internal use, costs associated with 
such production would not generally be recoverable as user charges on 
subsequent dissemination. When the agency prepares the product for 
public dissemination, and disseminates it, costs associated with 
preparation and actual dissemination would be recoverable as user 
charges.
    When agencies provide custom tailored information services to 
specific individuals or groups, full cost recovery, including the cost 
of collection and processing, is appropriate. For example, if an agency 
prepares special tabulations or similar services from its databases in 
answer to a specific request from the public, all costs associated with 
fulfilling the request would be charged, and the requester should be so 
informed before work is begun.
    In a few cases, agencies engaging in information collection 
activities augment the information collection at the request of, and 
with funds provided by, private sector groups. Since the 1920's, the 
Bureau of the Census has carried out, on request, surveys of certain 
industries at greater frequency or at a greater level of detail than 
Federal funding would permit, because gathering the additional 
information is consistent with Federal purposes and industry groups 
have paid the additional information collection and processing costs. 
While the results of these surveys are disseminated to the public at 
the cost of dissemination, the existence and availability of the 
additional government data are special benefits to certain recipients 
beyond those accruing to the public. It is appropriate that those 
recipients should bear the full costs of information collection and 
processing, in addition to the normal costs of dissemination.
    Agencies must balance the requirement to establish user charges and 
the level of fees charged against other policies, specifically, the 
proper performance of agency functions and the need to ensure that 
information dissemination products reach the public for whom they are 
intended. If an agency mission includes disseminating information to 
certain specific groups or members of the public and the agency 
determines that user charges will constitute a significant barrier to 
carrying out this responsibility, the agency may have grounds for 
reducing or eliminating its user charges for the information 
dissemination product, or for exempting some recipients from the 
charge. Such reductions or eliminations should be the subject of agency 
determinations on a case by case basis and justified in terms of agency 
policies.
    Section 8a(8). Electronic Information Dissemination. Advances in 
information technology have changed government information 
dissemination. Agencies now have available new media and formats for 
dissemination, including CD-ROM, electronic bulletin boards, and public 
networks. The growing public acceptance of electronic data interchange 
(EDI) and similar standards enhances their attractiveness as methods 
for government information dissemination. For example, experiments with 
the use of electronic bulletin boards to advertise Federal contracting 
opportunities and to receive vendor quotes have achieved wider 
dissemination of information about business opportunities with the 
Federal Government than has been the case with traditional notices and 
advertisements. Improved information dissemination has increased the 
number of firms expressing interest in participating in the government 
market and decreased prices to the government due to expanded 
competition. In addition, the development of public electronic 
information networks, such as the Internet, provides an additional way 
for agencies to increase the diversity of information sources available 
to the public. Emerging applications such as Wide Area Information 
Servers and the World-wide Web (using the NISO Z39.50 standard) will be 
used increasingly to facilitate dissemination of government information 
such as environmental data, international trade information, and 
economic statistics in a networked environment.
    A basic purpose of the PRA is ``to maximize the usefulness of 
information collected, maintained, and disseminated by the Federal 
Government.'' (44 U.S.C. 3501(3)) Agencies can frequently enhance the 
value and practical utility of government information as a national 
resource by disseminating information in electronic media. Electronic 
collection and dissemination may substantially increase the usefulness 
of government information dissemination products for three reasons. 
First, information disseminated electronically is likely to be more 
timely and accurate because it does not require data re-entry. Second, 
electronic records often contain more complete and current information 
because, unlike paper, it is relatively easy to make frequent changes. 
Finally, because electronic information is more easily manipulated by 
the user and can be tailored to a wide variety of needs, electronic 
information dissemination products are more useful to the recipients.
    As stated at Section 8a(1)(h), agencies should use voluntary 
standards and Federal Information Processing Standards to the extent 
appropriate in order to ensure the most cost effective and widespread 
dissemination of information in electronic formats.
    Agencies can frequently make government information more accessible 
to the public and enhance the utility of government information as a 
national resource by disseminating information in electronic media. 
Agencies generally do not utilize data in raw form, but edit, refine, 
and organize the data in order to make it more accessible and useful 
for their own purposes. Information is made more accessible to users by 
aggregating data into logical groupings, tagging data with descriptive 
and other identifiers, and developing indexing and retrieval systems to 
facilitate access to particular data within a larger file. As a general 
matter, and subject to budgetary, security or legal constraints, 
agencies should make available such features developed for internal 
agency use as part of their information dissemination products.
    There will also be situations where the agency determines that its 
mission will be furthered by providing enhancements beyond those needed 
for its own use, particularly those that will improve the public 
availability of government information over the long term. In these 
instances, the agency should evaluate the expected usefulness of the 
enhanced information in light of its mission, and where appropriate 
construct partnerships with the private sector to add these elements of 
value. This approach may be particularly appropriate as part of a 
strategy to utilize new technology enhancements, such as graphic 
images, as part of a particular dissemination program.
    Section 8a(9). Information Safeguards. The basic premise of this 
Section is that agencies should provide an appropriate level of 
protection to government information, given an assessment of the risks 
associated with its maintenance and use. Among the factors to be 
considered include meeting the specific requirements of the Privacy Act 
of 1974 and the Computer Security Act of 1987.
    In particular, agencies are to ensure that they meet the 
requirements of the Privacy Act regarding information retrievable by 
individual identifier. Such information is to be collected, maintained, 
and protected so as to preclude intrusion into the privacy of 
individuals and the unwarranted disclosure of personal information. 
Individuals must be accorded access and amendment rights to records, as 
provided in the Privacy Act. To the extent that agencies share 
information which they have a continuing obligation to protect, 
agencies should see that appropriate safeguards are instituted. 
Appendix I prescribes agency procedures for the maintenance of records 
about individuals, reporting requirements to OMB and Congress, and 
other special requirements of specific agencies, in accordance with the 
Privacy Act.
    This Section also incorporates the requirement of the Computer 
Security Act of 1987 that agencies plan to secure their systems 
commensurate with the risk and magnitude of loss or harm that could 
result from the loss, misuse, or unauthorized access to information 
contained in those systems. It includes assuring the integrity, 
availability, and appropriate confidentiality of information. It also 
involves protection against the harm that could occur to individuals or 
entities outside of the Federal Government as well as the harm to the 
Federal Government. Such protection includes limits on collection and 
sharing of information and procedures to assure the integrity of 
information as well as requirements to adequately secure the 
information.
    Incorporation of Circular No. A-114. OMB Circular No. A-114, 
Management of Federal Audiovisual Activities, last revised on March 20, 
1985, prescribes policies and procedures to improve Federal audiovisual 
management. Although OMB will rescind Circular No. A-114, its essential 
policies and procedures will continue. This revision provides 
information resources management policies and principles independent of 
medium, including paper, electronic, or audiovisual. By including the 
term ``audiovisual'' in the definition of ``information,'' audiovisual 
materials are incorporated into all policies of this Circular.
    The requirement in Circular No. A-114 that the head of each agency 
designate an office with responsibility for the management oversight of 
an agency's audiovisual productions and that an appropriate program for 
the management of audiovisual productions in conformance with 36 CFR 
1232.4 is incorporated into this Circular at Section 9a(10). The 
requirement that audiovisual activities be obtained consistent with OMB 
Circular No. A-76 is covered by Sections 8a(1)(d), 8a(5)(d)(i) and 
8a(6)(b).
    Procurement policies contained in Circular No. A-114 will be 
incorporated into an Office of Federal Procurement Policy Letter.
    The National Archives and Records Administration will continue to 
prescribe the records management and archiving practices of agencies 
with respect to audiovisual productions at 36 CFR 1232.4, ``Audiovisual 
Records Management.''
    Section 8b, Information Systems and Information Technology 
Management
    Section 8b(1) Evaluation and Performance Measurement. OMB 
encourages agencies to stress several types of evaluation in their 
oversight of information systems. As a first step, agencies must assess 
the continuing need for the mission function. If the agency determines 
there is a continuing need for a function, agencies should reevaluate 
existing work processes prior to creating new or updating existing 
information systems. Without this analysis, agencies tend to develop 
information systems that improve the efficiency of traditional paper-
based processes which may be no longer needed. The application of 
information technology presents an opportunity to reevaluate existing 
organizational structures, work processes, and ways of interacting with 
the public to see whether they still efficiently and effectively 
support the agency's mission.
    Benefit-cost analyses provide vital management information on the 
most efficient allocation of human, financial, and information 
resources to support agency missions. Agencies should conduct a 
benefit-cost analysis for each information system to support management 
decision making to ensure: (a) alignment of the planned information 
system with the agency's mission needs; (b) acceptability of 
information system implementation to users inside the Government; (c) 
accessibility to clientele outside the Government; and (d) realization 
of projected benefits. When preparing benefit-cost analyses to support 
investments in information technology, agencies should seek to quantify 
the improvements in agency performance results through the measurement 
of program outputs.
    The requirement to conduct a benefit-cost analysis need not become 
a burdensome activity for agencies. The level of detail necessary for 
such analyses varies greatly and depends on the nature of the proposed 
investment. Proposed investments in ``major information systems'' as 
defined in this Circular require detailed and rigorous analysis. This 
analysis should not merely serve as budget justification material, but 
should be part of the ongoing management oversight process to ensure 
prudent allocation of scarce resources. Proposed investments for 
information systems that are not considered ``major information 
systems'' should be analyzed and documented more informally.
    While it is not necessary to create a new benefit-cost analysis at 
each stage of the information system life cycle, it is useful to 
refresh these analyses with up-to-date information to ensure the 
continued viability of an information system prior to and during 
implementation. Reasons for updating a benefit-cost analysis may 
include such factors as significant changes in projected costs and 
benefits, significant changes in information technology capabilities, 
major changes in requirements (including legislative or regulatory 
changes), or empirical data based on performance measurement gained 
through prototype results or pilot experience.
    Agencies should also weigh the relative benefits of proposed 
investments in information technology across the agency. Given the 
fiscal constraints facing the Federal government in the upcoming years, 
agencies should fund a portfolio of investments across the agency that 
maximizes return on investment for the agency as a whole. Agencies 
should also emphasize those proposed investments that show the greatest 
probability (i.e., display the lowest financial and operational risk) 
of achieving anticipated benefits for the organization. OMB and GAO are 
creating a publication that will provide agencies with reference 
materials for setting up such evaluation processes.
    Agencies should complete a retrospective evaluation of information 
systems once operational to validate projected savings, changes in 
practices, and effectiveness in serving affected publics. These post-
implementation reviews may also serve as the basis for agency-wide 
learning about effective management practices.
    Section 8b(2) Strategic Information Resources Management (IRM) 
Planning. Agencies should link to, and to the extent possible, 
integrate IRM planning with the agency strategic planning required by 
the Government Performance and Results Act (Pub.L. 103-62). Such a 
linkage ensures that agencies apply information resources to programs 
that support the achievement of agreed-upon mission goals. 
Additionally, strategic IRM planning by agencies may help avoid 
automating out-of-date, ineffective, or inefficient procedures and work 
processes.
    Agencies should also devote management attention to operational 
information resources management planning. This operational IRM 
planning should provide a one to five year focus to agency IRM 
activities and projects. Agency operational IRM plans should also 
provide a listing of the major information systems covered by the 
management oversight processes described in Section 8b(3). Agency 
operational planning for IRM should also communicate to the public how 
the agency's application of information resources might affect them. 
For the contractor community, this includes articulating the agency's 
intent to acquire information technology from the private sector. These 
data should not be considered acquisition sensitive, so that they can 
be distributed as widely as possible to the vendor community in order 
to promote competition. Agencies should make these acquisition plans 
available to the public through government-wide information 
dissemination mechanisms, including electronic means.
    Operational planning should also include initiatives to reduce the 
burden, including information collection burden, an agency imposes on 
the public. Too often, for example, agencies require personal visits to 
government offices during office hours inconvenient to the public. 
Instead, agencies should plan to use information technology in ways 
that make the public's dealing with the Federal government as ``user-
friendly'' as possible.
    Each year, OMB issues a bulletin, requesting copies of agencies' 
latest strategic IRM plans and annual updates to operational plans for 
information and information technology.
    Section 8b(3) Information Systems Management Oversight. Agencies 
should consider what constitutes a ``major information system'' for 
purposes of this Circular when determining the appropriate level of 
management attention for an information system. The anticipated dollar 
size of an information system or a supporting acquisition is only one 
determinant of the level of management attention an information system 
requires. Additional criteria to assess include the maturity and 
stability of the technology under consideration, how well defined user 
requirements are, the level of stability of program and user 
requirements, and security concerns.
    For instance, certain risky or ``cutting-edge'' information systems 
require closer scrutiny and more points of review and evaluation. This 
is particularly true when an agency uses an evolutionary life cycle 
strategy that requires a technical and financial evaluation of the 
project's viability at prototype and pilot testing phases. Projects 
relying on commercial off-the-shelf technology and applications will 
generally require less oversight than those using custom-designed 
software.
    While each phase of an information system life cycle may have 
unique characteristics, the dividing line between the phases may not 
always be distinct. For instance, both planning and evaluation should 
continue throughout the information system life cycle. In fact, during 
any phase, it may be necessary to revisit the previous stages based on 
new information or changes in the environment in which the system is 
being developed.
    The policy statements in this Circular describe an information 
system life cycle. It does not, however, make a definitive statement 
that there must be four versus five phases of a life cycle because the 
life cycle varies by the nature of the information system. Only two 
phases are common to all information systems--a beginning and an end. 
As a result, life cycle management techniques that agencies can use may 
vary depending on the complexity and risk inherent in the project.
    One element of this management oversight policy is the recognition 
of imbedded and/or parallel life cycles. Within an information system's 
life cycle there may be other subsidiary life cycles. For instance, 
most Federal information systems projects include an acquisition of 
goods and services that have life cycle characteristics. Some projects 
include software development components, which also have life cycles. 
Effective management oversight of major information systems requires a 
recognition of all these various life cycles and an integrated 
information systems management oversight with the budget and human 
resource management cycles that exist in the agency.
    Section 8b(2) of the Circular underscores the need for agencies to 
bring an agency-wide perspective to a number of information resources 
management issues. These issues include policy formulation, planning, 
management and technical frameworks for using information resources, 
and management oversight of major information systems. Agencies should 
also provide for coordinated decision making (Section 8b(3)(f)) in 
order to bring together the perspectives from across an agency, and 
outside if appropriate. Such coordination may take place in an agency-
wide management or IRM committee. Interested groups typically include 
functional users, managers of financial and human resources, 
information resources management specialists, and, as appropriate, the 
affected public.
    Section 8b(4) Use of Information Resources. Agency management of 
information resources should be guided by management and technical 
frameworks for agency-wide information and information technology 
needs. The technical framework should serve as a reference for updates 
to existing and new information systems. The management framework 
should assure the integration of proposed information systems projects 
into the technical framework in a manner that will ensure progress 
towards achieving an open systems environment. Agency strategic IRM 
planning should describe the parameters (e.g., technical standards) of 
such a technical framework. The management framework should drive 
operational planning and should describe how the agency intends to use 
information and information technology consistent with the technical 
framework.
    Agency management and technical frameworks for information 
resources should address agency strategies to move toward an open 
systems environment. These strategies should consist of one or multiple 
profiles (an internally consistent set of standards), based on the 
current version of the NIST's Application Portability Profile. These 
profiles should satisfy user requirements, accommodate officially 
recognized or de facto standards, and promote interoperability, 
application portability, and scalability by defining interfaces, 
services, protocols, and data formats favoring the use of 
nonproprietary specifications.
    Agencies should focus on how to better utilize the data they 
currently collect from the public. Because agencies generally do not 
share information, the public often must respond to duplicative 
information collections from various agencies or their components. 
Sharing of information about individuals should be consistent with the 
Privacy Act of 1974, as amended, and Appendix I of this Circular.
    Services provided by IPSOs to components of their own agency are 
often perceived to be ``free'' by the service recipients because their 
costs are budgeted as an ``overhead'' charge. Service recipients 
typically do not pay for IPSO services based on actual usage. Since the 
services are perceived to be free, there is very little incentive for 
either the service recipients or the IPSO managers to be watchful for 
opportunities to improve productivity or to reduce costs. Agencies are 
encouraged to institute chargeback mechanisms for IPSOs that provide 
common information processing services across a number of agency 
components when the resulting economies are expected to exceed the cost 
of administration.
    Section 8b(5) Acquisition of Information Technology. Consistent 
with the requirements of the Brooks Act and the Paperwork Reduction 
Act, agencies should acquire information technology to improve service 
delivery, reduce the cost of Federal program administration, and 
minimize burden of dealing with the Federal government. Agencies may 
wish to ask potential offerors to propose different technical solutions 
and approaches to fulfilling agency mission requirements. Evaluating 
acquisitions of information technology must assess both the benefits 
and costs of applying technology to meet such requirements.
    The distinction between information system life cycles and 
acquisition life cycles is important when considering the implications 
of OMB Circular A-109, Acquisition of Major Systems, to the acquisition 
of information resources. Circular A-109 presents one strategy for 
acquiring information technology when:
    i) The agency intends to fund operational tests and demonstrations 
of system design;
    ii) The risk is high due to the unproven integration of custom 
designed software and/or hardware components;
    iii) The estimated cost savings or operational improvements from 
such a demonstration will further improve the return on investment; or
    iv) The agency wants to acquire a solution based on state-of-the-
art, unproven technology.
    Agencies should comply with OMB Circular A-76, Performance of 
Commercial Activities, when considering conversion to or from in-house 
or contract performance.
    Agencies should ensure that acquisitions for new information 
technology comply with GSA regulations concerning information 
technology accessibility for individuals with disabilities [41 C.F.R. 
201-20.103-7].
    Section 9a(11). Ombudsman. The senior agency official designated by 
the head of each agency under 44 U.S.C. 3506(b) is charged with 
carrying out the responsibilities of the agency under the PRA. Agency 
senior information resources management officials are responsible for 
ensuring that their agency practices are in compliance with OMB 
policies. It is envisioned that the agency senior information resources 
management official will work as an ombudsman to investigate alleged 
instances of agency failure to adhere to the policies set forth in the 
Circular and to recommend or take corrective action as appropriate. 
Agency heads should continue to use existing mechanisms to ensure 
compliance with laws and policies.
    [The remainder of Appendix IV, which covers sections 9 and 10, is 
unchanged. See 50 FR 52750-51 (December 24, 1985).]
[FR Doc. 94-18007 Filed 7-22-94; 8:45 am]
BILLING CODE 3110-01-F