Federal agencies’ privacy programs shall have the resources needed to manage Federal information resources that involve personally identifiable information (PII). This will require privacy programs to play a key role in the development of the agencies’ budget requests, as well as any decisions to acquire or develop information system technologies and services.
Related Laws, Policies, and Resources:
E-Government Act of 2002
Section 208 of the E-Government Act requires all Federal agencies to conduct a privacy impact assessment (PIA) when developing or procuring new information technology involving the collection, maintenance, or dissemination of information in identifiable form or when making substantial changes to existing information technology that manages information in identifiable form. Among other things, it requires Federal agencies to provide the Director of the Office of Management and Budget with a copy of the PIA for each system for which funding is requested.
OMB Circular No. A-11, Preparation, Submission, and Execution of the Budget (July 10, 2020)
This Circular provides guidance on preparing, submitting, and executing the President’s Budget. Among other things it requires Federal agencies’ Chief Information Officers to collaborate with Senior Agency Officials for Privacy (SAOP) on their IT Budget submissions. It requires Federal agencies to include in their IT Resource Statements a statement that the SAOP has reviewed the IT Budget submission and that privacy requirements, as well as any associated costs, are explicitly identified and included with respect to any IT resources that will be used to create, collect, use, process, store, maintain, disseminate, disclose, or dispose of PII.
OMB Circular A-130, Managing Information as a Strategic Resource (July 28, 2016)
This Circular establishes general policy for the planning, budgeting, governance, acquisition, and management of Federal information, personnel, equipment, funds, IT resources, and supporting infrastructure and services. Among other things, it requires privacy programs to play a key role in the development of the agencies’ budget requests, as well as any decisions to acquire or develop information system technologies and services.