CIRCULAR NO. A-130 TO THE HEADS OF EXECUTIVE …

1 1 CIRCULAR NO. A-130 TO THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES SUBJECT: Managing Information as a Strategic Resource 1. Introduction 2. Purpose 3. Applicability 4. Basic Considerations 5. Policy a. Planning and Budgeting b. Governance c. Leadership and Workforce d. IT Investment Management e. Information Management and Access f. Privacy and Information Security g. Electronic Signatures h. Records Management i. Leveraging the Evolving Internet 6. Government-wide Responsibilities 7. Effectiveness 8. Oversight 9. Authority 10. Definitions 11. Inquiries Appendix I: Responsibilities for Protecting and Managing Federal Information Resources 1. Introduction 2. Purpose 3. General Requirements 4. Specific Requirements 5. Government-wide Responsibilities 6. Discussion of the Major Provisions in the Appendix 7.

2 Other Requirements 8. References Appendix II: Responsibilities for Managing Personally Identifiable Information 1. Purpose 2. Introduction 3. Fair Information Practice Principles 4. Senior Agency Official for Privacy 5. Agency Privacy Program 6. Managing PII Collected for Statistical Purposes Under a Pledge of Confidentiality 2 1. Introduction Information and information technology (IT) resources are critical to the social, political, and economic well-being. They enable the Federal Government to provide quality services to citizens, generate and disseminate knowledge, and facilitate greater productivity and advancement as a Nation. It is important for the Federal Government to maximize the quality and security of Federal information systems, and to develop and implement uniform and consistent information resources management policies in order to inform the public and improve the productivity, efficiency, and effectiveness of agency programs.

3 Additionally, as technology evolves, it is important that agencies manage information systems in a way that addresses and mitigates security and privacy risks associated with new information technologies and new information processing capabilities. These new information technologies and information processing capabilities also provide significant opportunities for agencies. The deeply embedded nature of IT in all Federal agency missions and business processes, and the emergence of the digital economy, combined with the increasing interconnection of technology and public services, has changed the way we share information, changed the way we use and view technology, and has forever changed Americans expectations. To meet expectations of the American people and facilitate innovation, the Federal Government must continue to transform itself to embrace and respond to the digital revolution by developing and maintaining a top-notch workforce and delivering secure, world-class digital services that serve the public.

4 With IT at the core of nearly everything the Federal Government does, agencies must continually identify ways to apply new and emerging technologies that can fundamentally improve the way Government works and delivers services to the American people in the most cost-effective way possible. Delivering world-class digital services requires the Federal Government to change its approach to buying, building, and delivering IT and information. This CIRCULAR is designed to help drive the transformation of the Federal Government and the way it builds, buys, and delivers technology by institutionalizing more agile approaches intended to facilitate the rapid adoption of changing technologies, in a way that enhances information security, privacy, and management of information resources across all Federal programs and services.

5 2. Purpose This Circular1 establishes general policy for the planning, budgeting, governance, acquisition, and management of Federal information, personnel, equipment, funds, IT resources and supporting infrastructure and services. The appendices to this CIRCULAR also include responsibilities for protecting Federal information resources and managing personally identifiable information (PII). While it is the responsibility of all agency leadership, program managers, and staff to implement the requirements of this CIRCULAR , agency HEADS have ultimate 1 Although this CIRCULAR touches on many specific information resources management issues such as privacy, confidentiality, information quality, dissemination, and statistical policy, those topics are covered more fully in other Office of Management and Budget (OMB) policies, which are available on the OMB website.

6 Agencies shall implement the policies in this CIRCULAR and those in other OMB policy guidance in a mutually consistent fashion. 3 responsibility for ensuring that the requirements of this CIRCULAR are implemented for their agency. 3. Applicability The requirements of this CIRCULAR apply to the information resources management activities of all agencies2 of the EXECUTIVE Branch of the Federal Government. The requirements of this CIRCULAR apply to management activities concerning all information resources in any medium (unless otherwise noted), including paper and electronic information. When an agency acts as a service provider, the ultimate responsibility for compliance with applicable requirements of this CIRCULAR is not shifted (to the service provider). Agencies shall describe the responsibilities of service providers in relevant agreements with the service providers.

7 Agencies are not required to apply this CIRCULAR to national security systems (defined in 44 3552), but are encouraged to do so where appropriate. For national security systems, agencies shall follow applicable statutes, EXECUTIVE orders, directives, and internal agency policies. 4. Basic Considerations Federal information is both a strategic asset and a valuable national resource. It enables the Government to carry out its mission and programs effectively. It provides the public with knowledge of the Government, society, economy, and environment past, present, and future. Federal information is also a means to ensure the accountability of Government, to manage the Government s operations, and to maintain and enhance the performance of the economy, the public health, and welfare.

8 Appropriate access to Federal information significantly enhances the value of the information and the return on the Nation s investment in its creation. The following considerations reflect these principles: a. The free flow of information between the Government and the public is essential to a democratic society. Therefore, the management of Federal information resources shall protect the public s right of access to Federal information; b. Government agencies shall be open, transparent, and accountable to the public. Promoting openness and interoperability, subject to applicable legal and policy requirements, increases operational efficiencies, reduces costs, improves services, supports mission needs, and increases public access to valuable Federal information; c.

9 Making Federal information discoverable, accessible, and usable can fuel entrepreneurship, innovation, and scientific discovery that improves the lives of Americans, and contributes significantly to national stability and prosperity, and fosters public participation in Government; d. The Federal Government shall provide members of the public with access to public information on Government websites. This responsibility includes taking affirmative steps to ensure and maximize the quality, objectivity, utility, and integrity of Federal information prior to public dissemination, and maintaining processes for addressing requests for correction of information disseminated publicly; 2 Agency means any EXECUTIVE agency or department, military department, Federal Government corporation, Federal Government-controlled corporation, or other establishment in the EXECUTIVE Branch of the Federal Government, or any independent regulatory agency.

10 4 e. The open and efficient exchange of scientific and technical Federal information, subject to applicable security and privacy controls and the proprietary rights of others, fosters excellence in scientific research and effective use of Federal research and development resources; f. Federal information is a strategic asset subject to risks that must be managed to minimize harm; g. Protecting an individual s privacy is of utmost importance. The Federal Government shall consider and protect an individual s privacy throughout the information life cycle; h. While security and privacy are independent and separate disciplines, they are closely related, and it is essential for agencies to take a coordinated approach to identifying and managing security and privacy risks and complying with applicable requirements; i.