[107th Congress Public Law 347]
[From the U.S. Government Printing Office]
<DOC>
[DOCID: f:publ347.107]
[[Page 116 STAT. 2899]]
Public Law 107-347
107th Congress
An Act
To enhance the management and promotion of electronic Government
services and processes by establishing a Federal Chief Information
Officer <<NOTE: Dec. 17, 2002 - [H.R. 2458]>> within the Office of
Management and Budget, and by establishing a broad framework of measures
that require using Internet-based information technology to enhance
citizen access to Government information and services, and for other
purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in <<NOTE: E-Government Act of 2002.>> Congress
assembled,
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) Short <<NOTE: 44 USC 101 note.>> Title.--This Act may be cited
as the ``E-Government Act of 2002''.
(b) Table of Contents.--The table of contents for this Act is as
follows:
Sec. 1. Short title; table of contents.
Sec. 2. Findings and purposes.
TITLE I--OFFICE OF MANAGEMENT AND BUDGET ELECTRONIC GOVERNMENT SERVICES
Sec. 101. Management and promotion of electronic government services.
Sec. 102. Conforming amendments.
TITLE II--FEDERAL MANAGEMENT AND PROMOTION OF ELECTRONIC GOVERNMENT
SERVICES
Sec. 201. Definitions.
Sec. 202. Federal agency responsibilities.
Sec. 203. Compatibility of executive agency methods for use and
acceptance of electronic signatures.
Sec. 204. Federal Internet portal.
Sec. 205. Federal courts.
Sec. 206. Regulatory agencies.
Sec. 207. Accessibility, usability, and preservation of government
information.
Sec. 208. Privacy provisions.
Sec. 209. Federal information technology workforce development.
Sec. 210. Share-in-savings initiatives.
Sec. 211. Authorization for acquisition of information technology by
State and local governments through Federal supply schedules.
Sec. 212. Integrated reporting study and pilot projects.
Sec. 213. Community technology centers.
Sec. 214. Enhancing crisis management through advanced information
technology.
Sec. 215. Disparities in access to the Internet.
Sec. 216. Common protocols for geographic information systems.
TITLE III--INFORMATION SECURITY
Sec. 301. Information security.
Sec. 302. Management of information technology.
Sec. 303. National Institute of Standards and Technology.
Sec. 304. Information Security and Privacy Advisory Board.
Sec. 305. Technical and conforming amendments.
TITLE IV--AUTHORIZATION OF APPROPRIATIONS AND EFFECTIVE DATES
Sec. 401. Authorization of appropriations.
[[Page 116 STAT. 2900]]
Sec. 402. Effective dates.
TITLE V--CONFIDENTIAL INFORMATION PROTECTION AND STATISTICAL EFFICIENCY
Sec. 501. Short title.
Sec. 502. Definitions.
Sec. 503. Coordination and oversight of policies.
Sec. 504. Effect on other laws.
Subtitle A--Confidential Information Protection
Sec. 511. Findings and purposes.
Sec. 512. Limitations on use and disclosure of data and information.
Sec. 513. Fines and penalties.
Subtitle B--Statistical Efficiency
Sec. 521. Findings and purposes.
Sec. 522. Designation of statistical agencies.
Sec. 523. Responsibilities of designated statistical agencies.
Sec. 524. Sharing of business data among designated statistical
agencies.
Sec. 525. Limitations on use of business data provided by designated
statistical agencies.
Sec. 526. Conforming amendments.
SEC. 2. <<NOTE: 44 USC 3601 note.>> FINDINGS AND PURPOSES.
(a) Findings.--Congress finds the following:
(1) The use of computers and the Internet is rapidly
transforming societal interactions and the relationships among
citizens, private businesses, and the Government.
(2) The Federal Government has had uneven success in
applying advances in information technology to enhance
governmental functions and services, achieve more efficient
performance, increase access to Government information, and
increase citizen participation in Government.
(3) Most Internet-based services of the Federal Government
are developed and presented separately, according to the
jurisdictional boundaries of an individual department or agency,
rather than being integrated cooperatively according to function
or topic.
(4) Internet-based Government services involving interagency
cooperation are especially difficult to develop and promote, in
part because of a lack of sufficient funding mechanisms to
support such interagency cooperation.
(5) Electronic Government has its impact through improved
Government performance and outcomes within and across agencies.
(6) Electronic Government is a critical element in the
management of Government, to be implemented as part of a
management framework that also addresses finance, procurement,
human capital, and other challenges to improve the performance
of Government.
(7) To take full advantage of the improved Government
performance that can be achieved through the use of Internet-
based technology requires strong leadership, better
organization, improved interagency collaboration, and more
focused oversight of agency compliance with statutes related to
information resource management.
(b) Purposes.--The purposes of this Act are the following:
(1) To provide effective leadership of Federal Government
efforts to develop and promote electronic Government services
and processes by establishing an Administrator of a new Office
of Electronic Government within the Office of Management and
Budget.
[[Page 116 STAT. 2901]]
(2) To promote use of the Internet and other information
technologies to provide increased opportunities for citizen
participation in Government.
(3) To promote interagency collaboration in providing
electronic Government services, where this collaboration would
improve the service to citizens by integrating related
functions, and in the use of internal electronic Government
processes, where this collaboration would improve the efficiency
and effectiveness of the processes.
(4) To improve the ability of the Government to achieve
agency missions and program performance goals.
(5) To promote the use of the Internet and emerging
technologies within and across Government agencies to provide
citizen-centric Government information and services.
(6) To reduce costs and burdens for businesses and other
Government entities.
(7) To promote better informed decisionmaking by policy
makers.
(8) To promote access to high quality Government information
and services across multiple channels.
(9) To make the Federal Government more transparent and
accountable.
(10) To transform agency operations by utilizing, where
appropriate, best practices from public and private sector
organizations.
(11) To provide enhanced access to Government information
and services in a manner consistent with laws regarding
protection of personal privacy, national security, records
retention, access for persons with disabilities, and other
relevant laws.
TITLE I--OFFICE OF MANAGEMENT AND BUDGET ELECTRONIC GOVERNMENT SERVICES
SEC. 101. MANAGEMENT AND PROMOTION OF ELECTRONIC GOVERNMENT SERVICES.
(a) In General.--Title 44, United States Code, is amended by
inserting after chapter 35 the following:
``CHAPTER 36--MANAGEMENT AND PROMOTION OF ELECTRONIC GOVERNMENT SERVICES
``Sec.
``3601. Definitions.
``3602. Office of Electronic Government.
``3603. Chief Information Officers Council.
``3604. E-Government Fund.
``3605. Program to encourage innovative solutions to enhance electronic
Government services and processes.
``3606. E-Government report.
``Sec. 3601. Definitions
``In this chapter, the definitions under section 3502 shall apply,
and the term--
``(1) `Administrator' means the Administrator of the Office
of Electronic Government established under section 3602;
[[Page 116 STAT. 2902]]
``(2) `Council' means the Chief Information Officers Council
established under section 3603;
``(3) `electronic Government' means the use by the
Government of web-based Internet applications and other
information technologies, combined with processes that implement
these technologies, to--
``(A) enhance the access to and delivery of
Government information and services to the public, other
agencies, and other Government entities; or
``(B) bring about improvements in Government
operations that may include effectiveness, efficiency,
service quality, or transformation;
``(4) `enterprise architecture'--
``(A) means--
``(i) a strategic information asset base,
which defines the mission;
``(ii) the information necessary to perform
the mission;
``(iii) the technologies necessary to perform
the mission; and
``(iv) the transitional processes for
implementing new technologies in response to
changing mission needs; and
``(B) includes--
``(i) a baseline architecture;
``(ii) a target architecture; and
``(iii) a sequencing plan;
``(5) `Fund' means the E-Government Fund established under
section 3604;
``(6) `interoperability' means the ability of different
operating and software systems, applications, and services to
communicate and exchange data in an accurate, effective, and
consistent manner;
``(7) `integrated service delivery' means the provision of
Internet-based Federal Government information or services
integrated according to function or topic rather than separated
according to the boundaries of agency jurisdiction; and
``(8) `tribal government' means--
``(A) the governing body of any Indian tribe, band,
nation, or other organized group or community located in
the continental United States (excluding the State of
Alaska) that is recognized as eligible for the special
programs and services provided by the United States to
Indians because of their status as Indians, and
``(B) any Alaska Native regional or village
corporation established pursuant to the Alaska Native
Claims Settlement Act (43 U.S.C. 1601 et seq.).
``Sec. 3602. Office of Electronic Government
``(a) <<NOTE: Establishment. Government organization.>> There is
established in the Office of Management and Budget an Office of
Electronic Government.
``(b) <<NOTE: President.>> There shall be at the head of the Office
an Administrator who shall be appointed by the President.
``(c) The Administrator shall assist the Director in carrying out--
``(1) all functions under this chapter;
[[Page 116 STAT. 2903]]
``(2) all of the functions assigned to the Director under
title II of the E-Government Act of 2002; and
``(3) other electronic government initiatives, consistent
with other statutes.
``(d) The Administrator shall assist the Director and the Deputy
Director for Management and work with the Administrator of the Office of
Information and Regulatory Affairs in setting strategic direction for
implementing electronic Government, under relevant statutes, including--
``(1) chapter 35;
``(2) subtitle III of title 40, United States Code;
``(3) section 552a of title 5 (commonly referred to as the
`Privacy Act');
``(4) the Government Paperwork Elimination Act (44 U.S.C.
3504 note); and
``(5) the Federal Information Security Management Act of
2002.
``(e) The Administrator shall work with the Administrator of the
Office of Information and Regulatory Affairs and with other offices
within the Office of Management and Budget to oversee implementation of
electronic Government under this chapter, chapter 35, the E-Government
Act of 2002, and other relevant statutes, in a manner consistent with
law, relating to--
``(1) capital planning and investment control for
information technology;
``(2) the development of enterprise architectures;
``(3) information security;
``(4) privacy;
``(5) access to, dissemination of, and preservation of
Government information;
``(6) accessibility of information technology for persons
with disabilities; and
``(7) other areas of electronic Government.
``(f) Subject to requirements of this chapter, the Administrator
shall assist the Director by performing electronic Government functions
as follows:
``(1) Advise the Director on the resources required to
develop and effectively administer electronic Government
initiatives.
``(2) Recommend to the Director changes relating to
Governmentwide strategies and priorities for electronic
Government.
``(3) Provide overall leadership and direction to the
executive branch on electronic Government.
``(4) Promote innovative uses of information technology by
agencies, particularly initiatives involving multiagency
collaboration, through support of pilot projects, research,
experimentation, and the use of innovative technologies.
``(5) Oversee the distribution of funds from, and ensure
appropriate administration and coordination of, the E-Government
Fund established under section 3604.
``(6) Coordinate with the Administrator of General Services
regarding programs undertaken by the General Services
Administration to promote electronic government and the
efficient use of information technologies by agencies.
[[Page 116 STAT. 2904]]
``(7) Lead the activities of the Chief Information Officers
Council established under section 3603 on behalf of the Deputy
Director for Management, who shall chair the council.
``(8) Assist the Director in establishing policies which
shall set the framework for information technology standards for
the Federal Government developed by the National Institute of
Standards and Technology and promulgated by the Secretary of
Commerce under section 11331 of title 40, taking into account,
if appropriate, recommendations of the Chief Information
Officers Council, experts, and interested parties from the
private and nonprofit sectors and State, local, and tribal
governments, and maximizing the use of commercial standards as
appropriate, including the following:
``(A) Standards and guidelines for interconnectivity
and interoperability as described under section 3504.
``(B) Consistent with the process under section
207(d) of the E-Government Act of 2002, standards and
guidelines for categorizing Federal Government
electronic information to enable efficient use of
technologies, such as through the use of extensible
markup language.
``(C) Standards and guidelines for Federal
Government computer system efficiency and security.
``(9) Sponsor ongoing dialogue that--
``(A) shall be conducted among Federal, State,
local, and tribal government leaders on electronic
Government in the executive, legislative, and judicial
branches, as well as leaders in the private and
nonprofit sectors, to encourage collaboration and
enhance understanding of best practices and innovative
approaches in acquiring, using, and managing information
resources;
``(B) is intended to improve the performance of
governments in collaborating on the use of information
technology to improve the delivery of Government
information and services; and
``(C) may include--
``(i) development of innovative models--
``(I) for electronic Government
management and Government information
technology contracts; and
``(II) that may be developed through
focused discussions or using separately
sponsored research;
``(ii) identification of opportunities for
public-private collaboration in using Internet-
based technology to increase the efficiency of
Government-to-business transactions;
``(iii) identification of mechanisms for
providing incentives to program managers and other
Government employees to develop and implement
innovative uses of information technologies; and
``(iv) identification of opportunities for
public, private, and intergovernmental
collaboration in addressing the disparities in
access to the Internet and information technology.
``(10) Sponsor activities to engage the general public in
the development and implementation of policies and programs,
particularly activities aimed at fulfilling the goal of using
the most effective citizen-centered strategies and those
activities
[[Page 116 STAT. 2905]]
which engage multiple agencies providing similar or related
information and services.
``(11) Oversee the work of the General Services
Administration and other agencies in developing the integrated
Internet-based system under section 204 of the E-Government Act
of 2002.
``(12) Coordinate with the Administrator for Federal
Procurement Policy to ensure effective implementation of
electronic procurement initiatives.
``(13) Assist Federal agencies, including the General
Services Administration, the Department of Justice, and the
United States Access Board in--
``(A) implementing accessibility standards under
section 508 of the Rehabilitation Act of 1973 (29 U.S.C.
794d); and
``(B) ensuring compliance with those standards
through the budget review process and other means.
``(14) Oversee the development of enterprise architectures
within and across agencies.
``(15) Assist the Director and the Deputy Director for
Management in overseeing agency efforts to ensure that
electronic Government activities incorporate adequate, risk-
based, and cost-effective security compatible with business
processes.
``(16) Administer the Office of Electronic Government
established under this section.
``(17) Assist the Director in preparing the E-Government
report established under section 3606.
``(g) The Director shall ensure that the Office of Management and
Budget, including the Office of Electronic Government, the Office of
Information and Regulatory Affairs, and other relevant offices, have
adequate staff and resources to properly fulfill all functions under the
E-Government Act of 2002.
``Sec. 3603. Chief Information Officers Council
``(a) <<NOTE: Establishment.>> There is established in the executive
branch a Chief Information Officers Council.
``(b) The members of the Council shall be as follows:
``(1) The Deputy Director for Management of the Office of
Management and Budget, who shall act as chairperson of the
Council.
``(2) The Administrator of the Office of Electronic
Government.
``(3) The Administrator of the Office of Information and
Regulatory Affairs.
``(4) The chief information officer of each agency described
under section 901(b) of title 31.
``(5) The chief information officer of the Central
Intelligence Agency.
``(6) The chief information officer of the Department of the
Army, the Department of the Navy, and the Department of the Air
Force, if chief information officers have been designated for
such departments under section 3506(a)(2)(B).
``(7) Any other officer or employee of the United States
designated by the chairperson.
``(c)(1) The Administrator of the Office of Electronic Government
shall lead the activities of the Council on behalf of the Deputy
Director for Management.
[[Page 116 STAT. 2906]]
``(2)(A) The Vice Chairman of the Council shall be selected by the
Council from among its members.
``(B) The Vice Chairman shall serve a 1-year term, and may serve
multiple terms.
``(3) The Administrator of General Services shall provide
administrative and other support for the Council.
``(d) The Council is designated the principal interagency forum for
improving agency practices related to the design, acquisition,
development, modernization, use, operation, sharing, and performance of
Federal Government information resources.
``(e) In performing its duties, the Council shall consult regularly
with representatives of State, local, and tribal governments.
``(f) The Council shall perform functions that include the
following:
``(1) Develop recommendations for the Director on Government
information resources management policies and requirements.
``(2) Share experiences, ideas, best practices, and
innovative approaches related to information resources
management.
``(3) Assist the Administrator in the identification,
development, and coordination of multiagency projects and other
innovative initiatives to improve Government performance through
the use of information technology.
``(4) Promote the development and use of common performance
measures for agency information resources management under this
chapter and title II of the E-Government Act of 2002.
``(5) Work as appropriate with the National Institute of
Standards and Technology and the Administrator to develop
recommendations on information technology standards developed
under section 20 of the National Institute of Standards and
Technology Act (15 U.S.C. 278g-3) and promulgated under section
11331 of title 40, and maximize the use of commercial standards
as appropriate, including the following:
``(A) Standards and guidelines for interconnectivity
and interoperability as described under section 3504.
``(B) Consistent with the process under section
207(d) of the E-Government Act of 2002, standards and
guidelines for categorizing Federal Government
electronic information to enable efficient use of
technologies, such as through the use of extensible
markup language.
``(C) Standards and guidelines for Federal
Government computer system efficiency and security.
``(6) Work with the Office of Personnel Management to assess
and address the hiring, training, classification, and
professional development needs of the Government related to
information resources management.
``(7) Work with the Archivist of the United States to assess
how the Federal Records Act can be addressed effectively by
Federal information resources management activities.
``Sec. 3604. E-Government Fund
``(a)(1) There is established in the Treasury of the United States
the E-Government Fund.
``(2) The Fund shall be administered by the Administrator of the
General Services Administration to support projects approved by the
Director, assisted by the Administrator of the Office of
[[Page 116 STAT. 2907]]
Electronic Government, that enable the Federal Government to expand its
ability, through the development and implementation of innovative uses
of the Internet or other electronic methods, to conduct activities
electronically.
``(3) Projects under this subsection may include efforts to--
``(A) make Federal Government information and services more
readily available to members of the public (including
individuals, businesses, grantees, and State and local
governments);
``(B) make it easier for the public to apply for benefits,
receive services, pursue business opportunities, submit
information, and otherwise conduct transactions with the Federal
Government; and
``(C) enable Federal agencies to take advantage of
information technology in sharing information and conducting
transactions with each other and with State and local
governments.
``(b)(1) The Administrator shall--
``(A) <<NOTE: Procedures.>> establish procedures for
accepting and reviewing proposals for funding;
``(B) consult with interagency councils, including the Chief
Information Officers Council, the Chief Financial Officers
Council, and other interagency management councils, in
establishing procedures and reviewing proposals; and
``(C) assist the Director in coordinating resources that
agencies receive from the Fund with other resources available to
agencies for similar purposes.
``(2) When reviewing proposals and managing the Fund, the
Administrator shall observe and incorporate the following procedures:
``(A) A project requiring substantial involvement or funding
from an agency shall be approved by a senior official with
agencywide authority on behalf of the head of the agency, who
shall report directly to the head of the agency.
``(B) Projects shall adhere to fundamental capital planning
and investment control processes.
``(C) Agencies shall identify in their proposals resource
commitments from the agencies involved and how these resources
would be coordinated with support from the Fund, and include
plans for potential continuation of projects after all funds
made available from the Fund are expended.
``(D) After considering the recommendations of the
interagency councils, the Director, assisted by the
Administrator, shall have final authority to determine which of
the candidate projects shall be funded from the Fund.
``(E) Agencies shall assess the results of funded projects.
``(c) In determining which proposals to recommend for funding, the
Administrator--
``(1) shall consider criteria that include whether a
proposal--
``(A) identifies the group to be served, including
citizens, businesses, the Federal Government, or other
governments;
``(B) indicates what service or information the
project will provide that meets needs of groups
identified under subparagraph (A);
``(C) ensures proper security and protects privacy;
[[Page 116 STAT. 2908]]
``(D) is interagency in scope, including projects
implemented by a primary or single agency that--
``(i) could confer benefits on multiple
agencies; and
``(ii) have the support of other agencies; and
``(E) has performance objectives that tie to agency
missions and strategic goals, and interim results that
relate to the objectives; and
``(2) may also rank proposals based on criteria that include
whether a proposal--
``(A) has Governmentwide application or
implications;
``(B) has demonstrated support by the public to be
served;
``(C) integrates Federal with State, local, or
tribal approaches to service delivery;
``(D) identifies resource commitments from
nongovernmental sectors;
``(E) identifies resource commitments from the
agencies involved;
``(F) uses web-based technologies to achieve
objectives;
``(G) identifies records management and records
access strategies;
``(H) supports more effective citizen participation
in and interaction with agency activities that further
progress toward a more citizen-centered Government;
``(I) directly delivers Government information and
services to the public or provides the infrastructure
for delivery;
``(J) supports integrated service delivery;
``(K) describes how business processes across
agencies will reflect appropriate transformation
simultaneous to technology implementation; and
``(L) is new or innovative and does not supplant
existing funding streams within agencies.
``(d) The Fund may be used to fund the integrated Internet-based
system under section 204 of the E-Government Act of 2002.
``(e) <<NOTE: Notification.>> None of the funds provided from the
Fund may be transferred to any agency until 15 days after the
Administrator of the General Services Administration has submitted to
the Committees on Appropriations of the Senate and the House of
Representatives, the Committee on Governmental Affairs of the Senate,
the Committee on Government Reform of the House of Representatives, and
the appropriate authorizing committees of the Senate and the House of
Representatives, a notification and description of how the funds are to
be allocated and how the expenditure will further the purposes of this
chapter.
``(f)(1) <<NOTE: Reports.>> The Director shall report annually to
Congress on the operation of the Fund, through the report established
under section 3606.
``(2) The report under paragraph (1) shall describe--
``(A) all projects which the Director has approved for
funding from the Fund; and
``(B) the results that have been achieved to date for these
funded projects.
``(g)(1) There are authorized to be appropriated to the Fund--
``(A) $45,000,000 for fiscal year 2003;
``(B) $50,000,000 for fiscal year 2004;
``(C) $100,000,000 for fiscal year 2005;
``(D) $150,000,000 for fiscal year 2006; and
[[Page 116 STAT. 2909]]
``(E) such sums as are necessary for fiscal year 2007.
``(2) Funds appropriated under this subsection shall remain
available until expended.
``Sec. 3605. Program to encourage innovative solutions to enhance
electronic Government services and processes
``(a) Establishment of Program.--The Administrator shall establish
and promote a Governmentwide program to encourage contractor innovation
and excellence in facilitating the development and enhancement of
electronic Government services and processes.
``(b) Issuance of Announcements Seeking Innovative Solutions.--Under
the program, the Administrator, in consultation with the Council and the
Administrator for Federal Procurement Policy, shall issue announcements
seeking unique and innovative solutions to facilitate the development
and enhancement of electronic Government services and processes.
``(c) Multiagency Technical Assistance Team.--(1) The Administrator,
in consultation with the Council and the Administrator for Federal
Procurement Policy, shall convene a multiagency technical assistance
team to assist in screening proposals submitted to the Administrator to
provide unique and innovative solutions to facilitate the development
and enhancement of electronic Government services and processes. The
team shall be composed of employees of the agencies represented on the
Council who have expertise in scientific and technical disciplines that
would facilitate the assessment of the feasibility of the proposals.
``(2) The technical assistance team shall--
``(A) assess the feasibility, scientific and technical
merits, and estimated cost of each proposal; and
``(B) submit each proposal, and the assessment of the
proposal, to the Administrator.
``(3) The technical assistance team shall not consider or evaluate
proposals submitted in response to a solicitation for offers for a
pending procurement or for a specific agency requirement.
``(4) After receiving proposals and assessments from the technical
assistance team, the Administrator shall consider recommending
appropriate proposals for funding under the E-Government Fund
established under section 3604 or, if appropriate, forward the proposal
and the assessment of it to the executive agency whose mission most
coincides with the subject matter of the proposal.
``Sec. 3606. E-Government report
``(a) <<NOTE: Deadline.>> Not later than March 1 of each year, the
Director shall submit an E-Government status report to the Committee on
Governmental Affairs of the Senate and the Committee on Government
Reform of the House of Representatives.
``(b) The report under subsection (a) shall contain--
``(1) a summary of the information reported by agencies
under section 202(f) of the E-Government Act of 2002;
``(2) the information required to be reported by section
3604(f); and
``(3) a description of compliance by the Federal Government
with other goals and provisions of the E-Government Act of
2002.''.
[[Page 116 STAT. 2910]]
(b) Technical and Conforming Amendment.--The table of chapters for
title 44, United States Code, is amended by inserting after the item
relating to chapter 35 the following:
``36. Management and Promotion of Electronic Government Services.3601''.
SEC. 102. CONFORMING AMENDMENTS.
(a) Electronic Government and Information Technologies.--
(1) In general.--Chapter 3 of title 40, United States Code,
is amended by inserting after section 304 the following new
section:
``Sec. 305. Electronic Government and information technologies
``The Administrator of General Services shall consult with the
Administrator of the Office of Electronic Government on programs
undertaken by the General Services Administration to promote electronic
Government and the efficient use of information technologies by Federal
agencies.''.
(2) Technical and conforming amendment.--The table of
sections for chapter 3 of such title is amended by inserting
after the item relating to section 304 the following:
``305. Electronic Government and information technologies.''.
(b) Modification of Deputy Director for Management Functions.--
Section 503(b) of title 31, United States Code, is amended--
(1) by redesignating paragraphs (5), (6), (7), (8), and (9),
as paragraphs (6), (7), (8), (9), and (10), respectively; and
(2) by inserting after paragraph (4) the following:
``(5) Chair the Chief Information Officers Council
established under section 3603 of title 44.''.
(c) Office of Electronic Government.--
(1) In general.--Chapter 5 of title 31, United States Code,
is amended by inserting after section 506 the following:
``Sec. 507. Office of Electronic Government
``The Office of Electronic Government, established under section
3602 of title 44, is an office in the Office of Management and
Budget.''.
(2) Technical and conforming amendment.--The table of
sections for chapter 5 of title 31, United States Code, is
amended by inserting after the item relating to section 506 the
following:
``507. Office of Electronic Government.''.
TITLE II--FEDERAL MANAGEMENT AND PROMOTION OF ELECTRONIC GOVERNMENT
SERVICES
SEC. 201. <<NOTE: 44 USC 3501 note.>> DEFINITIONS.
Except as otherwise provided, in this title the definitions under
sections 3502 and 3601 of title 44, United States Code, shall apply.
[[Page 116 STAT. 2911]]
SEC. 202. <<NOTE: 44 USC 3501 note.>> FEDERAL AGENCY RESPONSIBILITIES.
(a) In General.--The head of each agency shall be responsible for--
(1) complying with the requirements of this Act (including
the amendments made by this Act), the related information
resource management policies and guidance established by the
Director of the Office of Management and Budget, and the related
information technology standards promulgated by the Secretary of
Commerce;
(2) ensuring that the information resource management
policies and guidance established under this Act by the
Director, and the related information technology standards
promulgated by the Secretary of Commerce are communicated
promptly and effectively to all relevant officials within their
agency; and
(3) supporting the efforts of the Director and the
Administrator of the General Services Administration to develop,
maintain, and promote an integrated Internet-based system of
delivering Federal Government information and services to the
public under section 204.
(b) Performance Integration.--
(1) Agencies shall develop performance measures that
demonstrate how electronic government enables progress toward
agency objectives, strategic goals, and statutory mandates.
(2) In measuring performance under this section, agencies
shall rely on existing data collections to the extent
practicable.
(3) Areas of performance measurement that agencies should
consider include--
(A) customer service;
(B) agency productivity; and
(C) adoption of innovative information technology,
including the appropriate use of commercial best
practices.
(4) Agencies shall link their performance goals, as
appropriate, to key groups, including citizens, businesses, and
other governments, and to internal Federal Government
operations.
(5) As appropriate, agencies shall work collectively in
linking their performance goals to groups identified under
paragraph (4) and shall use information technology in delivering
Government information and services to those groups.
(c) Avoiding Diminished Access.--When promulgating policies and
implementing programs regarding the provision of Government information
and services over the Internet, agency heads shall consider the impact
on persons without access to the Internet, and shall, to the extent
practicable--
(1) ensure that the availability of Government information
and services has not been diminished for individuals who lack
access to the Internet; and
(2) pursue alternate modes of delivery that make Government
information and services more accessible to individuals who do
not own computers or lack access to the Internet.
(d) Accessibility to People With Disabilities.--All actions taken by
Federal departments and agencies under this Act shall be in compliance
with section 508 of the Rehabilitation Act of 1973 (29 U.S.C. 794d).
(e) Sponsored Activities.--Agencies shall sponsor activities that
use information technology to engage the public in the development and
implementation of policies and programs.
[[Page 116 STAT. 2912]]
(f) Chief Information Officers.--The Chief Information Officer of
each of the agencies designated under chapter 36 of title 44, United
States Code (as added by this Act) shall be responsible for--
(1) participating in the functions of the Chief Information
Officers Council; and
(2) monitoring the implementation, within their respective
agencies, of information technology standards promulgated by the
Secretary of Commerce, including common standards for
interconnectivity and interoperability, categorization of
Federal Government electronic information, and computer system
efficiency and security.
(g) E-Government Status Report.--
(1) In general.--Each agency shall compile and submit to the
Director an annual E-Government Status Report on--
(A) the status of the implementation by the agency
of electronic government initiatives;
(B) compliance by the agency with this Act; and
(C) how electronic Government initiatives of the
agency improve performance in delivering programs to
constituencies.
(2) Submission.--Each agency shall submit an annual report
under this subsection--
(A) to the Director at such time and in such manner
as the Director requires;
(B) consistent with related reporting requirements;
and
(C) which addresses any section in this title
relevant to that agency.
(h) Use of Technology.--Nothing in this Act supersedes the
responsibility of an agency to use or manage information technology to
deliver Government information and services that fulfill the statutory
mission and programs of the agency.
(i) National Security Systems.--
(1) Inapplicability.--Except as provided under paragraph
(2), this title does not apply to national security systems as
defined in section 11103 of title 40, United States Code.
(2) Applicability.--This section, section 203, and section
214 do apply to national security systems to the extent
practicable and consistent with law.
SEC. 203. <<NOTE: 44 USC 3501 note.>> COMPATIBILITY OF EXECUTIVE AGENCY
METHODS FOR USE AND ACCEPTANCE OF ELECTRONIC SIGNATURES.
(a) Purpose.--The purpose of this section is to achieve
interoperable implementation of electronic signatures for appropriately
secure electronic transactions with Government.
(b) Electronic Signatures.--In order to fulfill the objectives of
the Government Paperwork Elimination Act (Public Law 105-277; 112 Stat.
2681-749 through 2681-751), each Executive agency (as defined under
section 105 of title 5, United States Code) shall ensure that its
methods for use and acceptance of electronic signatures are compatible
with the relevant policies and procedures issued by the Director.
(c) Authority for Electronic Signatures.--The Administrator of
General Services shall support the Director by establishing a framework
to allow efficient interoperability among Executive agencies when using
electronic signatures, including processing of digital signatures.
[[Page 116 STAT. 2913]]
(d) Authorization of Appropriations.--There are authorized to be
appropriated to the General Services Administration, to ensure the
development and operation of a Federal bridge certification authority
for digital signature compatibility, and for other activities consistent
with this section, $8,000,000 or such sums as are necessary in fiscal
year 2003, and such sums as are necessary for each fiscal year
thereafter.
SEC. 204. <<NOTE: 44 USC 3501 note.>> FEDERAL INTERNET PORTAL.
(a) In General.--
(1) Public access.--The Director shall work with the
Administrator of the General Services Administration and other
agencies to maintain and promote an integrated Internet-based
system of providing the public with access to Government
information and services.
(2) Criteria.--To the extent practicable, the integrated
system shall be designed and operated according to the following
criteria:
(A) The provision of Internet-based Government
information and services directed to key groups,
including citizens, business, and other governments, and
integrated according to function or topic rather than
separated according to the boundaries of agency
jurisdiction.
(B) An ongoing effort to ensure that Internet-based
Government services relevant to a given citizen activity
are available from a single point.
(C) Access to Federal Government information and
services consolidated, as appropriate, with Internet-
based information and services provided by State, local,
and tribal governments.
(D) Access to Federal Government information held by
1 or more agencies shall be made available in a manner
that protects privacy, consistent with law.
(b) Authorization of Appropriations.--There are authorized to be
appropriated to the General Services Administration $15,000,000 for the
maintenance, improvement, and promotion of the integrated Internet-based
system for fiscal year 2003, and such sums as are necessary for fiscal
years 2004 through 2007.
SEC. 205. <<NOTE: 44 USC 3501 note.>> FEDERAL COURTS.
(a) Individual Court Websites.--The Chief Justice of the United
States, the chief judge of each circuit and district and of the Court of
Federal Claims, and the chief bankruptcy judge of each district shall
cause to be established and maintained, for the court of which the judge
is chief justice or judge, a website that contains the following
information or links to websites with the following information:
(1) Location and contact information for the courthouse,
including the telephone numbers and contact names for the
clerk's office and justices' or judges' chambers.
(2) Local rules and standing or general orders of the court.
(3) Individual rules, if in existence, of each justice or
judge in that court.
(4) Access to docket information for each case.
(5) Access to the substance of all written opinions issued
by the court, regardless of whether such opinions are to be
published in the official court reporter, in a text searchable
format.
[[Page 116 STAT. 2914]]
(6) Access to documents filed with the courthouse in
electronic form, to the extent provided under subsection (c).
(7) Any other information (including forms in a format that
can be downloaded) that the court determines useful to the
public.
(b) Maintenance of Data Online.--
(1) Update of information.--The information and rules on
each website shall be updated regularly and kept reasonably
current.
(2) Closed cases.--Electronic files and docket information
for cases closed for more than 1 year are not required to be
made available online, except all written opinions with a date
of issuance after the effective date of this section shall
remain available online.
(c) Electronic Filings.--
(1) In <<NOTE: Public information.>> general.--Except as
provided under paragraph (2) or in the rules prescribed under
paragraph (3), each court shall make any document that is filed
electronically publicly available online. A court may convert
any document that is filed in paper form to electronic form. To
the extent such conversions are made, all such electronic
versions of the document shall be made available online.
(2) Exceptions.--Documents that are filed that are not
otherwise available to the public, such as documents filed under
seal, shall not be made available online.
(3) Privacy <<NOTE: Regulations.>> and security concerns.--
(A)(i) The Supreme Court shall prescribe rules, in accordance
with sections 2072 and 2075 of title 28, United States Code, to
protect privacy and security concerns relating to electronic
filing of documents and the public availability under this
subsection of documents filed electronically.
(ii) Such rules shall provide to the extent practicable for
uniform treatment of privacy and security issues throughout the
Federal courts.
(iii) Such rules shall take into consideration best
practices in Federal and State courts to protect private
information or otherwise maintain necessary information
security.
(iv) To the extent that such rules provide for the redaction
of certain categories of information in order to protect privacy
and security concerns, such rules shall provide that a party
that wishes to file an otherwise proper document containing such
information may file an unredacted document under seal, which
shall be retained by the court as part of the record, and which,
at the discretion of the court and subject to any applicable
rules issued in accordance with chapter 131 of title 28, United
States Code, shall be either in lieu of, or in addition, to, a
redacted copy in the public file.
(B)(i) Subject to clause (ii), the Judicial Conference of
the United States may issue interim rules, and interpretive
statements relating to the application of such rules, which
conform to the requirements of this paragraph and which shall
cease to have effect upon the effective date of the rules
required under subparagraph (A).
(ii) Pending issuance of the rules required under
subparagraph (A), any rule or order of any court, or of the
Judicial Conference, providing for the redaction of certain
categories of information in order to protect privacy and
security concerns
[[Page 116 STAT. 2915]]
arising from electronic filing shall comply with, and be
construed in conformity with, subparagraph (A)(iv).
(C) <<NOTE: Deadlines. Reports.>> Not later than 1 year
after the rules prescribed under subparagraph (A) take effect,
and every 2 years thereafter, the Judicial Conference shall
submit to Congress a report on the adequacy of those rules to
protect privacy and security.
(d) Dockets With Links to Documents.--The Judicial Conference of the
United States shall explore the feasibility of technology to post online
dockets with links allowing all filings, decisions, and rulings in each
case to be obtained from the docket sheet of that case.
(e) Cost of Providing Electronic Docketing Information.--Section
303(a) of the Judiciary Appropriations Act, 1992 (28 U.S.C. 1913 note)
is amended in the first sentence by striking ``shall hereafter'' and
inserting ``may, only to the extent necessary,''.
(f) Time <<NOTE: Deadlines.>> Requirements.--Not later than 2 years
after the effective date of this title, the websites under subsection
(a) shall be established, except that access to documents filed in
electronic form shall be established not later than 4 years after that
effective date.
(g) Deferral.--
(1) In general.--
(A) Election.--
(i) Notification.--The Chief Justice of the
United States, a chief judge, or chief bankruptcy
judge may submit a notification to the
Administrative Office of the United States Courts
to defer compliance with any requirement of this
section with respect to the Supreme Court, a court
of appeals, district, or the bankruptcy court of a
district.
(ii) Contents.--A notification submitted under
this subparagraph shall state--
(I) the reasons for the deferral;
and
(II) the online methods, if any, or
any alternative methods, such court or
district is using to provide greater
public access to information.
(B) Exception.--To the extent that the Supreme
Court, a court of appeals, district, or bankruptcy court
of a district maintains a website under subsection (a),
the Supreme Court or that court of appeals or district
shall comply with subsection (b)(1).
(2) Report.--Not <<NOTE: Deadline.>> later than 1 year after
the effective date of this title, and every year thereafter, the
Judicial Conference of the United States shall submit a report
to the Committees on Governmental Affairs and the Judiciary of
the Senate and the Committees on Government Reform and the
Judiciary of the House of Representatives that--
(A) contains all notifications submitted to the
Administrative Office of the United States Courts under
this subsection; and
(B) summarizes and evaluates all notifications.
SEC. 206. <<NOTE: 44 USC 3501 note.>> REGULATORY AGENCIES.
(a) Purposes.--The purposes of this section are to--
(1) improve performance in the development and issuance of
agency regulations by using information technology to increase
access, accountability, and transparency; and
[[Page 116 STAT. 2916]]
(2) enhance public participation in Government by electronic
means, consistent with requirements under subchapter II of
chapter 5 of title 5, United States Code, (commonly referred to
as the ``Administrative Procedures Act'').
(b) Information Provided by Agencies Online.--To the extent
practicable as determined by the agency in consultation with the
Director, each agency (as defined under section 551 of title 5, United
States Code) shall ensure that a publicly accessible Federal Government
website includes all information about that agency required to be
published in the Federal Register under paragraphs (1) and (2) of
section 552(a) of title 5, United States Code.
(c) Submissions by Electronic Means.--To the extent practicable,
agencies shall accept submissions under section 553(c) of title 5,
United States Code, by electronic means.
(d) Electronic Docketing.--
(1) In general.--To the extent practicable, as determined by
the agency in consultation with the Director, agencies shall
ensure that a publicly accessible Federal Government website
contains electronic dockets for rulemakings under section 553 of
title 5, United States Code.
(2) Information available.--Agency electronic dockets shall
make publicly available online to the extent practicable, as
determined by the agency in consultation with the Director--
(A) all submissions under section 553(c) of title 5,
United States Code; and
(B) other materials that by agency rule or practice
are included in the rulemaking docket under section
553(c) of title 5, United States Code, whether or not
submitted electronically.
(e) Time Limitation.--Agencies shall implement the requirements of
this section consistent with a timetable established by the Director and
reported to Congress in the first annual report under section 3606 of
title 44 (as added by this Act).
SEC. 207. <<NOTE: 44 USC 3501 note.>> ACCESSIBILITY, USABILITY, AND
PRESERVATION OF GOVERNMENT INFORMATION.
(a) Purpose.--The purpose of this section is to improve the methods
by which Government information, including information on the Internet,
is organized, preserved, and made accessible to the public.
(b) Definitions.--In this section, the term--
(1) ``Committee'' means the Interagency Committee on
Government Information established under subsection (c); and
(2) ``directory'' means a taxonomy of subjects linked to
websites that--
(A) organizes Government information on the Internet
according to subject matter; and
(B) may be created with the participation of human
editors.
(c) Interagency Committee.--
(1) Establishment.--Not <<NOTE: Deadline.>> later than 180
days after the date of enactment of this title, the Director
shall establish the Interagency Committee on Government
Information.
(2) Membership.--The Committee shall be chaired by the
Director or the designee of the Director and--
(A) shall include representatives from--
[[Page 116 STAT. 2917]]
(i) the National Archives and Records
Administration;
(ii) the offices of the Chief Information
Officers from Federal agencies; and
(iii) other relevant officers from the
executive branch; and
(B) may include representatives from the Federal
legislative and judicial branches.
(3) Functions.--The Committee shall--
(A) engage in public consultation to the maximum
extent feasible, including consultation with interested
communities such as public advocacy organizations;
(B) conduct studies and submit recommendations, as
provided under this section, to the Director and
Congress; and
(C) share effective practices for access to,
dissemination of, and retention of Federal information.
(4) Termination.--The Committee may be terminated on a date
determined by the Director, except the Committee may not
terminate before the Committee submits all recommendations
required under this section.
(d) Categorizing of Information.--
(1) Committee <<NOTE: Deadline.>> functions.--Not later than
2 years after the date of enactment of this Act, the Committee
shall submit recommendations to the Director on--
(A) the adoption of standards, which are open to the
maximum extent feasible, to enable the organization and
categorization of Government information--
(i) in a way that is searchable
electronically, including by searchable
identifiers; and
(ii) in ways that are interoperable across
agencies;
(B) the definition of categories of Government
information which should be classified under the
standards; and
(C) determining priorities and developing schedules
for the initial implementation of the standards by
agencies.
(2) Functions <<NOTE: Deadline. Policies.>> of the
director.--Not later than 1 year after the submission of
recommendations under paragraph (1), the Director shall issue
policies--
(A) requiring that agencies use standards, which are
open to the maximum extent feasible, to enable the
organization and categorization of Government
information--
(i) in a way that is searchable
electronically, including by searchable
identifiers;
(ii) in ways that are interoperable across
agencies; and
(iii) that are, as appropriate, consistent
with the provisions under section 3602(f)(8) of
title 44, United States Code;
(B) defining categories of Government information
which shall be required to be classified under the
standards; and
(C) determining priorities and developing schedules
for the initial implementation of the standards by
agencies.
(3) Modification of policies.--After the submission of
agency reports under paragraph (4), the Director shall modify
[[Page 116 STAT. 2918]]
the policies, as needed, in consultation with the Committee and
interested parties.
(4) Agency <<NOTE: Reports.>> functions.--Each agency shall
report annually to the Director, in the report established under
section 202(g), on compliance of that agency with the policies
issued under paragraph (2)(A).
(e) Public Access to Electronic Information.--
(1) Committee <<NOTE: Deadline.>> functions.--Not later than
2 years after the date of enactment of this Act, the Committee
shall submit recommendations to the Director and the Archivist
of the United States on--
(A) the adoption by agencies of policies and
procedures to ensure that chapters 21, 25, 27, 29, and
31 of title 44, United States Code, are applied
effectively and comprehensively to Government
information on the Internet and to other electronic
records; and
(B) the imposition of timetables for the
implementation of the policies and procedures by
agencies.
(2) Functions <<NOTE: Deadline. Policies.>> of the
archivist.--Not later than 1 year after the submission of
recommendations by the Committee under paragraph (1), the
Archivist of the United States shall issue policies--
(A) requiring the adoption by agencies of policies
and procedures to ensure that chapters 21, 25, 27, 29,
and 31 of title 44, United States Code, are applied
effectively and comprehensively to Government
information on the Internet and to other electronic
records; and
(B) imposing timetables for the implementation of
the policies, procedures, and technologies by agencies.
(3) Modification of policies.--After the submission of
agency reports under paragraph (4), the Archivist of the United
States shall modify the policies, as needed, in consultation
with the Committee and interested parties.
(4) Agency <<NOTE: Reports.>> functions.--Each agency shall
report annually to the Director, in the report established under
section 202(g), on compliance of that agency with the policies
issued under paragraph (2)(A).
(f) Agency Websites.--
(1) Standards <<NOTE: Deadline. Guidelines.>> for agency
websites.--Not later than 2 years after the effective date of
this title, the Director shall promulgate guidance for agency
websites that includes--
(A) requirements that websites include direct links
to--
(i) descriptions of the mission and statutory
authority of the agency;
(ii) information made available to the public
under subsections (a)(1) and (b) of section 552 of
title 5, United States Code (commonly referred to
as the ``Freedom of Information Act'');
(iii) information about the organizational
structure of the agency; and
(iv) the strategic plan of the agency
developed under section 306 of title 5, United
States Code; and
(B) minimum agency goals to assist public users to
navigate agency websites, including--
(i) speed of retrieval of search results;
(ii) the relevance of the results;
[[Page 116 STAT. 2919]]
(iii) tools to aggregate and disaggregate
data; and
(iv) security protocols to protect
information.
(2) Agency <<NOTE: Deadline.>> requirements.--(A) Not later
than 2 years after the date of enactment of this Act, each
agency shall--
(i) consult with the Committee and solicit public
comment;
(ii) establish a process for determining which
Government information the agency intends to make
available and accessible to the public on the Internet
and by other means;
(iii) develop priorities and schedules for making
Government information available and accessible;
(iv) make such final determinations, priorities, and
schedules available for public comment;
(v) post such final determinations, priorities, and
schedules on the Internet; and
(vi) submit such final determinations, priorities,
and schedules to the Director, in the report established
under section 202(g).
(B) Each agency shall update determinations, priorities, and
schedules of the agency, as needed, after consulting with the
Committee and soliciting public comment, if appropriate.
(3) Public domain directory of public federal government
websites.--
(A) Establishment.--Not <<NOTE: Deadline.>> later
than 2 years after the effective date of this title, the
Director and each agency shall--
(i) develop and establish a public domain
directory of public Federal Government websites;
and
(ii) post the directory on the Internet with a
link to the integrated Internet-based system
established under section 204.
(B) Development.--With the assistance of each
agency, the Director shall--
(i) direct the development of the directory
through a collaborative effort, including input
from--
(I) agency librarians;
(II) information technology
managers;
(III) program managers;
(IV) records managers;
(V) Federal depository librarians;
and
(VI) other interested parties; and
(ii) develop a public domain taxonomy of
subjects used to review and categorize public
Federal Government websites.
(C) Update.--With the assistance of each agency, the
Administrator of the Office of Electronic Government
shall--
(i) <<NOTE: Deadline.>> update the directory
as necessary, but not less than every 6 months;
and
(ii) solicit interested persons for
improvements to the directory.
(g) Access to Federally Funded Research and Development.--
(1) Development and maintenance of governmentwide repository
and website.--
[[Page 116 STAT. 2920]]
(A) Repository and website.--The Director of the
Office of Management and Budget (or the Director's
delegate), in consultation with the Director of the
Office of Science and Technology Policy and other
relevant agencies, shall ensure the development and
maintenance of--
(i) a repository that fully integrates, to the
maximum extent feasible, information about
research and development funded by the Federal
Government, and the repository shall--
(I) include information about
research and development funded by the
Federal Government, consistent with any
relevant protections for the information
under section 552 of title 5, United
States Code, and performed by--
(aa) institutions not a part
of the Federal Government,
including State, local, and
foreign governments; industrial
firms; educational institutions;
not-for-profit organizations;
federally funded research and
development centers; and private
individuals; and
(bb) entities of the Federal
Government, including research
and development laboratories,
centers, and offices; and
(II) integrate information about
each separate research and development
task or award, including--
(aa) the dates upon which
the task or award is expected to
start and end;
(bb) a brief summary
describing the objective and the
scientific and technical focus
of the task or award;
(cc) the entity or
institution performing the task
or award and its contact
information;
(dd) the total amount of
Federal funds expected to be
provided to the task or award
over its lifetime and the amount
of funds expected to be provided
in each fiscal year in which the
work of the task or award is
ongoing;
(ee) any restrictions
attached to the task or award
that would prevent the sharing
with the general public of any
or all of the information
required by this subsection, and
the reasons for such
restrictions; and
(ff) such other information
as may be determined to be
appropriate; and
(ii) <<NOTE: Public information.>> 1 or more
websites upon which all or part of the repository
of Federal research and development shall be made
available to and searchable by Federal agencies
and non-Federal entities, including the general
public, to facilitate--
(I) the coordination of Federal
research and development activities;
(II) collaboration among those
conducting Federal research and
development;
[[Page 116 STAT. 2921]]
(III) the transfer of technology
among Federal agencies and between
Federal agencies and non-Federal
entities; and
(IV) access by policymakers and the
public to information concerning Federal
research and development activities.
(B) Oversight.--The <<NOTE: Guidelines.>> Director
of the Office of Management and Budget shall issue any
guidance determined necessary to ensure that agencies
provide all information requested under this subsection.
(2) Agency functions.--Any agency that funds Federal
research and development under this subsection shall provide the
information required to populate the repository in the manner
prescribed by the Director of the Office of Management and
Budget.
(3) Committee <<NOTE: Deadline.>> functions.--Not later than
18 months after the date of enactment of this Act, working with
the Director of the Office of Science and Technology Policy, and
after consultation with interested parties, the Committee shall
submit recommendations to the Director on--
(A) policies to improve agency reporting of
information for the repository established under this
subsection; and
(B) policies to improve dissemination of the results
of research performed by Federal agencies and federally
funded research and development centers.
(4) Functions <<NOTE: Reports.>> of the director.--After
submission of recommendations by the Committee under paragraph
(3), the Director shall report on the recommendations of the
Committee and Director to Congress, in the E-Government report
under section 3606 of title 44 (as added by this Act).
(5) Authorization of appropriations.--There are authorized
to be appropriated for the development, maintenance, and
operation of the Governmentwide repository and website under
this subsection--
(A) $2,000,000 in each of the fiscal years 2003
through 2005; and
(B) such sums as are necessary in each of the fiscal
years 2006 and 2007.
SEC. 208. <<NOTE: 44 USC 3501 note.>> PRIVACY PROVISIONS.
(a) Purpose.--The purpose of this section is to ensure sufficient
protections for the privacy of personal information as agencies
implement citizen-centered electronic Government.
(b) Privacy Impact Assessments.--
(1) Responsibilities of agencies.--
(A) In general.--An agency shall take actions
described under subparagraph (B) before--
(i) developing or procuring information
technology that collects, maintains, or
disseminates information that is in an
identifiable form; or
(ii) initiating a new collection of
information that--
(I) will be collected, maintained,
or disseminated using information
technology; and
(II) includes any information in an
identifiable form permitting the
physical or online contacting of a
specific individual, if identical
questions have been posed to, or
identical reporting requirements
[[Page 116 STAT. 2922]]
imposed on, 10 or more persons, other
than agencies, instrumentalities, or
employees of the Federal Government.
(B) Agency activities.--To the extent required under
subparagraph (A), each agency shall--
(i) conduct a privacy impact assessment;
(ii) ensure the review of the privacy impact
assessment by the Chief Information Officer, or
equivalent official, as determined by the head of
the agency; and
(iii) <<NOTE: Public information. Federal
Register, publication.>> if practicable, after
completion of the review under clause (ii), make
the privacy impact assessment publicly available
through the website of the agency, publication in
the Federal Register, or other means.
(C) Sensitive information.--Subparagraph (B)(iii)
may be modified or waived for security reasons, or to
protect classified, sensitive, or private information
contained in an assessment.
(D) Copy to director.--Agencies shall provide the
Director with a copy of the privacy impact assessment
for each system for which funding is requested.
(2) Contents of a privacy impact assessment.--
(A) In general.--The Director shall issue guidance
to agencies specifying the required contents of a
privacy impact assessment.
(B) Guidance.--The guidance shall--
(i) ensure that a privacy impact assessment is
commensurate with the size of the information
system being assessed, the sensitivity of
information that is in an identifiable form in
that system, and the risk of harm from
unauthorized release of that information; and
(ii) require that a privacy impact assessment
address--
(I) what information is to be
collected;
(II) why the information is being
collected;
(III) the intended use of the agency
of the information;
(IV) with whom the information will
be shared;
(V) what notice or opportunities for
consent would be provided to individuals
regarding what information is collected
and how that information is shared;
(VI) how the information will be
secured; and
(VII) whether a system of records is
being created under section 552a of
title 5, United States Code, (commonly
referred to as the ``Privacy Act'').
(3) Responsibilities of the director.--The Director shall--
(A) <<NOTE: Guidelines.>> develop policies and
guidelines for agencies on the conduct of privacy impact
assessments;
(B) oversee the implementation of the privacy impact
assessment process throughout the Government; and
(C) require agencies to conduct privacy impact
assessments of existing information systems or ongoing
collections of information that is in an identifiable
form as the Director determines appropriate.
(c) Privacy Protections on Agency Websites.--
[[Page 116 STAT. 2923]]
(1) Privacy policies on websites.--
(A) Guidelines for notices.--The Director shall
develop guidance for privacy notices on agency websites
used by the public.
(B) Contents.--The guidance shall require that a
privacy notice address, consistent with section 552a of
title 5, United States Code--
(i) what information is to be collected;
(ii) why the information is being collected;
(iii) the intended use of the agency of the
information;
(iv) with whom the information will be shared;
(v) what notice or opportunities for consent
would be provided to individuals regarding what
information is collected and how that information
is shared;
(vi) how the information will be secured; and
(vii) the rights of the individual under
section 552a of title 5, United States Code
(commonly referred to as the ``Privacy Act''), and
other laws relevant to the protection of the
privacy of an individual.
(2) Privacy <<NOTE: Guidelines.>> policies in machine-
readable formats.--The Director shall issue guidance requiring
agencies to translate privacy policies into a standardized
machine-readable format.
(d) Definition.--In this section, the term ``identifiable form''
means any representation of information that permits the identity of an
individual to whom the information applies to be reasonably inferred by
either direct or indirect means.
SEC. 209. <<NOTE: 44 USC 3501 note.>> FEDERAL INFORMATION TECHNOLOGY
WORKFORCE DEVELOPMENT.
(a) Purpose.--The purpose of this section is to improve the skills
of the Federal workforce in using information technology to deliver
Government information and services.
(b) Workforce Development.--
(1) In general.--In consultation with the Director of the
Office of Management and Budget, the Chief Information Officers
Council, and the Administrator of General Services, the Director
of the Office of Personnel Management shall--
(A) analyze, on an ongoing basis, the personnel
needs of the Federal Government related to information
technology and information resource management;
(B) identify where current information technology
and information resource management training do not
satisfy the personnel needs described in subparagraph
(A);
(C) oversee the development of curricula, training
methods, and training priorities that correspond to the
projected personnel needs of the Federal Government
related to information technology and information
resource management; and
(D) assess the training of Federal employees in
information technology disciplines in order to ensure
that the information resource management needs of the
Federal Government are addressed.
(2) Information technology training programs.--The head of
each Executive agency, after consultation with the Director of
the Office of Personnel Management, the Chief
[[Page 116 STAT. 2924]]
Information Officers Council, and the Administrator of General
Services, shall establish and operate information technology
training programs consistent with the requirements of this
subsection. Such programs shall--
(A) have curricula covering a broad range of
information technology disciplines corresponding to the
specific information technology and information resource
management needs of the agency involved;
(B) be developed and applied according to rigorous
standards; and
(C) be designed to maximize efficiency, through the
use of self-paced courses, online courses, on-the-job
training, and the use of remote instructors, wherever
such features can be applied without reducing the
effectiveness of the training or negatively impacting
academic standards.
(3) Governmentwide policies and evaluation.--The Director of
the Office of Personnel Management, in coordination with the
Director of the Office of Management and Budget, shall issue
policies to promote the development of performance standards for
training and uniform implementation of this subsection by
Executive agencies, with due regard for differences in program
requirements among agencies that may be appropriate and
warranted in view of the agency mission. The Director of the
Office of Personnel Management shall evaluate the implementation
of the provisions of this subsection by Executive agencies.
(4) Chief information officer authorities and
responsibilities.--Subject to the authority, direction, and
control of the head of an Executive agency, the chief
information officer of such agency shall carry out all powers,
functions, and duties of the head of the agency with respect to
implementation of this subsection. The chief information officer
shall ensure that the policies of the agency head established in
accordance with this subsection are implemented throughout the
agency.
(5) Information <<NOTE: Records.>> technology training
reporting.--The Director of the Office of Management and Budget
shall ensure that the heads of Executive agencies collect and
maintain standardized information on the information technology
and information resources management workforce related to the
implementation of this subsection.
(6) Authority to detail employees to non-Federal
employers.--In carrying out the preceding provisions of this
subsection, the Director of the Office of Personnel Management
may provide for a program under which a Federal employee may be
detailed to a non-Federal employer. <<NOTE: Regulations.>> The
Director of the Office of Personnel Management shall prescribe
regulations for such program, including the conditions for
service and duties as the Director considers necessary.
(7) Coordination provision.--An assignment described in
section 3703 of title 5, United States Code, may not be made
unless a program under paragraph (6) is established, and the
assignment is made in accordance with the requirements of such
program.
(8) Employee participation.--Subject to information resource
management needs and the limitations imposed by resource needs
in other occupational areas, and consistent with their overall
workforce development strategies, agencies shall
[[Page 116 STAT. 2925]]
encourage employees to participate in occupational information
technology training.
(9) Authorization of Appropriations.--There are authorized
to be appropriated to the Office of Personnel Management for the
implementation of this subsection, $15,000,000 in fiscal year
2003, and such sums as are necessary for each fiscal year
thereafter.
(10) Executive agency defined.--For purposes of this
subsection, the term ``Executive agency'' has the meaning given
the term ``agency'' under section 3701 of title 5, United States
Code (as added by subsection (c)).
(c) Information Technology Exchange Program.--
(1) In general.--Subpart B of part III of title 5, United
States Code, is amended by adding at the end the following:
``CHAPTER 37--INFORMATION TECHNOLOGY EXCHANGE PROGRAM
``Sec.
``3701. Definitions.
``3702. General provisions.
``3703. Assignment of employees to private sector organizations.
``3704. Assignment of employees from private sector organizations.
``3705. Application to Office of the Chief Technology Officer of the
District of Columbia.
``3706. Reporting requirement.
``3707. Regulations.
``Sec. 3701. Definitions
``For purposes of this chapter--
``(1) the term `agency' means an Executive agency, but does
not include the General Accounting Office; and
``(2) the term `detail' means--
``(A) the assignment or loan of an employee of an
agency to a private sector organization without a change
of position from the agency that employs the individual,
or
``(B) the assignment or loan of an employee of a
private sector organization to an agency without a
change of position from the private sector organization
that employs the individual,
whichever is appropriate in the context in which such term is
used.
``Sec. 3702. General provisions
``(a) Assignment Authority.--On request from or with the agreement
of a private sector organization, and with the consent of the employee
concerned, the head of an agency may arrange for the assignment of an
employee of the agency to a private sector organization or an employee
of a private sector organization to the agency. An eligible employee is
an individual who--
``(1) works in the field of information technology
management;
``(2) is considered an exceptional performer by the
individual's current employer; and
``(3) is expected to assume increased information technology
management responsibilities in the future.
An <<NOTE: Eligibility.>> employee of an agency shall be eligible to
participate in this program only if the employee is employed at the GS-
11 level
[[Page 116 STAT. 2926]]
or above (or equivalent) and is serving under a career or career-
conditional appointment or an appointment of equivalent tenure in the
excepted service, and applicable requirements of section 209(b) of the
E-Government Act of 2002 are met with respect to the proposed assignment
of such employee.
``(b) Agreements.--Each agency that exercises its authority under
this chapter shall provide for a written agreement between the agency
and the employee concerned regarding the terms and conditions of the
employee's assignment. In the case of an employee of the agency, the
agreement shall--
``(1) require the employee to serve in the civil service,
upon completion of the assignment, for a period equal to the
length of the assignment; and
``(2) provide that, in the event the employee fails to carry
out the agreement (except for good and sufficient reason, as
determined by the head of the agency from which assigned) the
employee shall be liable to the United States for payment of all
expenses of the assignment.
An amount under paragraph (2) shall be treated as a debt due the United
States.
``(c) Termination.--Assignments may be terminated by the agency or
private sector organization concerned for any reason at any time.
``(d) Duration.--Assignments under this chapter shall be for a
period of between 3 months and 1 year, and may be extended in 3-month
increments for a total of not more than 1 additional year, except that
no assignment under this chapter may commence after the end of the 5-
year period beginning on the date of the enactment of this chapter.
``(e) Assistance.--The Chief Information Officers Council, by
agreement with the Office of Personnel Management, may assist in the
administration of this chapter, including by maintaining lists of
potential candidates for assignment under this chapter, establishing
mentoring relationships for the benefit of individuals who are given
assignments under this chapter, and publicizing the program.
``(f) Considerations.--In exercising any authority under this
chapter, an agency shall take into consideration--
``(1) the need to ensure that small business concerns are
appropriately represented with respect to the assignments
described in sections 3703 and 3704, respectively; and
``(2) how assignments described in section 3703 might best
be used to help meet the needs of the agency for the training of
employees in information technology management.
``Sec. 3703. Assignment of employees to private sector organizations
``(a) In General.--An employee of an agency assigned to a private
sector organization under this chapter is deemed, during the period of
the assignment, to be on detail to a regular work assignment in his
agency.
``(b) Coordination With Chapter 81.--Notwithstanding any other
provision of law, an employee of an agency assigned to a private sector
organization under this chapter is entitled to retain coverage, rights,
and benefits under subchapter I of chapter 81, and employment during the
assignment is deemed employment by the United States, except that, if
the employee or the employee's
[[Page 116 STAT. 2927]]
dependents receive from the private sector organization any payment
under an insurance policy for which the premium is wholly paid by the
private sector organization, or other benefit of any kind on account of
the same injury or death, then, the amount of such payment or benefit
shall be credited against any compensation otherwise payable under
subchapter I of chapter 81.
``(c) Reimbursements.--The assignment of an employee to a private
sector organization under this chapter may be made with or without
reimbursement by the private sector organization for the travel and
transportation expenses to or from the place of assignment, subject to
the same terms and conditions as apply with respect to an employee of a
Federal agency or a State or local government under section 3375, and
for the pay, or a part thereof, of the employee during assignment. Any
reimbursements shall be credited to the appropriation of the agency used
for paying the travel and transportation expenses or pay.
``(d) Tort Liability; Supervision.--The Federal Tort Claims Act and
any other Federal tort liability statute apply to an employee of an
agency assigned to a private sector organization under this chapter. The
supervision of the duties of an employee of an agency so assigned to a
private sector organization may be governed by an agreement between the
agency and the organization.
``(e) Small Business Concerns.--
``(1) In general.--The head of each agency shall take such
actions as may be necessary to ensure that, of the assignments
made under this chapter from such agency to private sector
organizations in each year, at least 20 percent are to small
business concerns.
``(2) Definitions.--For purposes of this subsection--
``(A) the term `small business concern' means a
business concern that satisfies the definitions and
standards specified by the Administrator of the Small
Business Administration under section 3(a)(2) of the
Small Business Act (as from time to time amended by the
Administrator);
``(B) the term `year' refers to the 12-month period
beginning on the date of the enactment of this chapter,
and each succeeding 12-month period in which any
assignments under this chapter may be made; and
``(C) the assignments `made' in a year are those
commencing in such year.
``(3) Reporting <<NOTE: Deadline.>> requirement.--An agency
which fails to comply with paragraph (1) in a year shall, within
90 days after the end of such year, submit a report to the
Committees on Government Reform and Small Business of the House
of Representatives and the Committees on Governmental Affairs
and Small Business of the Senate. The report shall include--
``(A) the total number of assignments made under
this chapter from such agency to private sector
organizations in the year;
``(B) of that total number, the number (and
percentage) made to small business concerns; and
``(C) the reasons for the agency's noncompliance
with paragraph (1).
``(4) Exclusion.--This subsection shall not apply to an
agency in any year in which it makes fewer than 5 assignments
under this chapter to private sector organizations.
[[Page 116 STAT. 2928]]
``Sec. 3704. Assignment of employees from private sector organizations
``(a) In General.--An employee of a private sector organization
assigned to an agency under this chapter is deemed, during the period of
the assignment, to be on detail to such agency.
``(b) Terms and Conditions.--An employee of a private sector
organization assigned to an agency under this chapter--
``(1) may continue to receive pay and benefits from the
private sector organization from which he is assigned;
``(2) is deemed, notwithstanding subsection (a), to be an
employee of the agency for the purposes of--
``(A) chapter 73;
``(B) sections 201, 203, 205, 207, 208, 209, 603,
606, 607, 643, 654, 1905, and 1913 of title 18;
``(C) sections 1343, 1344, and 1349(b) of title 31;
``(D) the Federal Tort Claims Act and any other
Federal tort liability statute;
``(E) the Ethics in Government Act of 1978;
``(F) section 1043 of the Internal Revenue Code of
1986; and
``(G) section 27 of the Office of Federal
Procurement Policy Act;
``(3) may not have access to any trade secrets or to any
other nonpublic information which is of commercial value to the
private sector organization from which he is assigned; and
``(4) is subject to such regulations as the President may
prescribe.
The supervision of an employee of a private sector organization assigned
to an agency under this chapter may be governed by agreement between the
agency and the private sector organization concerned. Such an assignment
may be made with or without reimbursement by the agency for the pay, or
a part thereof, of the employee during the period of assignment, or for
any contribution of the private sector organization to employee benefit
systems.
``(c) Coordination With Chapter 81.--An employee of a private sector
organization assigned to an agency under this chapter who suffers
disability or dies as a result of personal injury sustained while
performing duties during the assignment shall be treated, for the
purpose of subchapter I of chapter 81, as an employee as defined by
section 8101 who had sustained the injury in the performance of duty,
except that, if the employee or the employee's dependents receive from
the private sector organization any payment under an insurance policy
for which the premium is wholly paid by the private sector organization,
or other benefit of any kind on account of the same injury or death,
then, the amount of such payment or benefit shall be credited against
any compensation otherwise payable under subchapter I of chapter 81.
``(d) Prohibition Against Charging Certain Costs to the Federal
Government.--A private sector organization may not charge the Federal
Government, as direct or indirect costs under a Federal contract, the
costs of pay or benefits paid by the organization to an employee
assigned to an agency under this chapter for the period of the
assignment.
[[Page 116 STAT. 2929]]
``Sec. 3705. Application to Office of the Chief Technology Officer of
the District of Columbia
``(a) In General.--The Chief Technology Officer of the District of
Columbia may arrange for the assignment of an employee of the Office of
the Chief Technology Officer to a private sector organization, or an
employee of a private sector organization to such Office, in the same
manner as the head of an agency under this chapter.
``(b) Terms and Conditions.--An assignment made pursuant to
subsection (a) shall be subject to the same terms and conditions as an
assignment made by the head of an agency under this chapter, except that
in applying such terms and conditions to an assignment made pursuant to
subsection (a), any reference in this chapter to a provision of law or
regulation of the United States shall be deemed to be a reference to the
applicable provision of law or regulation of the District of Columbia,
including the applicable provisions of the District of Columbia
Government Comprehensive Merit Personnel Act of 1978 (sec. 1-601.01 et
seq., D.C. Official Code) and section 601 of the District of Columbia
Campaign Finance Reform and Conflict of Interest Act (sec. 1-1106.01,
D.C. Official Code).
``(c) Definition.--For purposes of this section, the term `Office of
the Chief Technology Officer' means the office established in the
executive branch of the government of the District of Columbia under the
Office of the Chief Technology Officer Establishment Act of 1998 (sec.
1-1401 et seq., D.C. Official Code).
``Sec. 3706. Reporting requirement
``(a) In <<NOTE: Deadline.>> General.--The Office of Personnel
Management shall, not later than April 30 and October 31 of each year,
prepare and submit to the Committee on Government Reform of the House of
Representatives and the Committee on Governmental Affairs of the Senate
a semiannual report summarizing the operation of this chapter during the
immediately preceding 6-month period ending on March 31 and September
30, respectively.
``(b) Content.--Each report shall include, with respect to the 6-
month period to which such report relates--
``(1) the total number of individuals assigned to, and the
total number of individuals assigned from, each agency during
such period;
``(2) a brief description of each assignment included under
paragraph (1), including--
``(A) the name of the assigned individual, as well
as the private sector organization and the agency
(including the specific bureau or other agency
component) to or from which such individual was
assigned;
``(B) the respective positions to and from which the
individual was assigned, including the duties and
responsibilities and the pay grade or level associated
with each; and
``(C) the duration and objectives of the
individual's assignment; and
``(3) such other information as the Office considers
appropriate.
``(c) Publication.--A copy of each report submitted under subsection
(a)--
``(1) <<NOTE: Federal Register, publication.>> shall be
published in the Federal Register; and
[[Page 116 STAT. 2930]]
``(2) <<NOTE: Public information.>> shall be made publicly
available on the Internet.
``(d) Agency Cooperation.--On request of the Office, agencies shall
furnish such information and reports as the Office may require in order
to carry out this section.
``Sec. 3707. Regulations
``The Director of the Office of Personnel Management shall prescribe
regulations for the administration of this chapter.''.
(2) Report.--Not <<NOTE: Deadline.>> later than 4 years
after the date of the enactment of this Act, the General
Accounting Office shall prepare and submit to the Committee on
Government Reform of the House of Representatives and the
Committee on Governmental Affairs of the Senate a report on the
operation of chapter 37 of title 5, United States Code (as added
by this subsection). Such report shall include--
(A) an evaluation of the effectiveness of the
program established by such chapter; and
(B) a recommendation as to whether such program
should be continued (with or without modification) or
allowed to lapse.
(3) Clerical Amendment.--The analysis for part III of title
5, United States Code, is amended by inserting after the item
relating to chapter 35 the following:
``37. Information Technology Exchange Program....................3701''.
(d) Ethics Provisions.--
(1) One-year restriction on certain communications.--Section
207(c)(2)(A) of title 18, United States Code, is amended--
(A) by striking ``or'' at the end of clause (iii);
(B) by striking the period at the end of clause (iv)
and inserting ``; or''; and
(C) by adding at the end the following:
``(v) assigned from a private sector organization to
an agency under chapter 37 of title 5.''.
(2) Disclosure of confidential information.--Section 1905 of
title 18, United States Code, is amended by inserting ``or being
an employee of a private sector organization who is or was
assigned to an agency under chapter 37 of title 5,'' after ``(15
U.S.C. 1311-1314),''.
(3) Contract advice.--Section 207 of title 18, United States
Code, is amended by adding at the end the following:
``(l) Contract Advice by Former Details.--Whoever, being an employee
of a private sector organization assigned to an agency under chapter 37
of title 5, within one year after the end of that assignment, knowingly
represents or aids, counsels, or assists in representing any other
person (except the United States) in connection with any contract with
that agency shall be punished as provided in section 216 of this
title.''.
(4) Restriction on disclosure of procurement information.--
Section 27 of the Office of Federal Procurement Policy Act (41
U.S.C. 423) is amended in subsection (a)(1) by adding at the end
the following new sentence: ``In the case of an employee of a
private sector organization assigned to an agency under chapter
37 of title 5, United States Code, in addition to the
restriction in the preceding sentence, such employee shall not,
other than as provided by law, knowingly disclose contractor bid
or proposal information or source selection
[[Page 116 STAT. 2931]]
information during the three-year period after the end of the
assignment of such employee.''.
(e) Report on Existing Exchange Programs.--
(1) Exchange program defined.--For purposes of this
subsection, the term ``exchange program'' means an executive
exchange program, the program under subchapter VI of chapter 33
of title 5, United States Code, and any other program which
allows for--
(A) the assignment of employees of the Federal
Government to non-Federal employers;
(B) the assignment of employees of non-Federal
employers to the Federal Government; or
(C) both.
(2) Reporting <<NOTE: Deadline.>> requirement.--Not later
than 1 year after the date of the enactment of this Act, the
Office of Personnel Management shall prepare and submit to the
Committee on Government Reform of the House of Representatives
and the Committee on Governmental Affairs of the Senate a report
identifying all existing exchange programs.
(3) Specific information.--The report shall, for each such
program, include--
(A) a brief description of the program, including
its size, eligibility requirements, and terms or
conditions for participation;
(B) specific citation to the law or other authority
under which the program is established;
(C) the names of persons to contact for more
information, and how they may be reached; and
(D) any other information which the Office considers
appropriate.
(f) Report on the Establishment of a Governmentwide Information
Technology Training Program.--
(1) In <<NOTE: Deadline.>> general.--Not later January 1,
2003, the Office of Personnel Management, in consultation with
the Chief Information Officers Council and the Administrator of
General Services, shall review and submit to the Committee on
Government Reform of the House of Representatives and the
Committee on Governmental Affairs of the Senate a written report
on the following:
(A) The adequacy of any existing information
technology training programs available to Federal
employees on a Governmentwide basis.
(B)(i) If one or more such programs already exist,
recommendations as to how they might be improved.
(ii) If no such program yet exists, recommendations
as to how such a program might be designed and
established.
(C) With respect to any recommendations under
subparagraph (B), how the program under chapter 37 of
title 5, United States Code, might be used to help carry
them out.
(2) Cost estimate.--The report shall, for any recommended
program (or improvements) under paragraph (1)(B), include the
estimated costs associated with the implementation and operation
of such program as so established (or estimated difference in
costs of any such program as so improved).
(g) Technical and Conforming Amendments.--
[[Page 116 STAT. 2932]]
(1) Amendments to title 5, united states code.--Title 5,
United States Code, is amended--
(A) in section 3111, by adding at the end the
following:
``(d) Notwithstanding section 1342 of title 31, the head of an
agency may accept voluntary service for the United States under chapter
37 of this title and regulations of the Office of Personnel
Management.'';
(B) in section 4108, by striking subsection (d); and
(C) in section 7353(b), by adding at the end the
following:
``(4) Nothing in this section precludes an employee of a private
sector organization, while assigned to an agency under chapter 37, from
continuing to receive pay and benefits from such organization in
accordance with such chapter.''.
(2) Amendment to title 18, united states code.--Section 209
of title 18, United States Code, is amended by adding at the end
the following:
``(g)(1) This section does not prohibit an employee of a private
sector organization, while assigned to an agency under chapter 37 of
title 5, from continuing to receive pay and benefits from such
organization in accordance with such chapter.
``(2) For purposes of this subsection, the term `agency' means an
agency (as defined by section 3701 of title 5) and the Office of the
Chief Technology Officer of the District of Columbia.''.
(3) Other amendments.--Section 125(c)(1) of Public Law 100-
238 (5 U.S.C. 8432 note) is amended--
(A) in subparagraph (B), by striking ``or'' at the
end;
(B) in subparagraph (C), by striking ``and'' at the
end and inserting ``or''; and
(C) by adding at the end the following:
``(D) an individual assigned from a Federal agency
to a private sector organization under chapter 37 of
title 5, United States Code; and''.
SEC. 210. <<NOTE: 44 USC 3501 note.>> SHARE-IN-SAVINGS INITIATIVES.
(a) Defense Contracts.--(1) Chapter 137 of title 10, United States
Code, is amended by adding at the end the following new section:
``Sec. 2332. Share-in-savings contracts
``(a) Authority To Enter Into Share-in-Savings Contracts.--(1) The
head of an agency may enter into a share-in-savings contract for
information technology (as defined in section 11101(6) of title 40) in
which the Government awards a contract to improve mission-related or
administrative processes or to accelerate the achievement of its mission
and share with the contractor in savings achieved through contract
performance.
``(2)(A) Except as provided in subparagraph (B), a share-in-savings
contract shall be awarded for a period of not more than five years.
``(B) A share-in-savings contract may be awarded for a period
greater than five years, but not more than 10 years, if the head of the
agency determines in writing prior to award of the contract that--
``(i) the level of risk to be assumed and the investment to
be undertaken by the contractor is likely to inhibit the
government from obtaining the needed information technology
[[Page 116 STAT. 2933]]
competitively at a fair and reasonable price if the contract is
limited in duration to a period of five years or less; and
``(ii) usage of the information technology to be acquired is
likely to continue for a period of time sufficient to generate
reasonable benefit for the government.
``(3) Contracts awarded pursuant to the authority of this section
shall, to the maximum extent practicable, be performance-based contracts
that identify objective outcomes and contain performance standards that
will be used to measure achievement and milestones that must be met
before payment is made.
``(4) Contracts awarded pursuant to the authority of this section
shall include a provision containing a quantifiable baseline that is to
be the basis upon which a savings share ratio is established that
governs the amount of payment a contractor is to receive under the
contract. Before commencement of performance of such a contract, the
senior procurement executive of the agency shall determine in writing
that the terms of the provision are quantifiable and will likely yield
value to the Government.
``(5)(A) The head of the agency may retain savings realized through
the use of a share-in-savings contract under this section that are in
excess of the total amount of savings paid to the contractor under the
contract, but may not retain any portion of such savings that is
attributable to a decrease in the number of civilian employees of the
Federal Government performing the function. Except as provided in
subparagraph (B), savings shall be credited to the appropriation or fund
against which charges were made to carry out the contract and shall be
used for information technology.
``(B) Amounts retained by the agency under this subsection shall--
``(i) without further appropriation, remain available until
expended; and
``(ii) be applied first to fund any contingent liabilities
associated with share-in-savings procurements that are not fully
funded.
``(b) Cancellation and Termination.--(1) If funds are not made
available for the continuation of a share-in-savings contract entered
into under this section in a subsequent fiscal year, the contract shall
be canceled or terminated. The costs of cancellation or termination may
be paid out of--
``(A) appropriations available for the performance of the
contract;
``(B) appropriations available for acquisition of the
information technology procured under the contract, and not
otherwise obligated; or
``(C) funds subsequently appropriated for payments of costs
of cancellation or termination, subject to the limitations in
paragraph (3).
``(2) The amount payable in the event of cancellation or termination
of a share-in-savings contract shall be negotiated with the contractor
at the time the contract is entered into.
``(3)(A) Subject to subparagraph (B), the head of an agency may
enter into share-in-savings contracts under this section in any given
fiscal year even if funds are not made specifically available for the
full costs of cancellation or termination of the contract if funds are
available and sufficient to make payments with respect to the first
fiscal year of the contract and the following conditions
[[Page 116 STAT. 2934]]
are met regarding the funding of cancellation and termination liability:
``(i) The amount of unfunded contingent liability for the
contract does not exceed the lesser of--
``(I) 25 percent of the estimated costs of a
cancellation or termination; or
``(II) $5,000,000.
``(ii) Unfunded contingent liability in excess of $1,000,000
has been approved by the Director of the Office of Management
and Budget or the Director's designee.
``(B) The aggregate number of share-in-savings contracts that may be
entered into under subparagraph (A) by all agencies to which this
chapter applies in a fiscal year may not exceed 5 in each of fiscal
years 2003, 2004, and 2005.
``(c) Definitions.--In this section:
``(1) The term `contractor' means a private entity that
enters into a contract with an agency.
``(2) The term `savings' means--
``(A) monetary savings to an agency; or
``(B) savings in time or other benefits realized by
the agency, including enhanced revenues (other than
enhanced revenues from the collection of fees, taxes,
debts, claims, or other amounts owed the Federal
Government).
``(3) The term `share-in-savings contract' means a contract
under which--
``(A) a contractor provides solutions for--
``(i) improving the agency's mission-related
or administrative processes; or
``(ii) accelerating the achievement of agency
missions; and
``(B) the head of the agency pays the contractor an
amount equal to a portion of the savings derived by the
agency from--
``(i) any improvements in mission-related or
administrative processes that result from
implementation of the solution; or
``(ii) acceleration of achievement of agency
missions.
``(d) Termination.--No share-in-savings contracts may be entered
into under this section after September 30, 2005.''.
(2) The table of sections at the beginning of such chapter is
amended by adding at the end of the following new item:
``2332. Share-in-savings contracts.''.
(b) Other Contracts.--Title III of the Federal Property and
Administrative Services Act of 1949 is amended by adding at the end the
following:
``SEC. 317. <<NOTE: 41 USC 266a.>> SHARE-IN-SAVINGS CONTRACTS.
``(a) Authority To Enter Into Share-in-Savings Contracts.--(1) The
head of an executive agency may enter into a share-in-savings contract
for information technology (as defined in section 11101(6) of title 40,
United States Code) in which the Government awards a contract to improve
mission-related or administrative processes or to accelerate the
achievement of its mission and share with the contractor in savings
achieved through contract performance.
[[Page 116 STAT. 2935]]
``(2)(A) Except as provided in subparagraph (B), a share-in-savings
contract shall be awarded for a period of not more than five years.
``(B) A share-in-savings contract may be awarded for a period
greater than five years, but not more than 10 years, if the head of the
agency determines in writing prior to award of the contract that--
``(i) the level of risk to be assumed and the investment to
be undertaken by the contractor is likely to inhibit the
government from obtaining the needed information technology
competitively at a fair and reasonable price if the contract is
limited in duration to a period of five years or less; and
``(ii) usage of the information technology to be acquired is
likely to continue for a period of time sufficient to generate
reasonable benefit for the government.
``(3) Contracts awarded pursuant to the authority of this section
shall, to the maximum extent practicable, be performance-based contracts
that identify objective outcomes and contain performance standards that
will be used to measure achievement and milestones that must be met
before payment is made.
``(4) Contracts awarded pursuant to the authority of this section
shall include a provision containing a quantifiable baseline that is to
be the basis upon which a savings share ratio is established that
governs the amount of payment a contractor is to receive under the
contract. Before commencement of performance of such a contract, the
senior procurement executive of the agency shall determine in writing
that the terms of the provision are quantifiable and will likely yield
value to the Government.
``(5)(A) The head of the agency may retain savings realized through
the use of a share-in-savings contract under this section that are in
excess of the total amount of savings paid to the contractor under the
contract, but may not retain any portion of such savings that is
attributable to a decrease in the number of civilian employees of the
Federal Government performing the function. Except as provided in
subparagraph (B), savings shall be credited to the appropriation or fund
against which charges were made to carry out the contract and shall be
used for information technology.
``(B) Amounts retained by the agency under this subsection shall--
``(i) without further appropriation, remain available until
expended; and
``(ii) be applied first to fund any contingent liabilities
associated with share-in-savings procurements that are not fully
funded.
``(b) Cancellation and Termination.--(1) If funds are not made
available for the continuation of a share-in-savings contract entered
into under this section in a subsequent fiscal year, the contract shall
be canceled or terminated. The costs of cancellation or termination may
be paid out of--
``(A) appropriations available for the performance of the
contract;
``(B) appropriations available for acquisition of the
information technology procured under the contract, and not
otherwise obligated; or
[[Page 116 STAT. 2936]]
``(C) funds subsequently appropriated for payments of costs
of cancellation or termination, subject to the limitations in
paragraph (3).
``(2) The amount payable in the event of cancellation or termination
of a share-in-savings contract shall be negotiated with the contractor
at the time the contract is entered into.
``(3)(A) Subject to subparagraph (B), the head of an executive
agency may enter into share-in-savings contracts under this section in
any given fiscal year even if funds are not made specifically available
for the full costs of cancellation or termination of the contract if
funds are available and sufficient to make payments with respect to the
first fiscal year of the contract and the following conditions are met
regarding the funding of cancellation and termination liability:
``(i) The amount of unfunded contingent liability for the
contract does not exceed the lesser of--
``(I) 25 percent of the estimated costs of a
cancellation or termination; or
``(II) $5,000,000.
``(ii) Unfunded contingent liability in excess of $1,000,000
has been approved by the Director of the Office of Management
and Budget or the Director's designee.
``(B) The aggregate number of share-in-savings contracts that may be
entered into under subparagraph (A) by all executive agencies to which
this chapter applies in a fiscal year may not exceed 5 in each of fiscal
years 2003, 2004, and 2005.
``(c) Definitions.--In this section:
``(1) The term `contractor' means a private entity that
enters into a contract with an agency.
``(2) The term `savings' means--
``(A) monetary savings to an agency; or
``(B) savings in time or other benefits realized by
the agency, including enhanced revenues (other than
enhanced revenues from the collection of fees, taxes,
debts, claims, or other amounts owed the Federal
Government).
``(3) The term `share-in-savings contract' means a contract
under which--
``(A) a contractor provides solutions for--
``(i) improving the agency's mission-related
or administrative processes; or
``(ii) accelerating the achievement of agency
missions; and
``(B) the head of the agency pays the contractor an
amount equal to a portion of the savings derived by the
agency from--
``(i) any improvements in mission-related or
administrative processes that result from
implementation of the solution; or
``(ii) acceleration of achievement of agency
missions.
``(d) Termination.--No share-in-savings contracts may be entered
into under this section after September 30, 2005.''.
(c) Development of Incentives.--The Director of the Office of
Management and Budget shall, in consultation with the Committee on
Governmental Affairs of the Senate, the Committee on Government Reform
of the House of Representatives, and executive agencies, develop
techniques to permit an executive agency to retain
[[Page 116 STAT. 2937]]
a portion of the savings (after payment of the contractor's share of the
savings) derived from share-in-savings contracts as funds are
appropriated to the agency in future fiscal years.
(d) Regulations.--Not <<NOTE: Deadline.>> later than 270 days after
the date of the enactment of this Act, the Federal Acquisition
Regulation shall be revised to implement the provisions enacted by this
section. Such revisions shall--
(1) provide for the use of competitive procedures in the
selection and award of share-in-savings contracts to--
(A) ensure the contractor's share of savings
reflects the risk involved and market conditions; and
(B) otherwise yield greatest value to the
government; and
(2) allow appropriate regulatory flexibility to facilitate
the use of share-in-savings contracts by executive agencies,
including the use of innovative provisions for technology
refreshment and nonstandard Federal Acquisition Regulation
contract clauses.
(e) Additional Guidance.--The Administrator of General Services
shall--
(1) identify potential opportunities for the use of share-
in-savings contracts; and
(2) in consultation with the Director of the Office of
Management and Budget, provide guidance to executive agencies
for determining mutually beneficial savings share ratios and
baselines from which savings may be measured.
(f) OMB <<NOTE: Deadline.>> Report to Congress.--In consultation
with executive agencies, the Director of the Office of Management and
Budget shall, not later than 2 years after the date of the enactment of
this Act, submit to Congress a report containing--
(1) a description of the number of share-in-savings
contracts entered into by each executive agency under by this
section and the amendments made by this section, and, for each
contract identified--
(A) the information technology acquired;
(B) the total amount of payments made to the
contractor; and
(C) the total amount of savings or other measurable
benefits realized;
(2) a description of the ability of agencies to determine
the baseline costs of a project against which savings can be
measured; and
(3) any recommendations, as the Director deems appropriate,
regarding additional changes in law that may be necessary to
ensure effective use of share-in-savings contracts by executive
agencies.
(g) GAO <<NOTE: Deadline.>> Report to Congress.--The Comptroller
General shall, not later than 6 months after the report required under
subsection (f) is submitted to Congress, conduct a review of that report
and submit to Congress a report containing--
(1) the results of the review;
(2) an independent assessment by the Comptroller General of
the effectiveness of the use of share-in-savings contracts in
improving the mission-related and administrative processes of
the executive agencies and the achievement of agency missions;
and
[[Page 116 STAT. 2938]]
(3) a recommendation on whether the authority to enter into
share-in-savings contracts should be continued.
(h) Repeal of Share-in-Savings Pilot Program.--
(1) Repeal.--Section 11521 of title 40, United States Code,
is repealed.
(2) Conforming amendments to pilot program authority.--
(A) Section 11501 of title 40, United States Code,
is amended--
(i) in the section heading, by striking
``programs'' and inserting ``program'';
(ii) in subsection (a)(1), by striking
``conduct pilot programs'' and inserting ``conduct
a pilot program pursuant to the requirements of
section 11521 of this title'';
(iii) in subsection (a)(2), by striking ``each
pilot program'' and inserting ``the pilot
program'';
(iv) in subsection (b), by striking
``Limitations.--'' and all that follows through
``$750,000,000.'' and inserting the following:
``Limitation on Amount.--The total amount
obligated for contracts entered into under the
pilot program conducted under this chapter may not
exceed $375,000,000.''; and
(v) in subsection (c)(1), by striking ``a
pilot'' and inserting ``the pilot''.
(B) The following provisions of chapter 115 of such
title are each amended by striking ``a pilot'' each
place it appears and inserting ``the pilot'':
(i) Section 11502(a).
(ii) Section 11502(b).
(iii) Section 11503(a).
(iv) Section 11504.
(C) Section 11505 of such chapter is amended by
striking ``programs'' and inserting ``program''.
(3) Additional conforming amendments.--
(A) Section 11522 of title 40, United States Code,
is redesignated as section 11521.
(B) The chapter heading for chapter 115 of such
title is amended by striking ``PROGRAMS'' and inserting
``PROGRAM''.
(C) The subchapter heading for subchapter I and for
subchapter II of such chapter are each amended by
striking ``PROGRAMS'' and inserting ``PROGRAM''.
(D) The item relating to subchapter I in the table
of sections at the beginning of such chapter is amended
to read as follows:
``SUBCHAPTER I--CONDUCT OF PILOT PROGRAM''.
(E) The item relating to subchapter II in the table
of sections at the beginning of such chapter is amended
to read as follows:
``SUBCHAPTER II--SPECIFIC PILOT PROGRAM''.
(F) The item relating to section 11501 in the table
of sections at the beginning of such is amended by
striking ``programs'' and inserting ``program''.
[[Page 116 STAT. 2939]]
(G) The table of sections at the beginning of such
chapter is amended by striking the item relating to
section 11521 and redesignating the item relating to
section 11522 as section 11521.
(H) The item relating to chapter 115 in the table of
chapters for subtitle III of title 40, United States
Code, is amended to read as follows:
``115. INFORMATION TECHNOLOGY ACQUISITION PILOT PROGRAM.........11501''.
(i) Definitions.--In this section, the terms ``contractor'',
``savings'', and ``share-in-savings contract'' have the meanings given
those terms in section 317 of the Federal Property and Administrative
Services Act of 1949 (as added by subsection (b)).
SEC. 211. <<NOTE: 44 USC 3501 note.>> AUTHORIZATION FOR ACQUISITION OF
INFORMATION TECHNOLOGY BY STATE AND LOCAL GOVERNMENTS
THROUGH FEDERAL SUPPLY SCHEDULES.
(a) Authority To Use Certain Supply Schedules.--Section 502 of title
40, United States Code, is amended by adding at the end the following
new subsection:
``(c) Use of Certain Supply Schedules.--
``(1) In general.--The Administrator may provide for the use
by State or local governments of Federal supply schedules of the
General Services Administration for automated data processing
equipment (including firmware), software, supplies, support
equipment, and services (as contained in Federal supply
classification code group 70).
``(2) Voluntary use.--In any case of the use by a State or
local government of a Federal supply schedule pursuant to
paragraph (1), participation by a firm that sells to the Federal
Government through the supply schedule shall be voluntary with
respect to a sale to the State or local government through such
supply schedule.
``(3) Definitions.--In this subsection:
``(A) The term `State or local government' includes
any State, local, regional, or tribal government, or any
instrumentality thereof (including any local educational
agency or institution of higher education).
``(B) The term `tribal government' means--
``(i) the governing body of any Indian tribe,
band, nation, or other organized group or
community located in the continental United States
(excluding the State of Alaska) that is recognized
as eligible for the special programs and services
provided by the United States to Indians because
of their status as Indians, and
``(ii) any Alaska Native regional or village
corporation established pursuant to the Alaska
Native Claims Settlement Act (43 U.S.C. 1601 et
seq.).
``(C) The term `local educational agency' has the
meaning given that term in section 8013 of the
Elementary and Secondary Education Act of 1965 (20
U.S.C. 7713).
``(D) The term `institution of higher education' has
the meaning given that term in section 101(a) of the
Higher Education Act of 1965 (20 U.S.C. 1001(a)).''.
(b) Procedures.--Not <<NOTE: Deadline.>> later than 30 days after
the date of the enactment of this Act, the Administrator of General
Services shall establish procedures to implement section 501(c) of title
40, United States Code (as added by subsection (a)).
[[Page 116 STAT. 2940]]
(c) Report.--Not <<NOTE: Deadline.>> later than December 31, 2004,
the Administrator shall submit to the Committee on Government Reform of
the House of Representatives and the Committee on Governmental Affairs
of the Senate a report on the implementation and effects of the
amendment made by subsection (a).
SEC. 212. <<NOTE: 44 USC 3501 note.>> INTEGRATED REPORTING STUDY AND
PILOT PROJECTS.
(a) Purposes.--The purposes of this section are to--
(1) enhance the interoperability of Federal information
systems;
(2) assist the public, including the regulated community, in
electronically submitting information to agencies under Federal
requirements, by reducing the burden of duplicate collection and
ensuring the accuracy of submitted information; and
(3) enable any person to integrate and obtain similar
information held by 1 or more agencies under 1 or more Federal
requirements without violating the privacy rights of an
individual.
(b) Definitions.--In this section, the term--
(1) ``agency'' means an Executive agency as defined under
section 105 of title 5, United States Code; and
(2) ``person'' means any individual, trust, firm, joint
stock company, corporation (including a government corporation),
partnership, association, State, municipality, commission,
political subdivision of a State, interstate body, or agency or
component of the Federal Government.
(c) Report.--
(1) In <<NOTE: Deadline.>> general.--Not later than 3 years
after the date of enactment of this Act, the Director shall
oversee a study, in consultation with agencies, the regulated
community, public interest organizations, and the public, and
submit a report to the Committee on Governmental Affairs of the
Senate and the Committee on Government Reform of the House of
Representatives on progress toward integrating Federal
information systems across agencies.
(2) Contents.--The report under this section shall--
(A) address the integration of data elements used in
the electronic collection of information within
databases established under Federal statute without
reducing the quality, accessibility, scope, or utility
of the information contained in each database;
(B) address the feasibility of developing, or
enabling the development of, software, including
Internet-based tools, for use by reporting persons in
assembling, documenting, and validating the accuracy of
information electronically submitted to agencies under
nonvoluntary, statutory, and regulatory requirements;
(C) address the feasibility of developing a
distributed information system involving, on a voluntary
basis, at least 2 agencies, that--
(i) provides consistent, dependable, and
timely public access to the information holdings
of 1 or more agencies, or some portion of such
holdings, without requiring public users to know
which agency holds the information; and
(ii) allows the integration of public
information held by the participating agencies;
[[Page 116 STAT. 2941]]
(D) address the feasibility of incorporating other
elements related to the purposes of this section at the
discretion of the Director; and
(E) make any recommendations that the Director deems
appropriate on the use of integrated reporting and
information systems, to reduce the burden on reporting
and strengthen public access to databases within and
across agencies.
(d) Pilot Projects To Encourage Integrated Collection and Management
of Data and Interoperability of Federal Information Systems.--
(1) In general.--In order to provide input to the study
under subsection (c), the Director shall designate, in
consultation with agencies, a series of no more than 5 pilot
projects that integrate data elements. The Director shall
consult with agencies, the regulated community, public interest
organizations, and the public on the implementation of the pilot
projects.
(2) Goals of pilot projects.--
(A) In general.--Each goal described under
subparagraph (B) shall be addressed by at least 1 pilot
project each.
(B) Goals.--The goals under this paragraph are to--
(i) reduce information collection burdens by
eliminating duplicative data elements within 2 or
more reporting requirements;
(ii) create interoperability between or among
public databases managed by 2 or more agencies
using technologies and techniques that facilitate
public access; and
(iii) develop, or enable the development of,
software to reduce errors in electronically
submitted information.
(3) Input.--Each pilot project shall seek input from users
on the utility of the pilot project and areas for improvement.
To the extent practicable, the Director shall consult with
relevant agencies and State, tribal, and local governments in
carrying out the report and pilot projects under this section.
(e) Protections.--The activities authorized under this section shall
afford protections for--
(1) confidential business information consistent with
section 552(b)(4) of title 5, United States Code, and other
relevant law;
(2) personal privacy information under sections 552(b) (6)
and (7)(C) and 552a of title 5, United States Code, and other
relevant law;
(3) other information consistent with section 552(b)(3) of
title 5, United States Code, and other relevant law; and
(4) confidential statistical information collected under a
confidentiality pledge, solely for statistical purposes,
consistent with the Office of Management and Budget's Federal
Statistical Confidentiality Order, and other relevant law.
SEC. 213. <<NOTE: 44 USC 3501 note.>> COMMUNITY TECHNOLOGY CENTERS.
(a) Purposes.--The purposes of this section are to--
(1) study and enhance the effectiveness of community
technology centers, public libraries, and other institutions
that provide computer and Internet access to the public; and
[[Page 116 STAT. 2942]]
(2) promote awareness of the availability of on-line
government information and services, to users of community
technology centers, public libraries, and other public
facilities that provide access to computer technology and
Internet access to the public.
(b) Study <<NOTE: Deadline.>> and Report.--Not later than 2 years
after the effective date of this title, the Administrator shall--
(1) ensure that a study is conducted to evaluate the best
practices of community technology centers that have received
Federal funds; and
(2) submit a report on the study to--
(A) the Committee on Governmental Affairs of the
Senate;
(B) the Committee on Health, Education, Labor, and
Pensions of the Senate;
(C) the Committee on Government Reform of the House
of Representatives; and
(D) the Committee on Education and the Workforce of
the House of Representatives.
(c) Contents.--The report under subsection (b) may consider--
(1) an evaluation of the best practices being used by
successful community technology centers;
(2) a strategy for--
(A) continuing the evaluation of best practices used
by community technology centers; and
(B) establishing a network to share information and
resources as community technology centers evolve;
(3) the identification of methods to expand the use of best
practices to assist community technology centers, public
libraries, and other institutions that provide computer and
Internet access to the public;
(4) a database of all community technology centers that have
received Federal funds, including--
(A) each center's name, location, services provided,
director, other points of contact, number of individuals
served; and
(B) other relevant information;
(5) an analysis of whether community technology centers have
been deployed effectively in urban and rural areas throughout
the Nation; and
(6) recommendations of how to--
(A) enhance the development of community technology
centers; and
(B) establish a network to share information and
resources.
(d) Cooperation.--All agencies that fund community technology
centers shall provide to the Administrator any information and
assistance necessary for the completion of the study and the report
under this section.
(e) Assistance.--
(1) In general.--The Administrator, in consultation with the
Secretary of Education, shall work with other relevant Federal
agencies, and other interested persons in the private and
nonprofit sectors to--
(A) assist in the implementation of recommendations;
and
[[Page 116 STAT. 2943]]
(B) identify other ways to assist community
technology centers, public libraries, and other
institutions that provide computer and Internet access
to the public.
(2) Types of assistance.--Assistance under this subsection
may include--
(A) contribution of funds;
(B) donations of equipment, and training in the use
and maintenance of the equipment; and
(C) the provision of basic instruction or training
material in computer skills and Internet usage.
(f) Online Tutorial.--
(1) In general.--The Administrator, in consultation with the
Secretary of Education, the Director of the Institute of Museum
and Library Services, other relevant agencies, and the public,
shall develop an online tutorial that--
(A) explains how to access Government information
and services on the Internet; and
(B) provides a guide to available online resources.
(2) Distribution.--The Administrator, with assistance from
the Secretary of Education, shall distribute information on the
tutorial to community technology centers, public libraries, and
other institutions that afford Internet access to the public.
(g) Promotion of Community Technology Centers.--The Administrator,
with assistance from the Department of Education and in consultation
with other agencies and organizations, shall promote the availability of
community technology centers to raise awareness within each community
where such a center is located.
(h) Authorization of Appropriations.--There are authorized to be
appropriated for the study of best practices at community technology
centers, for the development and dissemination of the online tutorial,
and for the promotion of community technology centers under this
section--
(1) $2,000,000 in fiscal year 2003;
(2) $2,000,000 in fiscal year 2004; and
(3) such sums as are necessary in fiscal years 2005 through
2007.
SEC. 214. <<NOTE: 44 USC 3501 note.>> ENHANCING CRISIS MANAGEMENT
THROUGH ADVANCED INFORMATION TECHNOLOGY.
(a) Purpose.--The purpose of this section is to improve how
information technology is used in coordinating and facilitating
information on disaster preparedness, response, and recovery, while
ensuring the availability of such information across multiple access
channels.
(b) In General.--
(1) Study <<NOTE: Deadline.>> on enhancement of crisis
response.--Not later than 90 days after the date of enactment of
this Act, the Administrator, in consultation with the Federal
Emergency Management Agency, shall ensure that a study is
conducted on using information technology to enhance crisis
preparedness, response, and consequence management of natural
and manmade disasters.
(2) Contents.--The study under this subsection shall
address--
(A) a research and implementation strategy for
effective use of information technology in crisis
response and
[[Page 116 STAT. 2944]]
consequence management, including the more effective use
of technologies, management of information technology
research initiatives, and incorporation of research
advances into the information and communications systems
of--
(i) the Federal Emergency Management Agency;
and
(ii) other Federal, State, and local agencies
responsible for crisis preparedness, response, and
consequence management; and
(B) opportunities for research and development on
enhanced technologies into areas of potential
improvement as determined during the course of the
study.
(3) Report.--Not <<NOTE: Deadline.>> later than 2 years
after the date on which a contract is entered into under
paragraph (1), the Administrator shall submit a report on the
study, including findings and recommendations to--
(A) the Committee on Governmental Affairs of the
Senate; and
(B) the Committee on Government Reform of the House
of Representatives.
(4) Interagency cooperation.--Other Federal departments and
agencies with responsibility for disaster relief and emergency
assistance shall fully cooperate with the Administrator in
carrying out this section.
(5) Authorization of appropriations.--There are authorized
to be appropriated for research under this subsection, such sums
as are necessary for fiscal year 2003.
(c) Pilot Projects.--Based on the results of the research conducted
under subsection (b), the Administrator, in consultation with the
Federal Emergency Management Agency, shall initiate pilot projects or
report to Congress on other activities that further the goal of
maximizing the utility of information technology in disaster management.
The Administrator shall cooperate with other relevant agencies, and, if
appropriate, State, local, and tribal governments, in initiating such
pilot projects.
SEC. 215. <<NOTE: 44 USC 3501 note.>> DISPARITIES IN ACCESS TO THE
INTERNET.
(a) Study <<NOTE: Deadlines.>> and Report.--
(1) Study.--Not later than 90 days after the date of
enactment of this Act, the Administrator of General Services
shall request that the National Academy of Sciences, acting
through the National Research Council, enter into a contract to
conduct a study on disparities in Internet access for online
Government services.
(2) Report.--Not later than 2 years after the date of
enactment of this Act, the Administrator of General Services
shall submit to the Committee on Governmental Affairs of the
Senate and the Committee on Government Reform of the House of
Representatives a final report of the study under this section,
which shall set forth the findings, conclusions, and
recommendations of the National Research Council.
(b) Contents.--The report under subsection (a) shall include a study
of--
(1) how disparities in Internet access influence the
effectiveness of online Government services, including a review
of--
(A) the nature of disparities in Internet access;
(B) the affordability of Internet service;
[[Page 116 STAT. 2945]]
(C) the incidence of disparities among different
groups within the population; and
(D) changes in the nature of personal and public
Internet access that may alleviate or aggravate
effective access to online Government services;
(2) how the increase in online Government services is
influencing the disparities in Internet access and how
technology development or diffusion trends may offset such
adverse influences; and
(3) related societal effects arising from the interplay of
disparities in Internet access and the increase in online
Government services.
(c) Recommendations.--The report shall include recommendations on
actions to ensure that online Government initiatives shall not have the
unintended result of increasing any deficiency in public access to
Government services.
(d) Authorization of Appropriations.--There are authorized to be
appropriated $950,000 in fiscal year 2003 to carry out this section.
SEC. 216. <<NOTE: 44 USC 3501 note.>> COMMON PROTOCOLS FOR GEOGRAPHIC
INFORMATION SYSTEMS.
(a) Purposes.--The purposes of this section are to--
(1) reduce redundant data collection and information; and
(2) promote collaboration and use of standards for
government geographic information.
(b) Definition.--In this section, the term ``geographic
information'' means information systems that involve locational data,
such as maps or other geospatial information resources.
(c) In General.--
(1) Common protocols.--The Administrator, in consultation
with the Secretary of the Interior, working with the Director
and through an interagency group, and working with private
sector experts, State, local, and tribal governments, commercial
and international standards groups, and other interested
parties, shall facilitate the development of common protocols
for the development, acquisition, maintenance, distribution, and
application of geographic information. If practicable, the
Administrator shall incorporate intergovernmental and public
private geographic information partnerships into efforts under
this subsection.
(2) Interagency group.--The interagency group referred to
under paragraph (1) shall include representatives of the
National Institute of Standards and Technology and other
agencies.
(d) Director.--The Director shall oversee--
(1) the interagency initiative to develop common protocols;
(2) the coordination with State, local, and tribal
governments, public private partnerships, and other interested
persons on effective and efficient ways to align geographic
information and develop common protocols; and
(3) the adoption of common standards relating to the
protocols.
(e) Common Protocols.--The common protocols shall be designed to--
[[Page 116 STAT. 2946]]
(1) maximize the degree to which unclassified geographic
information from various sources can be made electronically
compatible and accessible; and
(2) promote the development of interoperable geographic
information systems technologies that shall--
(A) allow widespread, low-cost use and sharing of
geographic data by Federal agencies, State, local, and
tribal governments, and the public; and
(B) enable the enhancement of services using
geographic data.
(f) Authorization of Appropriations.--There are authorized to be
appropriated such sums as are necessary to carry out this section, for
each of the fiscal years 2003 through 2007.
TITLE <<NOTE: Federal Information Security Management Act of
2002.>> III--INFORMATION SECURITY
SEC. 301. INFORMATION SECURITY.
(a) Short <<NOTE: 44 USC 101 note.>> Title.--This title may be cited
as the ``Federal Information Security Management Act of 2002''.
(b) Information Security.--
(1) In general.--Chapter 35 of title 44, United States Code,
is amended by adding at the end the following new subchapter:
``SUBCHAPTER III--INFORMATION SECURITY
``Sec. 3541. Purposes
``The purposes of this subchapter are to--
``(1) provide a comprehensive framework for ensuring the
effectiveness of information security controls over information
resources that support Federal operations and assets;
``(2) recognize the highly networked nature of the current
Federal computing environment and provide effective
governmentwide management and oversight of the related
information security risks, including coordination of
information security efforts throughout the civilian, national
security, and law enforcement communities;
``(3) provide for development and maintenance of minimum
controls required to protect Federal information and information
systems;
``(4) provide a mechanism for improved oversight of Federal
agency information security programs;
``(5) acknowledge that commercially developed information
security products offer advanced, dynamic, robust, and effective
information security solutions, reflecting market solutions for
the protection of critical information infrastructures important
to the national defense and economic security of the nation that
are designed, built, and operated by the private sector; and
``(6) recognize that the selection of specific technical
hardware and software information security solutions should be
left to individual agencies from among commercially developed
products.
[[Page 116 STAT. 2947]]
``Sec. 3542. Definitions
``(a) In General.--Except as provided under subsection (b), the
definitions under section 3502 shall apply to this subchapter.
``(b) Additional Definitions.--As used in this subchapter:
``(1) The term `information security' means protecting
information and information systems from unauthorized access,
use, disclosure, disruption, modification, or destruction in
order to provide--
``(A) integrity, which means guarding against
improper information modification or destruction, and
includes ensuring information nonrepudiation and
authenticity;
``(B) confidentiality, which means preserving
authorized restrictions on access and disclosure,
including means for protecting personal privacy and
proprietary information; and
``(C) availability, which means ensuring timely and
reliable access to and use of information.
``(2)(A) The term `national security system' means any
information system (including any telecommunications system)
used or operated by an agency or by a contractor of an agency,
or other organization on behalf of an agency--
``(i) the function, operation, or use of which--
``(I) involves intelligence activities;
``(II) involves cryptologic activities related
to national security;
``(III) involves command and control of
military forces;
``(IV) involves equipment that is an integral
part of a weapon or weapons system; or
``(V) subject to subparagraph (B), is critical
to the direct fulfillment of military or
intelligence missions; or
``(ii) is protected at all times by procedures
established for information that have been specifically
authorized under criteria established by an Executive
order or an Act of Congress to be kept classified in the
interest of national defense or foreign policy.
``(B) Subparagraph (A)(i)(V) does not include a system that
is to be used for routine administrative and business
applications (including payroll, finance, logistics, and
personnel management applications).
``(3) The term `information technology' has the meaning
given that term in section 11101 of title 40.
``Sec. 3543. Authority and functions of the Director
``(a) In General.--The Director shall oversee agency information
security policies and practices, including--
``(1) developing and overseeing the implementation of
policies, principles, standards, and guidelines on information
security, including through ensuring timely agency adoption of
and compliance with standards promulgated under section 11331 of
title 40;
``(2) requiring agencies, consistent with the standards
promulgated under such section 11331 and the requirements of
this subchapter, to identify and provide information security
protections commensurate with the risk and magnitude of the
[[Page 116 STAT. 2948]]
harm resulting from the unauthorized access, use, disclosure,
disruption, modification, or destruction of--
``(A) information collected or maintained by or on
behalf of an agency; or
``(B) information systems used or operated by an
agency or by a contractor of an agency or other
organization on behalf of an agency;
``(3) coordinating the development of standards and
guidelines under section 20 of the National Institute of
Standards and Technology Act (15 U.S.C. 278g-3) with agencies
and offices operating or exercising control of national security
systems (including the National Security Agency) to assure, to
the maximum extent feasible, that such standards and guidelines
are complementary with standards and guidelines developed for
national security systems;
``(4) overseeing agency compliance with the requirements of
this subchapter, including through any authorized action under
section 11303 of title 40, to enforce accountability for
compliance with such requirements;
``(5) reviewing at least annually, and approving or
disapproving, agency information security programs required
under section 3544(b);
``(6) coordinating information security policies and
procedures with related information resources management
policies and procedures;
``(7) overseeing the operation of the Federal information
security incident center required under section 3546; and
``(8) reporting to Congress no later than March 1 of each
year on agency compliance with the requirements of this
subchapter, including--
``(A) a summary of the findings of evaluations
required by section 3545;
``(B) an assessment of the development,
promulgation, and adoption of, and compliance with,
standards developed under section 20 of the National
Institute of Standards and Technology Act (15 U.S.C.
278g-3) and promulgated under section 11331 of title 40;
``(C) significant deficiencies in agency information
security practices;
``(D) planned remedial action to address such
deficiencies; and
``(E) a summary of, and the views of the Director
on, the report prepared by the National Institute of
Standards and Technology under section 20(d)(10) of the
National Institute of Standards and Technology Act (15
U.S.C. 278g-3).
``(b) National Security Systems.--Except for the authorities
described in paragraphs (4) and (8) of subsection (a), the authorities
of the Director under this section shall not apply to national security
systems.
``(c) Department of Defense and Central Intelligence Agency
Systems.--(1) The authorities of the Director described in paragraphs
(1) and (2) of subsection (a) shall be delegated to the Secretary of
Defense in the case of systems described in paragraph (2) and to the
Director of Central Intelligence in the case of systems described in
paragraph (3).
[[Page 116 STAT. 2949]]
``(2) The systems described in this paragraph are systems that are
operated by the Department of Defense, a contractor of the Department of
Defense, or another entity on behalf of the Department of Defense that
processes any information the unauthorized access, use, disclosure,
disruption, modification, or destruction of which would have a
debilitating impact on the mission of the Department of Defense.
``(3) The systems described in this paragraph are systems that are
operated by the Central Intelligence Agency, a contractor of the Central
Intelligence Agency, or another entity on behalf of the Central
Intelligence Agency that processes any information the unauthorized
access, use, disclosure, disruption, modification, or destruction of
which would have a debilitating impact on the mission of the Central
Intelligence Agency.
``Sec. 3544. Federal agency responsibilities
``(a) In General.--The head of each agency shall--
``(1) be responsible for--
``(A) providing information security protections
commensurate with the risk and magnitude of the harm
resulting from unauthorized access, use, disclosure,
disruption, modification, or destruction of--
``(i) information collected or maintained by
or on behalf of the agency; and
``(ii) information systems used or operated by
an agency or by a contractor of an agency or other
organization on behalf of an agency;
``(B) complying with the requirements of this
subchapter and related policies, procedures, standards,
and guidelines, including--
``(i) information security standards
promulgated under section 11331 of title 40; and
``(ii) information security standards and
guidelines for national security systems issued in
accordance with law and as directed by the
President; and
``(C) ensuring that information security management
processes are integrated with agency strategic and
operational planning processes;
``(2) ensure that senior agency officials provide
information security for the information and information systems
that support the operations and assets under their control,
including through--
``(A) assessing the risk and magnitude of the harm
that could result from the unauthorized access, use,
disclosure, disruption, modification, or destruction of
such information or information systems;
``(B) determining the levels of information security
appropriate to protect such information and information
systems in accordance with standards promulgated under
section 11331 of title 40, for information security
classifications and related requirements;
``(C) implementing policies and procedures to cost-
effectively reduce risks to an acceptable level; and
``(D) periodically testing and evaluating
information security controls and techniques to ensure
that they are effectively implemented;
[[Page 116 STAT. 2950]]
``(3) delegate to the agency Chief Information Officer
established under section 3506 (or comparable official in an
agency not covered by such section) the authority to ensure
compliance with the requirements imposed on the agency under
this subchapter, including--
``(A) designating a senior agency information
security officer who shall--
``(i) carry out the Chief Information
Officer's responsibilities under this section;
``(ii) possess professional qualifications,
including training and experience, required to
administer the functions described under this
section;
``(iii) have information security duties as
that official's primary duty; and
``(iv) head an office with the mission and
resources to assist in ensuring agency compliance
with this section;
``(B) developing and maintaining an agencywide
information security program as required by subsection
(b);
``(C) developing and maintaining information
security policies, procedures, and control techniques to
address all applicable requirements, including those
issued under section 3543 of this title, and section
11331 of title 40;
``(D) training and overseeing personnel with
significant responsibilities for information security
with respect to such responsibilities; and
``(E) assisting senior agency officials concerning
their responsibilities under paragraph (2);
``(4) ensure that the agency has trained personnel
sufficient to assist the agency in complying with the
requirements of this subchapter and related policies,
procedures, standards, and guidelines; and
``(5) ensure that the agency Chief Information Officer, in
coordination with other senior agency officials, reports
annually to the agency head on the effectiveness of the agency
information security program, including progress of remedial
actions.
``(b) Agency Program.--Each agency shall develop, document, and
implement an agencywide information security program, approved by the
Director under section 3543(a)(5), to provide information security for
the information and information systems that support the operations and
assets of the agency, including those provided or managed by another
agency, contractor, or other source, that includes--
``(1) periodic assessments of the risk and magnitude of the
harm that could result from the unauthorized access, use,
disclosure, disruption, modification, or destruction of
information and information systems that support the operations
and assets of the agency;
``(2) policies and procedures that--
``(A) are based on the risk assessments required by
paragraph (1);
``(B) cost-effectively reduce information security
risks to an acceptable level;
``(C) ensure that information security is addressed
throughout the life cycle of each agency information
system; and
[[Page 116 STAT. 2951]]
``(D) ensure compliance with--
``(i) the requirements of this subchapter;
``(ii) policies and procedures as may be
prescribed by the Director, and information
security standards promulgated under section 11331
of title 40;
``(iii) minimally acceptable system
configuration requirements, as determined by the
agency; and
``(iv) any other applicable requirements,
including standards and guidelines for national
security systems issued in accordance with law and
as directed by the President;
``(3) subordinate plans for providing adequate information
security for networks, facilities, and systems or groups of
information systems, as appropriate;
``(4) security awareness training to inform personnel,
including contractors and other users of information systems
that support the operations and assets of the agency, of--
``(A) information security risks associated with
their activities; and
``(B) their responsibilities in complying with
agency policies and procedures designed to reduce these
risks;
``(5) periodic testing and evaluation of the effectiveness
of information security policies, procedures, and practices, to
be performed with a frequency depending on risk, but no less
than annually, of which such testing--
``(A) shall include testing of management,
operational, and technical controls of every information
system identified in the inventory required under
section 3505(c); and
``(B) may include testing relied on in a evaluation
under section 3545;
``(6) a process for planning, implementing, evaluating, and
documenting remedial action to address any deficiencies in the
information security policies, procedures, and practices of the
agency;
``(7) procedures for detecting, reporting, and responding to
security incidents, consistent with standards and guidelines
issued pursuant to section 3546(b), including--
``(A) mitigating risks associated with such
incidents before substantial damage is done;
``(B) notifying and consulting with the Federal
information security incident center referred to in
section 3546; and
``(C) notifying and consulting with, as
appropriate--
``(i) law enforcement agencies and relevant
Offices of Inspector General;
``(ii) an office designated by the President
for any incident involving a national security
system; and
``(iii) any other agency or office, in
accordance with law or as directed by the
President; and
``(8) plans and procedures to ensure continuity of
operations for information systems that support the operations
and assets of the agency.
``(c) Agency Reporting.--Each agency shall--
``(1) report annually to the Director, the Committees on
Government Reform and Science of the House of Representatives,
the Committees on Governmental Affairs and Commerce, Science,
and Transportation of the Senate, the appropriate
[[Page 116 STAT. 2952]]
authorization and appropriations committees of Congress, and the
Comptroller General on the adequacy and effectiveness of
information security policies, procedures, and practices, and
compliance with the requirements of this subchapter, including
compliance with each requirement of subsection (b);
``(2) address the adequacy and effectiveness of information
security policies, procedures, and practices in plans and
reports relating to--
``(A) annual agency budgets;
``(B) information resources management under
subchapter 1 of this chapter;
``(C) information technology management under
subtitle III of title 40;
``(D) program performance under sections 1105 and
1115 through 1119 of title 31, and sections 2801 and
2805 of title 39;
``(E) financial management under chapter 9 of title
31, and the Chief Financial Officers Act of 1990 (31
U.S.C. 501 note; Public Law 101-576) (and the amendments
made by that Act);
``(F) financial management systems under the Federal
Financial Management Improvement Act (31 U.S.C. 3512
note); and
``(G) internal accounting and administrative
controls under section 3512 of title 31, (known as the
`Federal Managers Financial Integrity Act'); and
``(3) report any significant deficiency in a policy,
procedure, or practice identified under paragraph (1) or (2)--
``(A) as a material weakness in reporting under
section 3512 of title 31; and
``(B) if relating to financial management systems,
as an instance of a lack of substantial compliance under
the Federal Financial Management Improvement Act (31
U.S.C. 3512 note).
``(d) Performance Plan.--(1) In addition to the requirements of
subsection (c), each agency, in consultation with the Director, shall
include as part of the performance plan required under section 1115 of
title 31 a description of--
``(A) the time periods, and
``(B) the resources, including budget, staffing, and
training,
that are necessary to implement the program required under subsection
(b).
``(2) The description under paragraph (1) shall be based on the risk
assessments required under subsection (b)(2)(1).
``(e) Public Notice and Comment.--Each agency shall provide the
public with timely notice and opportunities for comment on proposed
information security policies and procedures to the extent that such
policies and procedures affect communication with the public.
``Sec. 3545. Annual independent evaluation
``(a) In General.--(1) Each year each agency shall have performed an
independent evaluation of the information security program and practices
of that agency to determine the effectiveness of such program and
practices.
``(2) Each evaluation under this section shall include--
[[Page 116 STAT. 2953]]
``(A) testing of the effectiveness of information security
policies, procedures, and practices of a representative subset
of the agency's information systems;
``(B) an assessment (made on the basis of the results of the
testing) of compliance with--
``(i) the requirements of this subchapter; and
``(ii) related information security policies,
procedures, standards, and guidelines; and
``(C) separate presentations, as appropriate, regarding
information security relating to national security systems.
``(b) Independent Auditor.--Subject to subsection (c)--
``(1) for each agency with an Inspector General appointed
under the Inspector General Act of 1978, the annual evaluation
required by this section shall be performed by the Inspector
General or by an independent external auditor, as determined by
the Inspector General of the agency; and
``(2) for each agency to which paragraph (1) does not apply,
the head of the agency shall engage an independent external
auditor to perform the evaluation.
``(c) National Security Systems.--For each agency operating or
exercising control of a national security system, that portion of the
evaluation required by this section directly relating to a national
security system shall be performed--
``(1) only by an entity designated by the agency head; and
``(2) in such a manner as to ensure appropriate protection
for information associated with any information security
vulnerability in such system commensurate with the risk and in
accordance with all applicable laws.
``(d) Existing Evaluations.--The evaluation required by this section
may be based in whole or in part on an audit, evaluation, or report
relating to programs or practices of the applicable agency.
``(e) Agency <<NOTE: Deadline.>> Reporting.--(1) Each year, not
later than such date established by the Director, the head of each
agency shall submit to the Director the results of the evaluation
required under this section.
``(2) To the extent an evaluation required under this section
directly relates to a national security system, the evaluation results
submitted to the Director shall contain only a summary and assessment of
that portion of the evaluation directly relating to a national security
system.
``(f) Protection of Information.--Agencies and evaluators shall take
appropriate steps to ensure the protection of information which, if
disclosed, may adversely affect information security. Such protections
shall be commensurate with the risk and comply with all applicable laws
and regulations.
``(g) OMB Reports to Congress.--(1) The Director shall summarize the
results of the evaluations conducted under this section in the report to
Congress required under section 3543(a)(8).
``(2) The Director's report to Congress under this subsection shall
summarize information regarding information security relating to
national security systems in such a manner as to ensure appropriate
protection for information associated with any information security
vulnerability in such system commensurate with the risk and in
accordance with all applicable laws.
``(3) Evaluations and any other descriptions of information systems
under the authority and control of the Director of Central
[[Page 116 STAT. 2954]]
Intelligence or of National Foreign Intelligence Programs systems under
the authority and control of the Secretary of Defense shall be made
available to Congress only through the appropriate oversight committees
of Congress, in accordance with applicable laws.
``(h) Comptroller <<NOTE: Reports.>> General.--The Comptroller
General shall periodically evaluate and report to Congress on--
``(1) the adequacy and effectiveness of agency information
security policies and practices; and
``(2) implementation of the requirements of this subchapter.
``Sec. 3546. Federal information security incident center
``(a) In General.--The Director shall ensure the operation of a
central Federal information security incident center to--
``(1) provide timely technical assistance to operators of
agency information systems regarding security incidents,
including guidance on detecting and handling information
security incidents;
``(2) compile and analyze information about incidents that
threaten information security;
``(3) inform operators of agency information systems about
current and potential information security threats, and
vulnerabilities; and
``(4) consult with the National Institute of Standards and
Technology, agencies or offices operating or exercising control
of national security systems (including the National Security
Agency), and such other agencies or offices in accordance with
law and as directed by the President regarding information
security incidents and related matters.
``(b) National Security Systems.--Each agency operating or
exercising control of a national security system shall share information
about information security incidents, threats, and vulnerabilities with
the Federal information security incident center to the extent
consistent with standards and guidelines for national security systems,
issued in accordance with law and as directed by the President.
``Sec. 3547. National security systems
``The head of each agency operating or exercising control of a
national security system shall be responsible for ensuring that the
agency--
``(1) provides information security protections commensurate
with the risk and magnitude of the harm resulting from the
unauthorized access, use, disclosure, disruption, modification,
or destruction of the information contained in such system;
``(2) implements information security policies and practices
as required by standards and guidelines for national security
systems, issued in accordance with law and as directed by the
President; and
``(3) complies with the requirements of this subchapter.
``Sec. 3548. Authorization of appropriations
``There are authorized to be appropriated to carry out the
provisions of this subchapter such sums as may be necessary for each of
fiscal years 2003 through 2007.
[[Page 116 STAT. 2955]]
``Sec. 3549. Effect on existing law
``Nothing in this subchapter, section 11331 of title 40, or section
20 of the National Standards and Technology Act (15 U.S.C. 278g-3) may
be construed as affecting the authority of the President, the Office of
Management and Budget or the Director thereof, the National Institute of
Standards and Technology, or the head of any agency, with respect to the
authorized use or disclosure of information, including with regard to
the protection of personal privacy under section 552a of title 5, the
disclosure of information under section 552 of title 5, the management
and disposition of records under chapters 29, 31, or 33 of title 44, the
management of information resources under subchapter I of chapter 35 of
this title, or the disclosure of information to the Congress or the
Comptroller General of the United States. While this subchapter is in
effect, subchapter II of this chapter shall not apply.''.
(2) Clerical amendment.--The table of sections at the
beginning of such chapter 35 is amended by adding at the end the
following:
``SUBCHAPTER III--INFORMATION SECURITY
``Sec.
``3541. Purposes.
``3542. Definitions.
``3543. Authority and functions of the Director.
``3544. Federal agency responsibilities.
``3545. Annual independent evaluation.
``3546. Federal information security incident center.
``3547. National security systems.
``3548. Authorization of appropriations.
``3549. Effect on existing law.''.
(c) Information Security Responsibilities of Certain Agencies.--
(1) National <<NOTE: 44 USC 3501 note.>> security
responsibilities.--(A) Nothing in this Act (including any
amendment made by this Act) shall supersede any authority of the
Secretary of Defense, the Director of Central Intelligence, or
other agency head, as authorized by law and as directed by the
President, with regard to the operation, control, or management
of national security systems, as defined by section 3542(b)(2)
of title 44, United States Code.
(B) Section 2224 of title 10, United States Code, is
amended--
(i) in subsection (b), by striking ``(b) Objectives
and Minimum Requirements.--(1)'' and inserting ``(b)
Objectives of the Program.--'';
(ii) in subsection (b), by striking paragraph (2);
and
(iii) in subsection (c), in the matter preceding
paragraph (1), by inserting ``, including through
compliance with subchapter III of chapter 35 of title
44'' after ``infrastructure''.
(2) Atomic <<NOTE: 44 USC 3501 note.>> energy act of 1954.--
Nothing in this Act shall supersede any requirement made by or
under the Atomic Energy Act of 1954 (42 U.S.C. 2011 et seq.).
Restricted data or formerly restricted data shall be handled,
protected, classified, downgraded, and declassified in
conformity with the Atomic Energy Act of 1954 (42 U.S.C. 2011 et
seq.).
[[Page 116 STAT. 2956]]
SEC. 302. MANAGEMENT OF INFORMATION TECHNOLOGY.
(a) In General.--Section 11331 of title 40, United States Code, is
amended to read as follows:
``Sec. 11331. Responsibilities for Federal information systems standards
``(a) Standards and Guidelines.--
``(1) Authority to prescribe.--Except as provided under
paragraph (2), the Secretary of Commerce shall, on the basis of
standards and guidelines developed by the National Institute of
Standards and Technology pursuant to paragraphs (2) and (3) of
section 20(a) of the National Institute of Standards and
Technology Act (15 U.S.C. 278g-3(a)), prescribe standards and
guidelines pertaining to Federal information systems.
``(2) National security systems.--Standards and guidelines
for national security systems (as defined under this section)
shall be developed, prescribed, enforced, and overseen as
otherwise authorized by law and as directed by the President.
``(b) Mandatory Requirements.--
``(1) Authority to make mandatory.--Except as provided under
paragraph (2), the Secretary shall make standards prescribed
under subsection (a)(1) compulsory and binding to the extent
determined necessary by the Secretary to improve the efficiency
of operation or security of Federal information systems.
``(2) Required mandatory standards.--(A) Standards
prescribed under subsection (a)(1) shall include information
security standards that--
``(i) provide minimum information security
requirements as determined under section 20(b) of the
National Institute of Standards and Technology Act (15
U.S.C. 278g-3(b)); and
``(ii) are otherwise necessary to improve the
security of Federal information and information systems.
``(B) Information security standards described in
subparagraph (A) shall be compulsory and binding.
``(c) Authority to Disapprove or Modify.--The President may
disapprove or modify the standards and guidelines referred to in
subsection (a)(1) if the President determines such action to be in the
public interest. The President's authority to disapprove or modify such
standards and guidelines may not be delegated. <<NOTE: Federal Register,
publication.>> Notice of such disapproval or modification shall be
published promptly in the Federal Register. Upon receiving notice of
such disapproval or modification, the Secretary of Commerce shall
immediately rescind or modify such standards or guidelines as directed
by the President.
``(d) Exercise of Authority.--To ensure fiscal and policy
consistency, the Secretary shall exercise the authority conferred by
this section subject to direction by the President and in coordination
with the Director of the Office of Management and Budget.
``(e) Application of More Stringent Standards.--The head of an
executive agency may employ standards for the cost-effective information
security for information systems within or under the supervision of that
agency that are more stringent than the standards the Secretary
prescribes under this section if the more stringent standards--
[[Page 116 STAT. 2957]]
``(1) contain at least the applicable standards made
compulsory and binding by the Secretary; and
``(2) are otherwise consistent with policies and guidelines
issued under section 3543 of title 44.
``(f) Decisions <<NOTE: Deadline.>> on Promulgation of Standards.--
The decision by the Secretary regarding the promulgation of any standard
under this section shall occur not later than 6 months after the
submission of the proposed standard to the Secretary by the National
Institute of Standards and Technology, as provided under section 20 of
the National Institute of Standards and Technology Act (15 U.S.C. 278g-
3).
``(g) Definitions.--In this section:
``(1) Federal information system.--The term `Federal
information system' means an information system used or operated
by an executive agency, by a contractor of an executive agency,
or by another organization on behalf of an executive agency.
``(2) Information security.--The term `information security'
has the meaning given that term in section 3542(b)(1) of title
44.
``(3) National security system.--The term `national security
system' has the meaning given that term in section 3542(b)(2) of
title 44.''.
(b) Clerical Amendment.--The item relating to section 11331 in the
table of sections at the beginning of chapter 113 of such title is
amended to read as follows:
``11331. Responsibilities for Federal information systems standards.''.
SEC. 303. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY.
Section 20 of the National Institute of Standards and Technology Act
(15 U.S.C. 278g-3), is amended by striking the text and inserting the
following:
``(a) In General.--The Institute shall--
``(1) have the mission of developing standards, guidelines,
and associated methods and techniques for information systems;
``(2) develop standards and guidelines, including minimum
requirements, for information systems used or operated by an
agency or by a contractor of an agency or other organization on
behalf of an agency, other than national security systems (as
defined in section 3542(b)(2) of title 44, United States Code);
and
``(3) develop standards and guidelines, including minimum
requirements, for providing adequate information security for
all agency operations and assets, but such standards and
guidelines shall not apply to national security systems.
``(b) Minimum Requirements for Standards and Guidelines.--The
standards and guidelines required by subsection (a) shall include, at a
minimum--
``(1)(A) standards to be used by all agencies to categorize
all information and information systems collected or maintained
by or on behalf of each agency based on the objectives of
providing appropriate levels of information security according
to a range of risk levels;
``(B) guidelines recommending the types of information and
information systems to be included in each such category; and
[[Page 116 STAT. 2958]]
``(C) minimum information security requirements for
information and information systems in each such category;
``(2) a definition of and guidelines concerning detection
and handling of information security incidents; and
``(3) guidelines developed in conjunction with the
Department of Defense, including the National Security Agency,
for identifying an information system as a national security
system consistent with applicable requirements for national
security systems, issued in accordance with law and as directed
by the President.
``(c) Development of Standards and Guidelines.--In developing
standards and guidelines required by subsections (a) and (b), the
Institute shall--
``(1) consult with other agencies and offices and the
private sector (including the Director of the Office of
Management and Budget, the Departments of Defense and Energy,
the National Security Agency, the General Accounting Office, and
the Secretary of Homeland Security) to assure--
``(A) use of appropriate information security
policies, procedures, and techniques, in order to
improve information security and avoid unnecessary and
costly duplication of effort; and
``(B) that such standards and guidelines are
complementary with standards and guidelines employed for
the protection of national security systems and
information contained in such systems;
``(2) provide the public with an opportunity to comment on
proposed standards and guidelines;
``(3) <<NOTE: Deadlines.>> submit to the Secretary of
Commerce for promulgation under section 11331 of title 40,
United States Code--
``(A) standards, as required under subsection
(b)(1)(A), no later than 12 months after the date of the
enactment of this section; and
``(B) minimum information security requirements for
each category, as required under subsection (b)(1)(C),
no later than 36 months after the date of the enactment
of this section;
``(4) <<NOTE: Deadline.>> issue guidelines as required under
subsection (b)(1)(B), no later than 18 months after the date of
the enactment of this section;
``(5) to the maximum extent practicable, ensure that such
standards and guidelines do not require the use or procurement
of specific products, including any specific hardware or
software;
``(6) to the maximum extent practicable, ensure that such
standards and guidelines provide for sufficient flexibility to
permit alternative solutions to provide equivalent levels of
protection for identified information security risks; and
``(7) to the maximum extent practicable, use flexible,
performance-based standards and guidelines that permit the use
of off-the-shelf commercially developed information security
products.
``(d) Information Security Functions.--The Institute shall--
``(1) submit standards developed pursuant to subsection (a),
along with recommendations as to the extent to which these
should be made compulsory and binding, to the Secretary of
Commerce for promulgation under section 11331 of title 40,
United States Code;
[[Page 116 STAT. 2959]]
``(2) provide technical assistance to agencies, upon
request, regarding--
``(A) compliance with the standards and guidelines
developed under subsection (a);
``(B) detecting and handling information security
incidents; and
``(C) information security policies, procedures, and
practices;
``(3) conduct research, as needed, to determine the nature
and extent of information security vulnerabilities and
techniques for providing cost-effective information security;
``(4) develop and periodically revise performance indicators
and measures for agency information security policies and
practices;
``(5) evaluate private sector information security policies
and practices and commercially available information
technologies to assess potential application by agencies to
strengthen information security;
``(6) assist the private sector, upon request, in using and
applying the results of activities under this section;
``(7) evaluate security policies and practices developed for
national security systems to assess potential application by
agencies to strengthen information security;
``(8) periodically assess the effectiveness of standards and
guidelines developed under this section and undertake revisions
as appropriate;
``(9) solicit and consider the recommendations of the
Information Security and Privacy Advisory Board, established by
section 21, regarding standards and guidelines developed under
subsection (a) and submit such recommendations to the Secretary
of Commerce with such standards submitted to the Secretary; and
``(10) prepare an annual public report on activities
undertaken in the previous year, and planned for the coming
year, to carry out responsibilities under this section.
``(e) Definitions.--As used in this section--
``(1) the term `agency' has the same meaning as provided in
section 3502(1) of title 44, United States Code;
``(2) the term `information security' has the same meaning
as provided in section 3542(b)(1) of such title;
``(3) the term `information system' has the same meaning as
provided in section 3502(8) of such title;
``(4) the term `information technology' has the same meaning
as provided in section 11101 of title 40, United States Code;
and
``(5) the term `national security system' has the same
meaning as provided in section 3542(b)(2) of title 44, United
States Code.
``(f) Authorization of Appropriations.--There are authorized to be
appropriated to the Secretary of Commerce $20,000,000 for each of fiscal
years 2003, 2004, 2005, 2006, and 2007 to enable the National Institute
of Standards and Technology to carry out the provisions of this
section.''.
SEC. 304. INFORMATION SECURITY AND PRIVACY ADVISORY BOARD.
Section 21 of the National Institute of Standards and Technology Act
(15 U.S.C. 278g-4), is amended--
[[Page 116 STAT. 2960]]
(1) in subsection (a), by striking ``Computer System
Security and Privacy Advisory Board'' and inserting
``Information Security and Privacy Advisory Board'';
(2) in subsection (a)(1), by striking ``computer or
telecommunications'' and inserting ``information technology'';
(3) in subsection (a)(2)--
(A) by striking ``computer or telecommunications
technology'' and inserting ``information technology'';
and
(B) by striking ``computer or telecommunications
equipment'' and inserting ``information technology'';
(4) in subsection (a)(3)--
(A) by striking ``computer systems'' and inserting
``information system''; and
(B) by striking ``computer systems security'' and
inserting ``information security'';
(5) in subsection (b)(1) by striking ``computer systems
security'' and inserting ``information security'';
(6) in subsection (b) by striking paragraph (2) and
inserting the following:
``(2) to advise the Institute, the Secretary of Commerce,
and the Director of the Office of Management and Budget on
information security and privacy issues pertaining to Federal
Government information systems, including through review of
proposed standards and guidelines developed under section 20;
and'';
(7) in subsection (b)(3) by inserting ``annually'' after
``report'';
(8) by inserting after subsection (e) the following new
subsection:
``(f) The Board shall hold meetings at such locations and at such
time and place as determined by a majority of the Board.'';
(9) by redesignating subsections (f) and (g) as subsections
(g) and (h), respectively; and
(10) by striking subsection (h), as redesignated by
paragraph (9), and inserting the following:
``(h) As used in this section, the terms `information system' and
`information technology' have the meanings given in section 20.''.
SEC. 305. TECHNICAL AND CONFORMING AMENDMENTS.
(a) Computer Security Act.--Section 11332 of title 40, United States
Code, and the item relating to that section in the table of sections for
chapter 113 of such title, are repealed.
(b) Floyd D. Spence National Defense Authorization Act for Fiscal
Year 2001.--The Floyd D. Spence National Defense Authorization Act for
Fiscal Year 2001 (Public Law 106-398) is amended by striking section
1062 (44 U.S.C. 3531 note).
(c) Paperwork Reduction Act.--(1) Section 3504(g) of title 44,
United States Code, is amended--
(A) by adding ``and'' at the end of paragraph (1);
(B) in paragraph (2)--
(i) by striking ``sections 11331 and 11332(b) and
(c) of title 40'' and inserting ``section 11331 of title
40 and subchapter II of this chapter''; and
(ii) by striking ``; and'' and inserting a period;
and
(C) by striking paragraph (3).
[[Page 116 STAT. 2961]]
(2) Section 3505 of such title is amended by adding at the end--
``(c) Inventory of Major Information Systems.--(1) The head of each
agency shall develop and maintain an inventory of major information
systems (including major national security systems) operated by or under
the control of such agency.
``(2) The identification of information systems in an inventory
under this subsection shall include an identification of the interfaces
between each such system and all other systems or networks, including
those not operated by or under the control of the agency.
``(3) Such inventory shall be--
``(A) updated at least annually;
``(B) made available to the Comptroller General; and
``(C) used to support information resources management,
including--
``(i) preparation and maintenance of the inventory
of information resources under section 3506(b)(4);
``(ii) information technology planning, budgeting,
acquisition, and management under section 3506(h),
subtitle III of title 40, and related laws and guidance;
``(iii) monitoring, testing, and evaluation of
information security controls under subchapter II;
``(iv) preparation of the index of major information
systems required under section 552(g) of title 5, United
States Code; and
``(v) preparation of information system inventories
required for records management under chapters 21, 29,
31, and 33.
``(4) The Director shall issue guidance for and oversee the
implementation of the requirements of this subsection.''.
(3) Section 3506(g) of such title is amended--
(A) by adding ``and'' at the end of paragraph (1);
(B) in paragraph (2)--
(i) by striking ``section 11332 of title 40'' and
inserting ``subchapter II of this chapter''; and
(ii) by striking ``; and'' and inserting a period;
and
(C) by striking paragraph (3).
TITLE IV--AUTHORIZATION OF APPROPRIATIONS AND EFFECTIVE DATES
SEC. 401. AUTHORIZATION OF APPROPRIATIONS.
Except for those purposes for which an authorization of
appropriations is specifically provided in title I or II, including the
amendments made by such titles, there are authorized to be appropriated
such sums as are necessary to carry out titles I and II for each of
fiscal years 2003 through 2007.
SEC. 402. EFFECTIVE DATES.
(a) Titles <<NOTE: 44 USC 3601 note.>> I and II.--
(1) In general.--Except as provided under paragraph (2),
titles I and II and the amendments made by such titles shall
take effect 120 days after the date of enactment of this Act.
(2) Immediate enactment.--Sections 207, 214, and 215 shall
take effect on the date of enactment of this Act.
[[Page 116 STAT. 2962]]
(b) Titles <<NOTE: 44 USC 3541 note.>> III and IV.--Title III and
this title shall take effect on the date of enactment of this Act.
TITLE <<NOTE: Confidential Information Protection and Statistical
Efficiency Act of 2002.>> V--CONFIDENTIAL INFORMATION PROTECTION AND
STATISTICAL EFFICIENCY
SEC. 501. <<NOTE: 44 USC 3501 note.>> SHORT TITLE.
This title may be cited as the ``Confidential Information Protection
and Statistical Efficiency Act of 2002''.
SEC. 502. <<NOTE: 44 USC 3501 note.>> DEFINITIONS.
As used in this title:
(1) The term ``agency'' means any entity that falls within
the definition of the term ``executive agency'' as defined in
section 102 of title 31, United States Code, or ``agency'', as
defined in section 3502 of title 44, United States Code.
(2) The term ``agent'' means an individual--
(A)(i) who is an employee of a private organization
or a researcher affiliated with an institution of higher
learning (including a person granted special sworn
status by the Bureau of the Census under section 23(c)
of title 13, United States Code), and with whom a
contract or other agreement is executed, on a temporary
basis, by an executive agency to perform exclusively
statistical activities under the control and supervision
of an officer or employee of that agency;
(ii) who is working under the authority of a
government entity with which a contract or other
agreement is executed by an executive agency to perform
exclusively statistical activities under the control of
an officer or employee of that agency;
(iii) who is a self-employed researcher, a
consultant, a contractor, or an employee of a
contractor, and with whom a contract or other agreement
is executed by an executive agency to perform a
statistical activity under the control of an officer or
employee of that agency; or
(iv) who is a contractor or an employee of a
contractor, and who is engaged by the agency to design
or maintain the systems for handling or storage of data
received under this title; and
(B) who agrees in writing to comply with all
provisions of law that affect information acquired by
that agency.
(3) The term ``business data'' means operating and financial
data and information about businesses, tax-exempt organizations,
and government entities.
(4) The term ``identifiable form'' means any representation
of information that permits the identity of the respondent to
whom the information applies to be reasonably inferred by either
direct or indirect means.
(5) The term ``nonstatistical purpose''--
(A) means the use of data in identifiable form for
any purpose that is not a statistical purpose, including
[[Page 116 STAT. 2963]]
any administrative, regulatory, law enforcement,
adjudicatory, or other purpose that affects the rights,
privileges, or benefits of a particular identifiable
respondent; and
(B) includes the disclosure under section 552 of
title 5, United States Code (popularly known as the
Freedom of Information Act) of data that are acquired
for exclusively statistical purposes under a pledge of
confidentiality.
(6) The term ``respondent'' means a person who, or
organization that, is requested or required to supply
information to an agency, is the subject of information
requested or required to be supplied to an agency, or provides
that information to an agency.
(7) The term ``statistical activities''--
(A) means the collection, compilation, processing,
or analysis of data for the purpose of describing or
making estimates concerning the whole, or relevant
groups or components within, the economy, society, or
the natural environment; and
(B) includes the development of methods or resources
that support those activities, such as measurement
methods, models, statistical classifications, or
sampling frames.
(8) The term ``statistical agency or unit'' means an agency
or organizational unit of the executive branch whose activities
are predominantly the collection, compilation, processing, or
analysis of information for statistical purposes.
(9) The term ``statistical purpose''--
(A) means the description, estimation, or analysis
of the characteristics of groups, without identifying
the individuals or organizations that comprise such
groups; and
(B) includes the development, implementation, or
maintenance of methods, technical or administrative
procedures, or information resources that support the
purposes described in subparagraph (A).
SEC. 503. <<NOTE: 44 USC 3501 note.>> COORDINATION AND OVERSIGHT OF
POLICIES.
(a) In General.--The Director of the Office of Management and Budget
shall coordinate and oversee the confidentiality and disclosure policies
established by this title. The Director may promulgate rules or provide
other guidance to ensure consistent interpretation of this title by the
affected agencies.
(b) Agency Rules.--Subject to subsection (c), agencies may
promulgate rules to implement this title. Rules governing disclosures of
information that are authorized by this title shall be promulgated by
the agency that originally collected the information.
(c) Review and Approval of Rules.--The Director shall review any
rules proposed by an agency pursuant to this title for consistency with
the provisions of this title and chapter 35 of title 44, United States
Code, and such rules shall be subject to the approval of the Director.
(d) Reports.--
(1) The head of each agency shall provide to the Director of
the Office of Management and Budget such reports and other
information as the Director requests.
(2) Each Designated Statistical Agency referred to in
section 522 shall report annually to the Director of the Office
[[Page 116 STAT. 2964]]
of Management and Budget, the Committee on Government Reform of
the House of Representatives, and the Committee on Governmental
Affairs of the Senate on the actions it has taken to implement
sections 523 and 524. The report shall include copies of each
written agreement entered into pursuant to section 524(a) for
the applicable year.
(3) The Director of the Office of Management and Budget
shall include a summary of reports submitted to the Director
under paragraph (2) and actions taken by the Director to advance
the purposes of this title in the annual report to the Congress
on statistical programs prepared under section 3504(e)(2) of
title 44, United States Code.
SEC. 504. <<NOTE: 44 USC 3501 note.>> EFFECT ON OTHER LAWS.
(a) Title 44, United States Code.--This title, including amendments
made by this title, does not diminish the authority under section 3510
of title 44, United States Code, of the Director of the Office of
Management and Budget to direct, and of an agency to make, disclosures
that are not inconsistent with any applicable law.
(b) Title 13 and Title 44, United States Code.--This title,
including amendments made by this title, does not diminish the authority
of the Bureau of the Census to provide information in accordance with
sections 8, 16, 301, and 401 of title 13, United States Code, and
section 2108 of title 44, United States Code.
(c) Title 13, United States Code.--This title, including amendments
made by this title, shall not be construed as authorizing the disclosure
for nonstatistical purposes of demographic data or information collected
by the Census Bureau pursuant to section 9 of title 13, United States
Code.
(d) Various Energy Statutes.--Data or information acquired by the
Energy Information Administration under a pledge of confidentiality and
designated by the Energy Information Administration to be used for
exclusively statistical purposes shall not be disclosed in identifiable
form for nonstatistical purposes under--
(1) section 12, 20, or 59 of the Federal Energy
Administration Act of 1974 (15 U.S.C. 771, 779, 790h);
(2) section 11 of the Energy Supply and Environmental
Coordination Act of 1974 (15 U.S.C. 796); or
(3) section 205 or 407 of the Department of the Energy
Organization Act of 1977 (42 U.S.C. 7135, 7177).
(e) Section 201 of Congressional Budget Act of 1974.--This title,
including amendments made by this title, shall not be construed to limit
any authorities of the Congressional Budget Office to work (consistent
with laws governing the confidentiality of information the disclosure of
which would be a violation of law) with databases of Designated
Statistical Agencies (as defined in section 522), either separately or,
for data that may be shared pursuant to section 524 of this title or
other authority, jointly in order to improve the general utility of
these databases for the statistical purpose of analyzing pension and
health care financing issues.
(f) Preemption of State Law.--Nothing in this title shall preempt
applicable State law regarding the confidentiality of data collected by
the States.
[[Page 116 STAT. 2965]]
(g) Statutes Regarding False Statements.--Notwithstanding section
512, information collected by an agency for exclusively statistical
purposes under a pledge of confidentiality may be provided by the
collecting agency to a law enforcement agency for the prosecution of
submissions to the collecting agency of false statistical information
under statutes that authorize criminal penalties (such as section 221 of
title 13, United States Code) or civil penalties for the provision of
false statistical information, unless such disclosure or use would
otherwise be prohibited under Federal law.
(h) Construction.--Nothing in this title shall be construed as
restricting or diminishing any confidentiality protections or penalties
for unauthorized disclosure that otherwise apply to data or information
collected for statistical purposes or nonstatistical purposes,
including, but not limited to, section 6103 of the Internal Revenue Code
of 1986 (26 U.S.C. 6103).
(i) Authority of Congress.--Nothing in this title shall be construed
to affect the authority of the Congress, including its committees,
members, or agents, to obtain data or information for a statistical
purpose, including for oversight of an agency's statistical activities.
Subtitle A--Confidential Information Protection
SEC. 511. <<NOTE: 44 USC 3501 note.>> FINDINGS AND PURPOSES.
(a) Findings.--The Congress finds the following:
(1) Individuals, businesses, and other organizations have
varying degrees of legal protection when providing information
to the agencies for strictly statistical purposes.
(2) Pledges of confidentiality by agencies provide
assurances to the public that information about individuals or
organizations or provided by individuals or organizations for
exclusively statistical purposes will be held in confidence and
will not be used against such individuals or organizations in
any agency action.
(3) Protecting the confidentiality interests of individuals
or organizations who provide information under a pledge of
confidentiality for Federal statistical programs serves both the
interests of the public and the needs of society.
(4) Declining trust of the public in the protection of
information provided under a pledge of confidentiality to the
agencies adversely affects both the accuracy and completeness of
statistical analyses.
(5) Ensuring that information provided under a pledge of
confidentiality for statistical purposes receives protection is
essential in continuing public cooperation in statistical
programs.
(b) Purposes.--The purposes of this subtitle are the following:
(1) To ensure that information supplied by individuals or
organizations to an agency for statistical purposes under a
pledge of confidentiality is used exclusively for statistical
purposes.
(2) To ensure that individuals or organizations who supply
information under a pledge of confidentiality to agencies for
statistical purposes will neither have that information
disclosed
[[Page 116 STAT. 2966]]
in identifiable form to anyone not authorized by this title nor
have that information used for any purpose other than a
statistical purpose.
(3) To safeguard the confidentiality of individually
identifiable information acquired under a pledge of
confidentiality for statistical purposes by controlling access
to, and uses made of, such information.
SEC. 512. <<NOTE: 44 USC 3501 note.>> LIMITATIONS ON USE AND DISCLOSURE
OF DATA AND INFORMATION.
(a) Use of Statistical Data or Information.--Data or information
acquired by an agency under a pledge of confidentiality and for
exclusively statistical purposes shall be used by officers, employees,
or agents of the agency exclusively for statistical purposes.
(b) Disclosure of Statistical Data or Information.--
(1) Data or information acquired by an agency under a pledge
of confidentiality for exclusively statistical purposes shall
not be disclosed by an agency in identifiable form, for any use
other than an exclusively statistical purpose, except with the
informed consent of the respondent.
(2) A disclosure pursuant to paragraph (1) is authorized
only when the head of the agency approves such disclosure and
the disclosure is not prohibited by any other law.
(3) This section does not restrict or diminish any
confidentiality protections in law that otherwise apply to data
or information acquired by an agency under a pledge of
confidentiality for exclusively statistical purposes.
(c) Rule for Use of Data or Information for Nonstatistical
Purposes.--A statistical agency or unit shall clearly distinguish any
data or information it collects for nonstatistical purposes (as
authorized by law) and provide notice to the public, before the data or
information is collected, that the data or information could be used for
nonstatistical purposes.
(d) Designation of Agents.--A statistical agency or unit may
designate agents, by contract or by entering into a special agreement
containing the provisions required under section 502(2) for treatment as
an agent under that section, who may perform exclusively statistical
activities, subject to the limitations and penalties described in this
title.
SEC. 513. <<NOTE: 44 USC 3501 note.>> FINES AND PENALTIES.
Whoever, being an officer, employee, or agent of an agency acquiring
information for exclusively statistical purposes, having taken and
subscribed the oath of office, or having sworn to observe the
limitations imposed by section 512, comes into possession of such
information by reason of his or her being an officer, employee, or agent
and, knowing that the disclosure of the specific information is
prohibited under the provisions of this title, willfully discloses the
information in any manner to a person or agency not entitled to receive
it, shall be guilty of a class E felony and imprisoned for not more than
5 years, or fined not more than $250,000, or both.
[[Page 116 STAT. 2967]]
Subtitle B--Statistical Efficiency
SEC. 521. <<NOTE: 44 USC 3501 note.>> FINDINGS AND PURPOSES.
(a) Findings.--The Congress finds the following:
(1) Federal statistics are an important source of
information for public and private decision-makers such as
policymakers, consumers, businesses, investors, and workers.
(2) Federal statistical agencies should continuously seek to
improve their efficiency. Statutory constraints limit the
ability of these agencies to share data and thus to achieve
higher efficiency for Federal statistical programs.
(3) The quality of Federal statistics depends on the
willingness of businesses to respond to statistical surveys.
Reducing reporting burdens will increase response rates, and
therefore lead to more accurate characterizations of the
economy.
(4) Enhanced sharing of business data among the Bureau of
the Census, the Bureau of Economic Analysis, and the Bureau of
Labor Statistics for exclusively statistical purposes will
improve their ability to track more accurately the large and
rapidly changing nature of United States business. In
particular, the statistical agencies will be able to better
ensure that businesses are consistently classified in
appropriate industries, resolve data anomalies, produce
statistical samples that are consistently adjusted for the entry
and exit of new businesses in a timely manner, and correct
faulty reporting errors quickly and efficiently.
(5) The Congress enacted the International Investment and
Trade in Services Act of 1990 that allowed the Bureau of the
Census, the Bureau of Economic Analysis, and the Bureau of Labor
Statistics to share data on foreign-owned companies. The Act not
only expanded detailed industry coverage from 135 industries to
over 800 industries with no increase in the data collected from
respondents but also demonstrated how data sharing can result in
the creation of valuable data products.
(6) With subtitle A of this title, the sharing of business
data among the Bureau of the Census, the Bureau of Economic
Analysis, and the Bureau of Labor Statistics continues to ensure
the highest level of confidentiality for respondents to
statistical surveys.
(b) Purposes.--The purposes of this subtitle are the following:
(1) To authorize the sharing of business data among the
Bureau of the Census, the Bureau of Economic Analysis, and the
Bureau of Labor Statistics for exclusively statistical purposes.
(2) To reduce the paperwork burdens imposed on businesses
that provide requested information to the Federal Government.
(3) To improve the comparability and accuracy of Federal
economic statistics by allowing the Bureau of the Census, the
Bureau of Economic Analysis, and the Bureau of Labor Statistics
to update sample frames, develop consistent classifications of
establishments and companies into industries, improve coverage,
and reconcile significant differences in data produced by the
three agencies.
(4) To increase understanding of the United States economy,
especially for key industry and regional statistics,
[[Page 116 STAT. 2968]]
to develop more accurate measures of the impact of technology on
productivity growth, and to enhance the reliability of the
Nation's most important economic indicators, such as the
National Income and Product Accounts.
SEC. 522. <<NOTE: 44 USC 3501 note.>> DESIGNATION OF STATISTICAL
AGENCIES.
For purposes of this subtitle, the term ``Designated Statistical
Agency'' means each of the following:
(1) The Bureau of the Census of the Department of Commerce.
(2) The Bureau of Economic Analysis of the Department of
Commerce.
(3) The Bureau of Labor Statistics of the Department of
Labor.
SEC. 523. <<NOTE: 44 USC 3501 note.>> RESPONSIBILITIES OF DESIGNATED
STATISTICAL AGENCIES.
The head of each of the Designated Statistical Agencies shall--
(1) identify opportunities to eliminate duplication and
otherwise reduce reporting burden and cost imposed on the public
in providing information for statistical purposes;
(2) enter into joint statistical projects to improve the
quality and reduce the cost of statistical programs; and
(3) protect the confidentiality of individually identifiable
information acquired for statistical purposes by adhering to
safeguard principles, including--
(A) emphasizing to their officers, employees, and
agents the importance of protecting the confidentiality
of information in cases where the identity of individual
respondents can reasonably be inferred by either direct
or indirect means;
(B) training their officers, employees, and agents
in their legal obligations to protect the
confidentiality of individually identifiable information
and in the procedures that must be followed to provide
access to such information;
(C) implementing appropriate measures to assure the
physical and electronic security of confidential data;
(D) establishing a system of records that identifies
individuals accessing confidential data and the project
for which the data were required; and
(E) being prepared to document their compliance with
safeguard principles to other agencies authorized by law
to monitor such compliance.
SEC. 524. <<NOTE: 44 USC 3501 note.>> SHARING OF BUSINESS DATA AMONG
DESIGNATED STATISTICAL AGENCIES.
(a) In General.--A Designated Statistical Agency may provide
business data in an identifiable form to another Designated Statistical
Agency under the terms of a written agreement among the agencies sharing
the business data that specifies--
(1) the business data to be shared;
(2) the statistical purposes for which the business data are
to be used;
(3) the officers, employees, and agents authorized to
examine the business data to be shared; and
(4) appropriate security procedures to safeguard the
confidentiality of the business data.
(b) Responsibilities of Agencies Under Other Laws.--The provision of
business data by an agency to a Designated Statistical
[[Page 116 STAT. 2969]]
Agency under this subtitle shall in no way alter the responsibility of
the agency providing the data under other statutes (including section
552 of title 5, United States Code (popularly known as the Freedom of
Information Act), and section 552b of title 5, United States Code
(popularly known as the Privacy Act of 1974)) with respect to the
provision or withholding of such information by the agency providing the
data.
(c) Responsibilities of Officers, Employees, and Agents.--
Examination of business data in identifiable form shall be limited to
the officers, employees, and agents authorized to examine the individual
reports in accordance with written agreements pursuant to this section.
Officers, employees, and agents of a Designated Statistical Agency who
receive data pursuant to this subtitle shall be subject to all
provisions of law, including penalties, that relate--
(1) to the unlawful provision of the business data that
would apply to the officers, employees, and agents of the agency
that originally obtained the information; and
(2) to the unlawful disclosure of the business data that
would apply to officers, employees, and agents of the agency
that originally obtained the information.
(d) Notice.--Whenever <<NOTE: Public information.>> a written
agreement concerns data that respondents were required by law to report
and the respondents were not informed that the data could be shared
among the Designated Statistical Agencies, for exclusively statistical
purposes, the terms of such agreement shall be described in a public
notice issued by the agency that intends to provide the data. Such
notice shall allow a minimum of 60 days for public comment.
SEC. 525. <<NOTE: 44 USC 3501 note.>> LIMITATIONS ON USE OF BUSINESS
DATA PROVIDED BY DESIGNATED STATISTICAL AGENCIES.
(a) Use, Generally.--Business data provided by a Designated
Statistical Agency pursuant to this subtitle shall be used exclusively
for statistical purposes.
(b) Publication.--Publication of business data acquired by a
Designated Statistical Agency shall occur in a manner whereby the data
furnished by any particular respondent are not in identifiable form.
SEC. 526. <<NOTE: 44 USC 3501 note.>> CONFORMING AMENDMENTS.
(a) Department of Commerce.--Section 1 of the Act of January 27,
1938 (15 U.S.C. 176a) is amended by striking ``The'' and inserting
``Except as provided in the Confidential Information Protection and
Statistical Efficiency Act of 2002, the''.
(b) Title 13.--Chapter 10 of title 13, United States Code, is
amended--
(1) by adding after section 401 the following:
``Sec. 402. Providing business data to Designated Statistical Agencies
``The Bureau of the Census may provide business data to the Bureau
of Economic Analysis and the Bureau of Labor Statistics (`Designated
Statistical Agencies') if such information is required for an authorized
statistical purpose and the provision is the subject of a written
agreement with that Designated Statistical Agency, or their successors,
as defined in the Confidential Information Protection and Statistical
Efficiency Act of 2002.''; and
[[Page 116 STAT. 2970]]
(2) in the table of sections for the chapter by adding after
the item relating to section 401 the following:
``402. Providing business data to Designated Statistical Agencies.''.
Approved December 17, 2002.
LEGISLATIVE HISTORY--H.R. 2458 (S. 803):
---------------------------------------------------------------------------
HOUSE REPORTS: No. 107-787, Pt. 1 (Comm. on Government Reform).
SENATE REPORTS: No. 107-174 accompanying S. 803 (Comm. on Governmental
Affairs).
CONGRESSIONAL RECORD, Vol. 148 (2002):
Nov. 14, considered and passed House.
Nov. 15, considered and passed Senate.
WEEKLY COMPILATION OF PRESIDENTIAL DOCUMENTS, Vol. 38 (2002):
Dec. 17, Presidential statement.
<all>