H.R.2458 - E-Government Act of 2002107th Congress (2001-2002)
|Sponsor:||Rep. Turner, Jim [D-TX-2] (Introduced 07/11/2001)|
|Committees:||House - Government Reform; Judiciary|
|Committee Reports:||H. Rept. 107-787|
|Latest Action:||12/17/2002 Became Public Law No: 107-347. (TXT | PDF) (All Actions)|
|Notes:||Includes H.R.3844 Federal Information Security Management Act of 2002 as Title III and H.R.5215 Confidential Information Protection and Statistical Efficiency Act of 2002 as Title V.|
This bill has the status Became Law
Here are the steps for Status of Legislation:
- Passed House
- Passed Senate
- To President
- Became Law
Summary: H.R.2458 — 107th Congress (2001-2002)All Bill Information (Except Text)
E-Government Act of 2002 - Title I: Office of Management and Budget Electronic Government Services - (Sec. 101) Establishes in the Office of Management and Budget (OMB) an Office of Electronic Government, headed by an Administrator appointed by the President. Requires the Administrator to assist the Director and Deputy Director for Management and work with the Administrator of the Office of Information and Regulatory Affairs in setting strategic direction for implementing electronic Government under relevant statutes, including the Privacy Act, the Government Paperwork Elimination Act, and the Federal Information Security Management Act of 2002. Defines "electronic Government" (E-Government) as the use by Government of web-based Internet applications and other information technologies, combined with processes that implement these technologies, to: (1) enhance the access to and delivery of Government information and services; or (2) bring about improvements in Government operations.
Passed House amended (11/15/2002)
Directs the Administrator to work with offices within OMB to oversee implementation of E-Government in areas including: (1) capital planning and investment control for information technology (IT); (2) the development of enterprise architectures; (3) information security; (4) privacy; (5) access to, dissemination of, and preservation of Government information; and (6) accessibility of IT for persons with disabilities.
Directs the Administrator to assist the Director by performing E-Government functions, including: (1) advising on the resources required to develop and effectively administer E-Government initiatives; (2) recommending changes relating to government-wide strategies and priorities for E-Government; (3) providing overall leadership and direction to the executive branch on E-Government; (4) promoting innovative uses of IT by agencies; (5) overseeing the distribution of funds from, and ensuring appropriate administration and coordination of, the E-Government Fund (established by this Act); (6) coordinating with the Administrator of General Services regarding programs undertaken by the General Services Administration (GSA) to promote E-Government and the efficient use of information technologies by agencies; (7) leading the activities of the Chief Information Officers Council (established by this Act) on behalf of the Deputy Director for Management (who shall chair the council); (8) assisting in establishing policies which shall set the framework for Government IT standards developed by the National Institute of Standards and Technology (NIST) and promulgated by the Secretary of Commerce; (9) coordinating with the Administrator for Federal Procurement Policy to ensure effective implementation of electronic procurement initiatives; and (10) assisting Federal agencies in implementing accessibility standards under the Rehabilitation Act of 1973 and ensuring compliance with those standards.
Establishes in the executive branch a Chief Information Officers Council. Designates the Council as the principal interagency forum for improving agency practices related to the design, acquisition, development, modernization, use, operation, sharing, and performance of Federal Government information resources.
Requires the Council to perform functions that include: (1) developing recommendations for the Director on Government information resources management policies and requirements; (2) sharing experiences, ideas, best practices, and innovative approaches related to information resources management; (3) assisting the Administrator in the identification, development, and coordination of multi-agency projects and other innovative initiatives to improve Government performance through the use of IT; (4) promoting the development and use of common performance measures for agency information resources management; (5) working with NIST and the Administrator to develop recommendations on IT standards; (6) working with the Office of Personnel Management (OPM) to assess the hiring, training, classification, and professional development needs of the Government related to information resources management; and (7) working with the Archivist of the United States on how the Federal Records Act can be addressed effectively by Federal information resources management activities.
Establishes in the U.S. Treasury the E-Government Fund to support projects to expand the Government's ability to conduct activities electronically, including efforts to: (1) make Government information and services more readily available to members of the public; (2) make it easier for the public to conduct transactions with the Government; and (3) enable Federal agencies to take advantage of IT in sharing information and conducting transactions with each other and with State and local governments.
Requires the Administrator to: (1) establish procedures for accepting and reviewing proposals for funding; and (2) assist the Director in coordinating resources that agencies receive from the Fund with other resources available to agencies for similar purposes. Sets forth provisions regarding procedures the Administrator shall incorporate, criteria to be considered in determining which proposals to recommend for funding, and permissible uses of funds.
Directs the Administrator to: (1) establish a Government-wide program to encourage contractor innovation and excellence in facilitating the development and enhancement of E-Government services and processes, under which the Administrator shall issue announcements seeking unique and innovative solutions to facilitate such development and enhancement; and (2) convene a multi-agency technical assistance team to assist in screening solution proposals.
Requires the Director to submit an annual E-Government status report.
(Sec. 102) Requires the Administrator of General Services to consult with the Administrator of the Office of Electronic Government on programs undertaken by GSA to promote E-Government and the efficient use of IT by Federal agencies.
Title II: Federal Management and Promotion of Electronic Government Services - (Sec. 202) Makes the head of each agency responsible for: (1) complying with the requirements of this Act, the related information resource management policies and guidance established by the Director of OMB, and the related IT standards promulgated by the Secretary of Commerce; (2) communicating such policies, guidance, and related IT standards to all relevant agency officials; and (3) supporting the efforts of the Director and the Administrator of GSA to develop, maintain, and promote an integrated Internet-based system of delivering Government information and services to the public.
Requires agencies to: (1) develop performance measures that demonstrate how E-Government enables progress toward agency objectives, strategic goals, and statutory mandates; (2) rely on existing data collections in measuring performance under this section; (3) link performance goals to key groups, including citizens, businesses, and other governments, and to internal Government operations; and (4) work collectively in linking performance goals to such groups and to use IT in delivering Government information and services to those groups. Includes customer service, agency productivity, and adoption of innovative IT as areas of performance measurements that agencies should consider.
Requires: (1) agency heads, when promulgating policies and implementing programs regarding the provision of Government information and services over the Internet, to consider the impact on persons without Internet access; (2) all actions taken by Federal departments and agencies under this Act to comply with the Rehabilitation Act; and (3) agencies to sponsor activities that use IT to engage the public in the development and implementation of policies and programs.
Makes the Chief Information Officer (CIO) of each of the designated agencies responsible for: (1) participating in the functions of the Chief Information Officers Council; and (2) monitoring the implementation of IT standards promulgated by the Secretary of Commerce, including common standards for interconnectivity and interoperability, categorization of Government electronic information, and computer system efficiency and security.
Requires each agency to submit to the Director an annual E-Government status report.
Makes this title inapplicable to national security systems, with exceptions.
(Sec. 203) Requires: (1) each executive agency to ensure that its methods for use and acceptance of electronic signatures are compatible with the relevant policies and procedures issued by the Director; and (2) the Administrator of General Services to support the Director by establishing a framework to allow efficient interoperability among executive agencies when using electronic signatures.
(Sec. 204) Requires the Director to work with the Administrator of GSA and other agencies to maintain and promote an integrated Internet-based system of providing the public with access to Government information and services, based on specified criteria.
(Sec. 205) Directs the Chief Justice of the United States, the chief judge of each circuit and district and of the Court of Federal Claims, and the chief bankruptcy judge of each district to cause to be established and maintained a court website that contains specified information or links to websites, including location and contact information for the courthouse, local rules, access to docket information, access to the substance of all written opinions issued by the court, access to documents filed with the courthouse in electronic form, and other information deemed useful to the public. Requires the information and rules on each website to be updated regularly.
Requires each court to make any document that is filed electronically publicly available online, with exceptions (such as sealed documents). Directs the Supreme Court to prescribe rules to protect privacy and security concerns relating to electronic filing of documents and their public availability, providing for uniform treatment of privacy and security issues throughout the Federal courts, taking into consideration best practices in Federal and State courts, and meeting requirements regarding the filing of an unredacted document under seal.
Sets forth provisions regarding the issuance by Judicial Conference of the United States of interim and final rules on privacy and security. Directs the Judicial Conference to explore the feasibility of technology to post online dockets with links allowing all filings, decisions, and rulings in each case to be obtained from the docket sheet of that case.
Amends the Judiciary Appropriations Act, 1992 to authorize (currently, requires) the Judicial Conference to prescribe reasonable fees for collection by the courts for access to information available through automatic data processing equipment.
Requires the websites to be established within two years of this title's effective date, except that access to documents filed in electronic form shall be established within four years.
Authorizes the Chief Justice, a chief judge, or a chief bankruptcy judge to submit a notification to the Administrative Office of the United States Courts to defer compliance with any requirement of this section with respect to that court, subject to specified requirements. Sets forth reporting requirements regarding notifications.
(Sec. 206) Requires that each agency, subject to a specified timetable and limitations: (1) ensure that a publicly accessible Government website includes all information about that agency required to be published in the Federal Register under the Freedom of Information Act; (2) accept submissions by electronic means; (3) ensure that a publicly accessible Government website contains electronic dockets for rule-makings.
(Sec. 207) Requires the Director to establish the Interagency Committee on Government Information to: (1) engage in public consultation, including with interested communities such as public and advocacy organizations; (2) conduct studies and submit recommendations to the Director and Congress; and (3) share effective practices for access to, dissemination of, and retention of Federal information.
Requires the Committee to submit recommendations to the Director on: (1) the adoption of standards to enable the organization and categorization of Government information in a way that is searchable electronically and in ways that are interoperable across agencies; (2) the definition of categories of Government information which should be classified under the standards; and (3)determining priorities and developing schedules for initial implementation of the standards by agencies. Requires the Director to issue policies to effectuate such recommendations.
Requires the Committee to submit recommendations to the Director and the Archivist of the United States on, and directs the Archivist to require, the adoption by agencies of policies and procedures to ensure that specified Federal statutes are applied effectively and comprehensively to Government information on the Internet and to other electronic records Requires the Director to promulgate guidance for agency websites that includes: (1) requirements that websites include direct links to descriptions of the mission and statutory authority of the agency, information made available under the Freedom of Information Act, information about the organizational structure of the agency, and the strategic plan of the agency; and (2) minimum agency goals to assist public users to navigate agency websites, including goals pertaining to the speed of retrieval of search results, the relevance of the results, tools to aggregate and dis-aggregate data, and security protocols to protect information.
Requires each agency to: (1) solicit public comment; (2) establish a process for determining which Government information the agency intends to make available to the public on the Internet and by other means; (3) develop priorities and schedules for making Government information available and accessible; (4) make such final determinations available for public comment; (5) post such final determinations on the Internet; and (6) report such final determinations, to the Director.
Requires the Director and each agency to: (1) establish a public domain directory of public Government websites; and (2) post the directory on the Internet with a link to the integrated Internet-based system. Requires the Administrator of the Office of Electronic Government to update the directory at least every six months and solicit interested persons for improvements to the directory.
Requires the Director of OMB to ensure the development and maintenance of: (1) a repository that fully integrates information about research and development (R&D) funded by the Federal Government; and (2) one or more websites upon which all or part of the repository of Federal R&D shall be made available to and searchable by Federal agencies and non-Federal entities, including the general public, to facilitate the coordination of Federal R&D activities, collaboration among those conducting Federal R&D, the transfer of technology among Federal agencies and between Federal agencies and non-Federal entities, and access by policymakers and the public to information concerning Federal R&D activities.
(Sec. 208) Requires each agency to conduct a privacy impact assessment, ensure the review of that assessment by the Chief Information Officer or equivalent official, and make such assessment publicly available, before: (1) developing or procuring IT that collects, maintains, or disseminates information that is in an identifiable form; or (2) initiating a new collection of information that will be collected, maintained, or disseminated using IT and that includes any information in an identifiable form permitting the physical or online contacting of a specified individual if identical questions have been posed to, or identical reporting requirements have been imposed on, ten or more persons other than Federal agencies, instrumentalities, or employees.
Sets forth provisions regarding modifying or waiving requirements of this section for security reasons or to protect classified, sensitive, or private information.
Requires the Director to issue guidance to agencies specifying the required contents of a privacy impact assessment. Requires the guidance to: (1) ensure that a privacy impact assessment is commensurate with the size of the information system being assessed, the sensitivity of information that is in an identifiable form, and the risk of harm from unauthorized release of that information; and (2) require that such assessment address what information is to be collected, why it is being collected, the intended use of the information, with whom it will be shared, what notice or opportunities for consent would be provided to individuals, how the information will be secured, and whether a system of records is being created under the Privacy Act. Requires the Director to: (1) develop policies and guidelines on conducting such assessments; (2) oversee implementation of the assessment process throughout the Government; and (3) require agencies to conduct assessments of existing information systems or ongoing collections of information that is in an identifiable form.
Requires the Director to develop guidance for privacy notices on agency websites used by the public.
(Sec. 209) Requires the Director of OPM to: (1) analyze, on an ongoing basis, the personnel needs of the Government related to IT and information resource management; (2) identify where current IT and information resource management training do not satisfy such needs; (3) oversee the development of curricula, training methods, and training priorities that correspond to the projected needs; and (4) assess the training of Federal employees in IT disciplines to ensure that information resource management needs of the Government are addressed.
Requires each agency head to establish and operate IT training programs that: (1) have curricula covering a broad range of IT disciplines corresponding to the specific IT and information resource management needs; (2) are developed and applied according to rigorous standards; and (3) are designed to maximize efficiency through the use of self-paced courses, on-the-job training, and the use of remote instructors.
Requires the Director of OPM to: (1) issue policies to promote the development of performance standards for training and uniform implementation of this section by executive agencies; and (2) evaluate implementation.
Sets forth provisions regarding chief information officer authorities and responsibilities, IT training reporting, authority to detail employees to non-Federal employers, and employee participation. Authorizes appropriations.
Authorizes an agency head to arrange for the assignment of an agency employee to a private sector organization or of an employee of such an organization to the agency. States that an eligible employee is one who works in the IT management field, is considered an exceptional performer by the individual's current employer, is expected to assume increased IT management responsibilities in the future, and is employed at the GS-11 level or above. Sets forth provisions regarding assignment agreements, termination and duration of assignments, assistance in maintaining lists of potential candidates, and considerations in exercising authority under this section.
Authorizes the Chief Technology Officer of the District of Columbia to arrange for such an assignment in the same manner as the head of an agency.
Sets forth provisions regarding reporting requirements, regulations prescribed by the Director of OPM, and ethics provisions (including restrictions on the disclosure of confidential communications, contract advice by former detailees, and the disclosure of procurement information).
(Sec. 210) Authorizes an agency head to enter into a share-in-savings contract for IT in which the Government awards a contract to improve mission-related or administrative processes, or to accelerate the achievement of its mission, and to share with the contractor savings achieved through contract performance. Limits such a contract to a five year period, with exceptions. Sets forth reporting requirements by the Director of OMB and by the Comptroller General regarding such contracts. Repeals the share-in-savings pilot program.
(Sec. 211) Authorizes the Administrator to provide for the use by State or local governments of Federal supply schedules of GSA for automated data processing equipment, software, supplies, support equipment, and services.
(Sec. 212) Requires the Director to: (1) oversee a study and report to specified congressional committees on progress toward integrating Federal information systems across agencies; and (2) designate a series of no more than five pilot projects that integrate data elements.
(Sec. 213) Directs the Administrator to: (1) ensure that a study is conducted to evaluate the best practices of community technology centers that have received Federal funds; (2) work with other relevant Federal agencies and other interested persons to assist in the implementation of recommendations and to identify other ways to assist community technology centers, public libraries, and other institutions that provide computer and Internet access to the public; and (3) develop an online tutorial that explains how to access Government information and services on the Internet and that provides a guide to available online resources. Authorizes appropriations.
(Sec. 214) Directs the Administrator to: (1) ensure that a study is conducted on using IT to enhance crisis preparedness, response, and consequence management of natural and manmade disasters; and (2) initiate and cooperate with other agencies and appropriate State, local, and tribal governments in initiating pilot projects or report to Congress on other activities aimed at maximizing the utility of IT in disaster management.
(Sec. 215) Directs the Administrator of GSA to request that the National Academy of Sciences, acting through the National Research Council, enter into a contract to conduct a study on disparities in Internet access for online Government services.
(Sec. 216) Requires the Administrator to facilitate the development of common protocols for the development, acquisition, maintenance, distribution, and application of geographic information.
Title III: Information Security - Federal Information Security Management Act of 2002 - Requires the Director of OMB to oversee agency information security policies and practices, including by: (1) developing and overseeing the implementation of policies, principles, standards, and guidelines on information security; (2) requiring agencies to identify and provide information security protections commensurate with the risk and magnitude of the harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of information or information systems used or operated by an agency or by a contractor on behalf of an agency; (3) coordinating the development of standards and guidelines under the National Institute of Standards and Technology Act with agencies exercising control of national security systems to assure that such standards and guidelines are complementary with those developed for national security systems; (4) overseeing agency compliance with this Act; (5) reviewing at least annually, and approving or disapproving, agency information security programs; (6) coordinating information security policies and procedures with related information resources management policies and procedures; (7) overseeing the operating of the Federal information security incident center; and (8) reporting to Congress by March 1 of each year on agency compliance with this Act.
Sets forth provisions regarding delegation of the Director's authority regarding certain systems operated by the Department of Defense and by the Central Intelligence Agency.
Directs the head of each agency to: (1) be responsible for providing information security protections commensurate with the risk and magnitude of the harm resulting from unauthorized access and for complying with information security standards and guidelines; (2) ensure that senior agency officials provide information security for the information and information systems that support operations and assets; (3) delegate to the agency CIO the authority to ensure compliance with the regulations imposed under this Act; (4) ensure that the agency has trained personnel sufficient to assist the agency in complying with Act requirements; and (5) ensure that the agency CIO reports annually on the effectiveness of the agency information security program.
Requires each agency to develop, document, and implement an agency-wide information security program to provide information security for the information and information systems that support operations and assets. Requires such program to include: (1) periodic risk assessments; (2) policies and procedures that ensure that information security is addressed throughout the life cycle of each agency information system; (3) subordinate plans for providing adequate information security for networks, facilities, and systems or groups of information systems; (4) security awareness training; (5) periodic testing and evaluation of the effectiveness of information security policies, procedures, and practices; (6) a process for planning, implementing, evaluating, and documenting remedial action to address deficiencies; (7) procedures for detecting, reporting, and responding to security incidents; and (8) plans and procedures to ensure continuity of operations for information systems that support the operations and assets of the agency.
Requires each agency to: (1) report annually to the Director, specified congressional committees, and the Comptroller General on the adequacy and effectiveness of information security policies, procedures, and practices and on compliance with this Act; (2) address such adequacy and effectiveness in plans and reports relating to annual agency budgets, information resources management, IT management, program performance, financial management, financial management systems, and internal accounting and administrative controls; and (3) report any significant deficiency.
Sets forth requirements regarding performance plans, and public notice and comment. Requires each agency to have performed an annual independent evaluation.
Requires the Director to: (1) summarize the results of the evaluations and report to Congress; and (2) ensure the operation of a central Federal information security incident center. Requires each agency exercising control of a national security system to share information about information security incidents, threats, and vulnerabilities with the center to the extent consistent with standards and guidelines for national security systems).
(Sec. 302) Directs that standards and guidelines for national security systems be developed, prescribed, enforced, and overseen as otherwise authorized by law and as directed by the President.
Requires the Secretary to make standards prescribed for Federal information systems compulsory and binding as necessary to improve the efficiency of operation or security of such systems. Requires that the decision by the Secretary regarding the promulgation of standards under this section occur within six months of submission of the proposed standard by NIST.
(Sec. 303) Amends the National Institute of Standards and Technology Act to provide that NIST shall: (1) have the mission of developing standards, guidelines, and associated methods and techniques for information (currently, computer) systems; (2) develop standards and guidelines, including minimum requirements, for information systems used or operated by an agency or by a contractor on behalf of an agency, other than national security systems; and (3) develop standards and guidelines, including minimum requirements, for providing adequate information security for all agency operations and assets.
(Sec. 304) Renames the Computer System Security and Privacy Advisory Board as the Information Security and Privacy Advisory Board. Includes among its duties to advise the Director (currently limited to the Institute and the Secretary) on information security and privacy issues pertaining to Government information systems.
(Sec. 305) Amends the Paperwork Reduction Act to require each agency head to develop and maintain an inventory of major information systems (including major national security systems) operated or under the control of such agency, including an identification of the interfaces between each such system and all other systems or networks. Requires such inventory to be: (1) updated at least annually; (2) made available to the Comptroller General; and (3) used to support information resources management.
Title IV: Authorization of Appropriations and Effective Dates - (Sec. 401) Authorizes appropriations to carry out titles I and II for FY 2003 through 2007.
Title V: Confidential Information Protection and Statistical Efficiency - Confidential Information Protection and Statistical Efficiency Act of 2002 - (Sec. 503) Authorizes agencies to promulgate rules to implement this title. Requires the Director to: (1) coordinate and oversee the confidentiality and disclosure policies established by this title; and (2) review any rules proposed by an agency pursuant to this title. Sets forth reporting requirements.
(Sec. 504) Prohibits data or information acquired by the Energy Information Administration under a pledge of confidentiality and designated by that Administration to be used for exclusively statistical purposes from being disclosed in identifiable form for non-statistical purposes under specified energy statutes.
Subtitle A: Confidential Information Protection - (Sec. 512) Directs that data or information acquired by an agency under a pledge of confidentiality and for exclusively statistical purposes be used by officers, employees, or agents of the agency exclusively for statistical purposes.
Bars the use of data or information acquired by an agency under a pledge of confidentiality for exclusively statistical purposes from being disclosed by an agency in identifiable form for use other than an exclusively statistical purpose, except with the respondent's informed consent.
Requires a statistical agency or unit to clearly distinguish data or information it collects for non-statistical purposes (as authorized by law) and provide notice to the public, before it is collected, that it could be used for non-statistical purposes.
Allows a statistical agency or unit to designate agents who may perform exclusively statistical activities, subject to specified limitations and penalties.
(Sec. 513) Sets penalties for willfully disclosing information to a person or agency not entitled to receive it.
Subtitle B: Statistical Efficiency - Requires the head of each of the Designated Statistical Agencies (DSA) (defined as the Bureau of the Census and the Bureau of Economic Analysis of the Department of Commerce and the Bureau of Labor Statistics of the Department of Labor) to: (1) identify opportunities to eliminate duplication and otherwise reduce reporting burden and cost imposed on the public in providing information for statistical purposes; (2) enter into joint statistical projects to improve the quality and reduce the cost of statistical programs; and (3) protect the confidentiality of individually identifiable information acquired for statistical purposes by adhering to safeguard principles.
(Sec. 524) Allows a DSA to provide business data in an identifiable form to another DSA under the terms of a written agreement.
(Sec. 525) Requires: (1) business data provided by a DSA pursuant to this subtitle to be used exclusively for statistical purposes; and (2) publication of data acquired by a DSA in a manner whereby the data furnished by any particular respondent are not in identifiable form.