OMB Circular No. A-130

OMB Circular No. A-130 establishes policies for the management of federal information resources, as required by the Paperwork Reduction Act of 1980 The Circular sets forth a number of general polices concerning the protection of personal privacy by the federal government: consistent with their missions. Agencies shall discharge this responsibility by providing (a) information as required by law. . . ; and (b) access to agency records under provisions of FOIA and the Privacy Act, subject to the protections and limitations provided for in these Acts.
 * The individual’s right of privacy must be protected in federal government information activities involving personal information.
 * Agencies shall consider the effects of their actions on the privacy rights of individuals and ensure that appropriate legal and technical safeguards are implemented.
 * Agencies have a responsibility to provide information to the public
 * Agencies shall limit the collection of information that identifies individuals to that which is legally authorized and necessary for the proper performance of agency functions.
 * Agencies shall provide individuals, upon request, access to records about them maintained in Privacy Act systems of records, and permit them to amend such records as are in error consistent with the provisions of the Privacy Act.

In addition, Appendix I to OMB Circular No. A-130 describes agency responsibilities relating to the Privacy Act, as amended by the Computer Matching and Privacy Protection Act of 1988, for maintaining records about individuals. In this regard, Appendix 1 requires the head of the agency to review the following:
 * every 2 years, a random sample of agency contracts that provide for the maintenance of a system of records to ensure the contract makes the Privacy Act provision binding on the contractor and his or her employees;
 * every 4 years, the routine use disclosures associated with each system of records to ensure the recipient’s use of such records are compatible with the purpose for which the disclosing agency collected the information; and
 * biennially, agency training practices in order to ensure that agency personnel are familiar with the act and the agency’s implementing regulation.

In addition, Appendix III to OMB Circular No. A-130 describes a minimum set of controls to be included in federal automated information security programs; assigns federal agency responsibilities for the security of automated information; and links agency automated information security programs and agency management control systems established in accordance with OMB Circular No. A-123.