Electronic Government: Law, Policy, and Practice Jonathan P. Womer Information Policy and Technology Office of Management and Budget

Slides:

Advertisements

Similar presentations

1 The IT Service Management Performance Challenge IT Service Management in the Federal Sector – A Case Study.

Advertisements

The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

Washington Headquarters Services Executive Services Directorate Information Management Division OMB Collection Number Paperwork Reduction Act – DoD Public.

From Cutting Red Tape to Maximizing Net Benefits Alexander T. Hunt U.S. Office of Management and Budget Challenges on Cutting Red Tape Rotterdam, The Netherlands.

IT Security Law for Federal Agencies As of: 30 December 2002.

Public Key Infrastructure (PKI) Hosting Services.

1  AGA-DC and GWSPCA 6 th ANNUAL CONFERENCE OMB Circular A-123, Appendix A Internal Control Over Financial Reporting Innovative Approaches Jerome A. Vaiana.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

Enterprise Architecture. 2 Agenda What is Enterprise Architecture (EA)? Roles in EA? Why is EA Important? Tangible Benefits from EA? What Do We Need to.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

Intra-ASEAN Secure Transactions Framework Project Progress Report

Archived File The file below has been archived for historical reference purposes only. The content and links are no longer maintained and may be outdated.

Department of Commerce Records Management Training.

Review of Federal Property Policies Bob Holcombe.

April 2, 2013 Longitudinal Data system Governance: Status Report Alan Phillips Deputy Director, Fiscal Affairs, Budgeting and IT Illinois Board of Higher.

National Smartcard Project Work Package 8 – Security Issues Report.

Proposed EA Assessment Framework 2.0 Chief Architect’s Forum (CAF) Dick Burk Chief Architect and Director of Federal Enterprise Architecture Program, OMB.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Privacy Foundations Samuel P. Jenkins Director for Privacy Defense Privacy and Civil Liberties Office Identity.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.

Access America-- Fulfilling the Vision of Electronic Service Delivery Peter N. Weiss Information Policy and Technology Office of Management and Budget.

Commonwealth Office of Technology Finance and Administration Cabinet Electronic Signature Overview Name:Chris Clark Date: October 28, 2004.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Other Laws (Primarily for E-Government) COEN 351.

SERVICES ACQUISITION REFORM ACT OF 2003 A STATUS REPORT Alan Chvotkin Senior Vice President and Counsel Professional Services Council DEFENSE ACQUISITION.

DEVELOPING WEB TRANSACTIONAL CAPABILITIES IN ATF ATF’s E Filing Strategies.

1 Interagency Committee on Government Information (ICGI) and the Web Content Standards Working Group Sheila Campbell, GSA / FirstGov Records Administration.

The Executive Office of the President (EOP). Office of Management and Budget (OMB)

U.S. Department of Agriculture eGovernment Program March 27, 2002 eGovernment Working Group Meeting Chris Niedermayer, USDA eGovernment Executive.

1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

U.S. Department of Agriculture eGovernment Program July 10, 2002 eGovernment Working Group Meeting Chris Niedermayer, USDA eGovernment Executive.

Presidential Memorandum on Managing Government Records Paul Wester Chief Records Officer for the U.S. Government National Archives and Records Administration.

U.S. General Services Administration Federal Technology Service November 9, 1999 Judith Spencer Director, Center for Governmentwide Security Office of.

Federal Electronic Commerce Program Office Tony Trenkle General Services Administration October 28, 1998.

Electronic Signatures in the SFA Loan Programs Electronic P-Notes Presented by Jeff Baker & Kay Jacks.

How Voluntary Consensus Standards Impact Federal Asset Management Bob Holcombe.

FDA Public Meeting on Electronic Records and Signatures June 11, 2004 Presentation of the Industry Coalition on 21CFR Part 11 Alan Goldhammer, PhD Chair.

1 Information Quality Act. Purpose- after this course you will be able to… define what is the Information Quality Act define what is the Information Quality.

U.S. Department of Agriculture eGovernment Program Government Paperwork Elimination Act (GPEA) Kickoff Meeting Nancy Sternberg, USDA GPEA Point of Contact.

Office of Management and Budget NDIA Program Management Systems Committee May 3, 2005 EVMS Compliance Requirements David Muzio.

U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.

Department of Defense Knowledge Fair Tim Young Office of Management and Budget September 27, 2007.

1 E-Gov Act of 2002 and ICGI Recommendations for Federal Web Content Policies and Guidelines Sheila Campbell, Co-chair ICGI Web Content Standards Working.

Evolving Issues in Electronic Data Collection Workshop Interoperability Russ Savage Electronic Transactions Liaison Arizona Secretary of State Office.

EGovOS Panel Discussion CIO Council Architecture & Infrastructure Committee Subcommittee Co-Chairs March 15, 2004.

Session 52-1 Session 52 E-Signature: Implications of the E-SIGN Legislation for Student Aid 1.

OMB Memorandum M Implementation of the Government Charge Card Abuse Prevention Act of 2012 (Charge Card Act) September 2013.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process A course for the Department of Commerce contracting and contracting.

Managing Web Components of the National Marine Mammal Health and Stranding Response Program (MMHSRP) System Presented by: Angela D. Collins-Payne Information.

U.S. Department of Agriculture eGovernment Program March 19, 2003 Overview of Mid-Year Progress Report on GPEA Implementation Activities Nancy Sternberg.

Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.

Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

U.S. Department of Agriculture eGovernment Program Integrated eGovernment Reporting May 2004.

Presented by Eliot Christian, USGS Accessibility, usability, and preservation of government information (Section 207 of the E-Government Act) April 28,

The Value of Creating the Identity Ecosystem. The Identity Ecosystem Steering Group (IDESG) is the source of expertise, guidance, best practices and tools.

FOIA Processing and Privacy Awareness at NOAA Prepared by Mark H. Graff NOAA FOIA Officer OCIO/GPD (301)

Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

The technology behind the USPS EPM. AND COMPLIANCE March 25, 2004 Adam Hoffman.

EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

SERVICES ACQUISITION REFORM ACT OF 2003 A STATUS REPORT

ELECTRONIC GOVERNMENT legal aspects and applications

Protecting the Integrity of Federal Payments

Presentation to Project Certification Committee, DoIT August 24, 2008

Presentation transcript:

Electronic Government: Law, Policy, and Practice Jonathan P. Womer Information Policy and Technology Office of Management and Budget

The Administration Citizen-Centered Results-Oriented Market-Based The Administration’s FY 2002 budget calls on agencies to create an electronic government that is:

The Administration... The 2002 budget requests an e-government fund. How the fund would work: $100 million, spreading this out over three years with a start of $20 million in FY Overseen by OMB similar to the process for the successful Y2K fund. Projects must use capital planning and have a business case. Projects must be interagency or infrastructure and must involve new innovation. Supports GPEA.

Government Paperwork Elimination Act (GPEA) P.L (Title VII) Agencies to automate interactions with outside partners/customers by October 2003 to the extent practicable. Electronic signatures should not be denied legal effect because electronic. Encourages electronic filing, electronic record keeping, and electronic signatures.

Legal Effect and Validity Electronic records submitted or maintained in accordance with procedures developed under this title, or electronic signatures or other forms of electronic authentication used in accordance with such procedures, shall not be denied legal effect, validity, or enforceability because such records are in electronic form. -GPEA, section 1707

E-SIGNPL Effective as soon as October Primarily commercial transactions. Government: When regulating, when market participant, and special cases. Not Contracts. Reinforces electronic signatures and GPEA. memoranda/m00-15.html

Other Legislation n Provide customer service in a fundamentally better way n Re-engineer business process around technology and customers. GPEA GPRA PRA CUSTOMER SERVICE n LESS TIME TO ACCESS n EASIER TO FILL n FASTER TO SUBMIT n QUICKER RESPONSE AND INERNAL PROCESSING Clinger -Cohen When we combine these laws we get:

OMB’s GPEA Guidance Final OMB guidance: Federal Register Vol. 65, No –25521 [00–10801] Also, NIST/PKI, DOJ, Treasury, NARA i.e. “How to go electronic”

OMB’s Guidance on Going Electronic Weigh the magnitude of the risk and select an appropriate combination of technology and practice to cost-effectively minimize risk and maximize benefits to agency and to customers. Use electronic signatures to reduce burden. Incorporate security into information and systems architecture.

OMB’s Guidance on Going Electronic - continued Plans on agency implementation were due to OMB 31 October 2000 (and OMB tracking through information collection review process defined by Paperwork Reduction Act). Funding requirements for GPEA projects should be noted in IT Capital Asset Plans sent to OMB. “... develop baselines and verifiable performance measures that track the agency's mission, strategic plans, and tactical goals, as required by the Clinger-Cohen Act.”

Authentication/Identity Techniques Personal Identification Numbers (PINS) Automated teller machines (with token) IRS TeleFile, SEC EDGAR (without token) Cryptographic Digital Signatures Public and private sector pilots, some production applications Biometrics Can be used in conjunction with digital signatures

How do they differ? PINs and biometrics/signature dynamics tend to be one to one within a single application, i.e. automates the stovepipes. Cryptographic digital signatures can be used for multiple applications utilizing digital certificates as a component of a Public Key Infrastructure, i.e. can cut across stovepipes.

Privacy Act (5 U.S.C. 552a) Federal databases containing personal identifying information in support of PINs, biometrics, or digital signatures are “systems of records.” Contractor-maintained databases containing personal identifying information, e.g. contracted CA/RA services, are usually covered “systems of records.” Possible exception if certificates are generally available, e.g. SET.

Practical Implications/Good Practices Collect it only if you need it. [sec 1708 of GPEA] Often system of records under Privacy Act Disclose conditions and limits of use and Articulate and disclose protective policies and measures: -- POST PRIVACY POLICY Provide reasonable personal access with ability to correct and/or update. Destroy personal information when no longer needed; important to determine appropriate retention period.

The bottom line: Designing an automated system that is more efficient, with better authentication and privacy than paper-based systems is not difficult, BUT… You must cover all the bases.

Electronic Commerce Sources Electronic Government at the CIO Council "Framework for Global Electronic Commerce" GPEA Resources gpea_index.htm Federal Public Key Infrastructure Steering Committee