You are on page 1of 12

EXECUTIVE OFFICE OF THE PRESIDENT

OFFICE OF MANAGEMENT AND BUDGET


WASHINGTON, D. C. 20503
THE DI RECTOR
May9,2013
M-13-13
MEMORANDUMFORTHEHEADS OFEXECUTIVEDEPARTMENTSANDAGENCIES
FROM: SylviaM. Burwell- b }1/
Director
StevenVanRoekel
FederalChiefInforma fficer
ToddPark /VL--
U.S. v - - (
DominicJ. Mancini
ActingAdministrator,0 rce andRegulatoryAffairs
SUBJECT: OpenDataPolicy-ManagingInformationasanAsset
Information is avaluablenational resourceandastrategicassettothe Federal Government, its
partners,and the public. In orderto ensurethattheFederalGovernmentis takingfull advantageofits
informationresources,executivedepa11ments and agencies(hereafterreferredtoas"agencies")must
manage inf01mationas an assetthroughoutits life cycletopromoteopennessand interoperability, and
properlysafeguardsystemsand information. Managinggovernmentinformationas an assetwill increase
operationalefficiencies,reducecosts, improveservices,supportmissionneeds,safeguardpersonal
information,and increasepublicaccesstovaluablegovernmentinformation.
Makinginformationresourcesaccessible, discoverable,and usablebythepubliccanhelpfuel
entrepreneurship,innovation,and scientificdiscovery- all ofwhich improveAmericans' livesand
contributesignificantlytojobcreation. Forexample,decadesago,theFederalGovernmentmadeboth
weatherdataandtheGlobal PositioningSystem(GPS)freely availableto anyone. Sincethen, American
entrepreneursand innovatorshaveusedtheseresourcestocreatenavigationsystems,weathernewscasts
and warningsystems, location-basedapplications,precision farmingtools,andmuchmore.
Pursuantto ExecutiveOrderofMay9,2013,Making Open and Machine Readable the New
Default for Government Information, thisMemorandumestablishesaframeworkto helpinstitutionalize
theprinciplesofeffectiveinfonnation managementateachstageoftheinformation'slifecycleto
promoteinteroperabilityandopenness.Whetherornotparticularinformationcanbe madepublic,
agenciescanapplythisframeworktoall inf01mation resourcesto promoteefficiencyandproducevalue.
Specifically,thisMemorandum requiresagenciestocollectorcreateinformation in awaythat
supportsdownstream informationprocessingand disseminationactivities. Thisincludesusingmachine-
readableandopenformats,datastandards,andcommoncoreandextensiblemetadataforall new
informationcreationand collectioneff01ts. It also includesagenciesensuring informationstewardship
throughtheuseofopen licensesand reviewofinformation for privacy,confidentiality, security, orother
restrictionsto release. Additionally, it involvesagencies buildingormodernizinginformationsystems in
a waythatmaximizes interoperabilityand informationaccessibility, maintains internal and external data
asset inventories,enhances informationsafeguards,and clarifies informationmanagement
responsibilities.
TheFederalGovernmenthasalreadymadesignificantprogress in improvingits managementof
informationresourcesto increase interoperabilityandopenness. ThePresident'sMemorandumon
Transparency and Open Government
1
instructed agenciestotakespecificactionsto implementthe
principlesoftransparency,patticipation,and collaboration,andtheOfficeofManagementandBudget's
(OMB) Open Government Directive
2
required agenciesto expandaccessto information by makingit
availableonlinein openformats. OMB has alsodeveloped policiesto helpagencies incorporatesound
information practices, includingOMB CircularA-130
3
and OMBMemorandumM-06-02.
4
In addition,
theFederal GovernmentlaunchedData.gov,an onlineplatformdesigned to increaseaccesstoFederal
datasets. ThepublicationofthousandsofdataassetsthroughData.govhas enabled thedevelopmentof
numerous productsand servicesthatbenefitthepublic.
Tohelpbuild ontheseeff01ts,thePresidentissued aMemorandumonMay23,2012entitled
Building a 21st Century Digital Government
5
thatchargedtheFederalChieflnfonnationOfficer(CIO)
withdevelopingand implementingacomprehensivegovernment-widestrategyto deliverbetterdigital
servicesto theAmericanpeople. TheresultingDigital Government Strateg/ outlined an information-
centricapproachto transform howtheFederalGovernmentbuildsanddeliversdigital services,and
requiredOMBto developguidanceto increasethe interoperabilityand opennessofgovernment
information.
ThisMemorandum is designedto beconsistentwith existingrequirements in thePaperwork
Reduction Act,
7
the-GovernmentActof2002,
8
thePrivacyActof1974,
9
theFederal Information
SecurityManagementActof2002(FISMA),
10
theConfidentialInformationProtectionand Statistical
EfficiencyActof2002(CIPSEA),
11
theFreedomofInformation Act,
12
theInformationQualityAct,
13
the
1
President Barack Obama,MemorandumonTransparencyand Open Government(Jan. 21, 2009),available at
http://ww\V.\Vhitehouse.!wv/the press office/TransparencyandOpenGovernment.
2
OMB Memorandum M-10-06, Open Government Directive (Dec. 8,2009),available at
http://www.whitehouse.gov/sites/defaul t/files/omb/assets/memoranda 20I0/mI0-06.pdf
3
OMB CircularA- 130,available at http://www.whitehouse.gov/omb/Circul ars a130 a130trans4/
'OMBMemorandum M-06-02,Improving Public Access to and Dissemination ofGovernment Information and Using the Federal Ente1prise
Architecture Data Reference Model (Dec. 16,2005),m1ailable at http://www.whitelJOuse.gov/sit es/defaul t/fi les/omb/memorandalfy2006/m06-
02.pdf
3
President Barack Obama,Memorandum on Buildinga21st Century Digital Government (May23, 2012), available at
http://www.whitehouse.gov/sites/defaul t/lil es/upl oads/2012digital mem rei.pdf
6
OfficeofManagementand Budget,Digital Government: Building a 21
51
Centlll)' Platform to Beller Serve the American People (May23,2012),
available at htt p: // \VW\V. whitehouse. gov/sites/defaul t/fil es/omb/egov/digi tal -government/elig. ital-government-strategv.pdf
7
44 U.S.C. 350Iet seq.
8
Pub. L. No. 107-347, 116 Stat. 2899(2002)(codifiedas 44 U.S.C. 350lnote).
9
5U.S.C. 552a.
10
44 U.S.C. 3541,et seq.
11
Secti on503(a), Pub.L. No. I07-347, 116 Stat. 2899 (2002)(codifi edas44 U.S.C. 350Inote); see also Impl ementation Guidance for Title Y
oftheE-GovernmentAct,Confidential Information Protectionand Stati sti calEfficiency Act of2002(CIPSEA),available at
http://www.whitehouse.gov/si tes/default/fil cs/omb/assets/omb/fedreg/2007/061507 cipsea guidance.pdf
12
5USC 552(a)(2).
2
Federal RecordsAct,
14
and existing OMB and OfficeofScienceandTechnologyPolicy(OSTP)
guidance.
Ifagencieshaveanyquestions regardingthi sMemorandum,pl easedirectthemto OMBat
datause@omb.eop.gov.
Attachment
13
Pub.L. No. 106-554 (2000) (codifi edat44 U.S.C. 3504(d)(l)and 35 16).See also OMBMemorandum M- 12- 18,Managing Government
Records Directive (Aug.24,2012), available at http://www.whitehouse.!!ov/sitcs/defaul t!fi les/omb/memoranda/2012/m- 12-18.pdf.
~ 44 U.S.C. Chapters21,22,29,31,and 33.See also 36CFRSubchapterB - Records Management.
3
Attachment
Thisattachmentprovidesdefinitionsand implementationguidanceforM-13-13,OpenData
Policy-ManagingInformationasanAsset.
I. Definitions:
Data: Forthe purposesofthis Memorandum,theterm"data" refers to all structured information, unless
otherwisenoted.
15
Dataset: ForthepurposesofthisMemorandum,thetenn"dataset"refers to acollectionofdata
presented in tabularor non-tabularform.
FairInformationPracticePrinciples: Theterm" FairInformation PracticePrinciples"referstothe
eightwidelyaccepted principlesfor identifyingand mitigatingprivacyimpacts in informationsystems,
programsand processes,delineated in theNational StrategyforTrusted Identities in Cyberspace.
16
Governmentinformation: As defined in OMBCircularA-130,"governmentinformation"means
informationcreated,collected, processed,disseminated,ordisposed of, byorforthe FederalGovernment.
Information: As defined in OMBCircularA-130,theterm " information" meansanycommunicationor
representation ofknowledgesuchas facts,data, oropinionsin any medium orfmm, includingtextual ,
numerical, graphic, cartographic, narrative,oraudiovisual forms.
Informationlifecycle: Asdefined in OMBCircularA-130,theterm" information lifecycle"meansthe
stagesthrough which information passes,typicallycharacterizedas creationorcollection, processing,
dissemination, use,storage, and disposition.
Personallyidentifiableinformation: As defined in OMBMemorandumM-10-23,
17
"personally
identifiable information" (PIT) refersto informationthatcan be used to distinguishortracean individual 's
identity, eitheraloneorwhen combinedwithotherpersonal oridentifying informationthatis linkedor
linkableto a specificindividual. ThedefinitionofPII is notanchoredto anysinglecategoryof
information ortechnology. Rather, it requires acase-by-caseassessmentofthespecificriskthatan
individual can be identified. In performingthisassessment, it is importantforan agencytorecognizethat
non-PIT can becomePII wheneveradditional information is madepubliclyavailable(in anymediumand
from anysource)that,when combinedwithotheravailable information,could be usedto identifyan
individual.
Mosaiceffect: Themosaiceffectoccurswhen the information in an individual dataset, in isolation, may
notposeariskofidentifyingan individual (orthreateningsomeotherimpmtantinterestsuchas security),
butwhencombinedwith otheravailable information,could posesuchrisk. Beforedisclosingpotential
PIT orotherpotentiallysensitive information,agenciesmustconsiderotherpubliclyavailabledata- in
15
Structuredinformation istobe contrastedwith unstructuredinformation (commonly referred to as "content")such as press releases and fact
sheets. As described in theDigitalGovernmentStrategy,content maybe converted toastructuredformatand treatedas data. Forexample, a
web-based fact sheetmaybe brokenintothe followingcomponentdata pieces: thetitle, bodytext,images, and relatedlinks.
16
The White House,NationalStrategyfor TrustedIdentities in Cyberspace (April 20II),availableat
htt p://www.whitehouse.gov/sites/default/ tiles/rss viewer/NSTICstrategv 0415ll.pdf
17
OMB Memorandum M-10-23,GuidanceforAgencyUse of Third-Party WebsitesandApplications(June 25, 20I0) ,availableat
http://www.whitehousc.gov/sites/default/ files/omb/assets/memoranda 20I0/ml0-23.pdf
4
any medium and from anysource- to determinewhethersomecombinationofexistingdataandthedata
intendedto be'publiclyreleasedcouldallowforthe identificationofan individual orposeanothersecurity
concern.
Open data: ForthepurposesofthisMemorandum,theterm "open data" referstopublicly availabledata
structured in a waythatenablesthedatato befully discoverableand usable byend users. In general,
opendatawill beconsistentwiththefollowing principles:
Public. Consistentwith OMB'sOpen Government Directive, agencies mustadopta presumption in
favorofopennessto theextentpennitted by lawand subjectto privacy,confidentiality,security,or
othervalid restrictions.
Accessible. Opendataaremadeavailable in convenient, modifiable,and openfonnats thatcan be
retrieved,downloaded,indexed,and searched. Formatsshould bemachine-readable(i .e.,dataare
reasonablystructuredto allowautomated processing). Opendatastructuresdo notdiscriminate
againstanyperson orgroupofpersonsand should bemadeavailabletothewidestrangeofusersfor
thewidest rangeofpurposes,often byprovidingthedata in multipleformatsforconsumption. Tothe
extentpermitted by law, theseformats should be non-proprietary, publiclyavailable, and no
restrictions should be placed upontheiruse.
Described. Opendataaredescribed fully sothatconsumersofthedatahavesufficientinformation to
understandtheirstrengths,weaknesses,analytical limitations, securityrequirements,aswell as how
to process them. This involvestheuseofrobust,granularmetadata(i.e., fields orelementsthat
describedata),thorough documentationofdataelements,datadictionaries,and, ifapplicable,
additional descriptionsofthe purposeofthecollection,thepopulationofinterest,thecharacteristics
ofthesample,and the method ofdatacollection.
Reusable. Opendataare madeavailableunderan open licensethatplacesno restrictionson theiruse.
Complete. Opendataare published in primaryforms (i.e., as collectedatthesource),withthefinest
possible level ofgranularitythatis practicableandpermitted by lawand otherrequirements. Derived
oraggregateopendatashould alsobe published butmustreferencetheprimarydata.
Timely. Opendataare madeavailableasquicklyas necessarytopreservethevalueofthedata.
Frequencyofreleaseshould accountfor key audiencesanddownstream needs.
Managed Post-Release. A pointofcontactmustbedesignatedto assistwithdatauseand to respond
to complaintsaboutadherencetotheseopen datarequirements.
Project Open Data: "ProjectOpenData,"a newOMBand OSTPresource, is an onlinerepository of
tools, bestpractices,and schemato help agenciesadopttheframeworkpresented in this guidance.
ProjectOpenDatacan beaccessed athttp://project-open-data.github.io.
18
ProjectOpenDatawill evolve
overtimeas acommunityresourcetofacilitateadoptionofopen datapractices. Therepository includes
definitions,code,checklists,casestudies, and more,and enablescollaborationacrosstheFederal
Government, in partnershipwith publicdevelopers,as applicable. Agenciescan visitProjectOpenData
foramorecomprehensiveglossaryoftermsrelatedto open data.
18
Linkstothebest practi ces developedin Proj ectOpen Data referenced in thi smemorandum can befound through thedirectoryon thi smain
page.
5
II. Scope:
Therequirements in pat1 III, sections 1and 2 ofthisMemorandumapplyto all new information
collection,creation,and systemdevelopmenteff011s as well as majormodernization projectsthat update
orre-design existinginformationsystems. National SecuritySystems,as defined in 40 U.S. C. 11103,are
exemptfrom therequirementsofthis policy. Therequirements in pa11 III,section3 applyto management
ofall datasets used in an agency's informationsystems. Agenciesarealso encouragedto improvethe
discoverabilityand usabilityofexistingdatasets bymakingthem"open" usingthemethodsoutlined in
this Memorandum, prioritizingthosethathavealreadybeen released to the publicorotherwisedeemed
high-valueorhigh-demandthroughengagementwith customers(seepartIII,section3.c). Agencies
shouldexercisejudgmentbeforepubliclydistributingdata residingin an existingsystem by weighingthe
valueofopennessagainstthecostofmakingthosedatapublic.
Ill. PolicyRequirements:
Agencies managementofinformation resourcesmustbeginattheearlieststagesofthe planningprocess,
well before information is collectedorcreated. Earlystrategic planningwill allowtheFederal
Governmenttodesign systemsand developprocessesthatunlockthefull valueofthe information,and
provideafoundation from which agenciescan continueto manage informationthroughout its life cycle.
Agenciesshall takethefollowingactionsto improvethemanagementofinformation resources
throughoutthe information' s I ifecycleand reinforcethegovernment ' spresumption in favor ofopenness:
1. Collectorcreateinformationinawaythatsupportsdownstreaminformationprocessingand
disseminationactivities- ConsistentwithOMBCircularA-130,agenciesmustconsider,ateach stageof
the information lifecycle,theeffectsofdecisionsand actionsonotherstagesofthelifecycle.
Accordingly,totheextentpermitted by law,agenciesmustdesignnewinformationcollectionand
creationeff011s sothatthe information collectedorcreatedsupportsdownstream interoperabilitybetween
informationsystemsand dissemination ofinformationtothepublic, as appropriate,withouttheneed for
costlyretrofitting. Thisincludesconsiderationandconsultationofkeytargetaudiencesforthe
information when determiningformat,frequency ofupdate,and otherinformationmanagementdecisions.
Specifically,agenciesmust incorporatethefollowingrequirements into future information collectionand
creationefforts:
a. Usemachine-readableandopenformats
19
- Agenciesmustusemachine-readableand open
formats for information as it is collectedorcreated. While informationshouldbecollected
electronically by default, machine-readableand openformats mustbe used in conjunction
with both electronicand telephoneorpaper-based information collectioneffot1s.
Additionally, in consultationwiththebestpracticesfound in ProjectOpenDataand tothe
extentpermitted by law, agenciesshould prioritizetheuseofopenformats thatarenon-
publiclyavailable,and thatplaceno restrictionsupontheiruse.
19
Therequirementsofthi ssubsecti onbuild uponexistingrequirementsin OMBStati sti calPoli cy DirectivesNo. I and No.2,available at
http://www.whi tchousc.gov/sit cs/dcfault/l'il es/omb/assets/omb/inforeg/dirccti ve1.!2ill"and
http://\VIVW.whitchouse.gov/sitcs/dcfault/ lllcs/omb/assets/omb/inforeg/directive2. pdf.
6
b. Usedatastandards- Consistentwith existingpoliciesrelatingtoFederalagencies' use of
standards
20
for informationas it is collectedorcreated,agencies mustusestandards in order
to promotedata interoperabilityand openness.
c. Ensureinformationstewardshipthroughtheuseofopenlicenses- Agenciesmustapply
open licenses, in consultationwiththebestpracticesfound in ProjectOpenData,to
informationas it is collectedorcreatedsothat ifdataaremadepublicthereareno restrictions
on copying, publishing,distributing,transmitting,adapting, orotherwiseusingthe
informationfor non-commercialorfor commercialpurposes ?
1
When information is acquired
oraccessed by an agencythrough performanceofacontract,appropriateexistingclauses
22
shall beutilizedto meettheseobjectiveswhilerecognizingthatcontractorsmayhave
proprietaryinterests in such information,andthatprotectionofsuch information maybe
necessatyto encouragequalifiedcontractorsto participatein and apply innovativeconcepts
togovernmentprograms.
d. Usecommoncoreandextensiblemetadata- Agenciesmustdescribeinformation using
commoncoremetadata, in consultation withthebestpracticesfound in ProjectOpenData,as
it is collectedandcreated. Metadatashouldalso include information aboutorigin, linked
data,geographiclocation,timeseriescontinuations,dataquality,and otherrelevant indices
thatrevealrelationshipsbetweendatasetsandallowthepublicto determine thefitness ofthe
datasource. Agencies may expanduponthebasiccommonmetadatabasedonstandards,
specifications, orformats developedwithin differentcommunities(e.g.,financial, health,
geospatial , lawenforcement). Groupsthatdevelopand promulgatethesemetadata
specificationsmustreviewthemforcompliancewiththecommoncoremetadatastandard,
specifications,andformats.
2. Buildinformationsystemstosupportinteroperabilityandinformationaccessibility- Through
theiracquisitionand technology managementprocesses,agenciesmustbuildormodernize
informationsystems in a waythatmaximizes interoperabilityand information accessibility, tothe
extent practicableand permitted by law. Tothisend, agenciesshould leverageexistingFederal IT
guidance, suchastheCommon Approach to Federal Enterprise Architecture,
23
whendesigning
informationsystems. Agenciesmustexerciseforethoughtwhenarchitecting,building,or
substantiallymodifying an informationsystemto facilitate publicdistribution,whereappropriate. In
addition,theagency'sCIOmustvalidatethatthefollowingminimumrequirements havebeen
incorporated intoacquisition planningdocumentsandtechnical design for all newinformation
systemsandthose preparingfor modernization,as appropriate:
a. Thesystemdes ign mustbe scalable,fl exible,andfacilitate extractionofdata in multiple
formats and for a rangeofusesas internal andexternal needschange, including potential uses
notaccountedfor in theoriginal des ign. In general,thiswill involvethe useofstandardsand
specifications in thesystem des ignthatpromoteindustrybestpracticesfor information
10
See OMB CircularA-119,available at http://www.whitehouse.gov/omb/circulars a119,and OMB Memorandum M- 12-08, Principles for
Federal Engagement in Standards Activities to Address National Priorities (Jan 27,2012),available at
http://www.whitehouse.gov/sites/default/files/omb/memoranda/2012/m-12-08.pdf
11
lfadatauseraugmentsoralters or iginalinformati onthat is attributed to the FederalGovernment,theuser isresponsible for makingclearthe
source and nature ofthat augment ati on.
12
See FederalAcqui siti on Regulation (FAR)Subpart27.4-Rightsin Data and Copyrights,available at
https:l/acgui siti on.gov/far/currentlhtmi /Subpa11%2027 4. html
23
OfficeofManagement and Budget,Common ApproachtoFederal EnterpriseArchitecture,available at
http:/ /www.whi tehouse.gov/sites/defaultlfiles/om b/assets/egov_docs/common_approach_to_federal _ea. pdf
7
sharing,and separationofdatafrom theapplication layerto maximizedatareuse
opportunitiesand incorporationoffutureapplication ortechnologycapabilities, in
consultationwiththebestpracticesfound in ProjectOpenData;
b. All dataoutputsassociatedwiththesystem mustmeettherequirements described in partIII,
sections l.a-eofthisMemorandumand beaccounted for in thedatainventorydescribed in
partIII section3.a; and
c. Dataschemaand dictionaries havebeen documentedand shared with internal pmtnersand
thepublic, as applicable.
3. Strengthendatamanagementand releasepractices- Toensurethatagencydataassetsare managed
and maintainedthroughouttheir life cycle, agenciesmustadopteffectivedataassetp01tfolio management
approaches. Within six(6) monthsofthedateofthisMemorandum,agenciesand interagencygroups
mustreviewand, whereappropriate, reviseexistingpoliciesand proceduresto strengthentheirdata
managementand releasepracticestoensureconsistencywiththerequirements in thisMemorandum,and
takethefollowingactions:
a. Createandmaintainanenterprisedatainventory- Agenciesmustupdatetheirinventory
ofagency information resources(as requiredbyOMB CircularA-130)
24
to includean
enterprisedata inventory, ifit does notalreadyexist,thataccountsfordatasetsused inthe
agency's informationsystems. Theinventorywill be builtoutovertime,withthe ultimate
goal ofincludingall agencydatasets,to theextentpracticable. Theinventorywill indicate, as
appropriate, iftheagencyhas determinedthatthe individual datasets maybe madepublicly
available(i.e., release is permitted by law,subjecttoall privacy, confidentiality, security,and
othervalid requirements)and whethertheyarecurrentlyavailabletothepublic. TheSenior
AgencyOfficialfor Records Managementshouldbeconsultedon integrationwiththerecords
managementprocess. Agenciesshould usetheDataReferenceModelfrom theFederal
EnterpriseArchitecture
25
to helpcreateand maintaintheir inventory. Agenciesmustdescribe
datasetswithin the inventoryusingthecommoncoreandextensiblemetadata(seepartIII,
section l.e).
b. Createandmaintaina publicdatalisting- Anydatasets in theagency'senterprisedata
inventorythatcan be madepubliclyavailablemustbe listedatwww.[agency].gov/datain a
human- and machine-readableformatthatenablesautomaticaggregation by Data.govand
otherservices(knownas" harvestablefiles"), totheextentpracticable. Thisshould include
datasetsthatcanbemadepubliclyavailable buthave notyetbeen released. Thispublicdata
listingshould also include,to theextentpermitted by lawand existingtermsandconditions,
datasetsthatwereproducedthrough agency-funded grants,contracts,and cooperative
agreements(excludinganydatasubmitted primarilyforthepurposeofcontractmonitoring
and administration),and,wherefeasible,beaccompanied bystandardcitation information,
preferably in theform ofapersistentidentifier. Thepublicdata listingwill be builtoutover
time,with theultimategoal ofincludingall agencydatasetsthatcan be madepublicly
available. SeeProjectOpenDataforbestpractices,tools, and schemato implementthe
publicdata listingand harvestablefiles.
"See OMBCircularA-130,section 8(b)(2)(a).
25
OfficeofManagementand Budget,Federal Enterprise Architecture(FEA) Reference Model s,available at http://www.whitehouse.gov/omb/e-
gov/ fea
8
c. Createa processtoengagewithcustomersto helpfacilitateand prioritizedatarelease-
Agencies mustcreateaprocessto engagewith customers,through their
www.[agency].gov/datapages and othernecessarymeans,to solicithelp in prioritizingthe
releaseofdatasetsand determiningthe mostusableand appropriateformats for release?
6
Agenciesshould makedataavailable in multipleformats accordingtotheircustomerneeds.
Forexample, high-volumedatasetsofinterestto developersshould bereleased usingbulk
downloadsas well asApplication ProgrammingInterfaces(APis). In addition, customer
engagementeff01ts should helpagenciesprioritizeeffortsto improvethediscoverabilityand
usabilityofdatasetsthathavealreadybeen released tothe publicbutare notyetfully"open"
(e.g. ,theyareonlyavailable in closed, inaccessibleformats). SeeProjectOpenDataforbest
practicesand toolsthatcanbe used to implementcustomerengagementefforts.
d. Clarify rolesand responsibilitiesfor promotingefficientandeffectivedatarelease
practices- Agencies mustensurethatroles and responsibilitiesareclearlydesignatedforthe
promotionofefficientand effectivedatarelease practicesacrosstheagency, and thatproper
authoritieshave been grantedto executeon related responsibilities, including:
1. Communicatingthestrategicvalueofopen datato internal stakeholdersand the
public;
11. Ensuringthatdatareleasedto the publicareopen(asdefined in partI),as
appropriate,anda pointofcontactis designatedto assistopendatause and to
respond to complaintsaboutadherenceto opendatarequirements;
111. Engagingentrepreneurs and innovators in theprivateand nonprofitsectorsto
encourageand facilitatethe use ofagencydatato build applicationsand services;
IV. Workingwith agencycomponentstoscalebestpracticesfrom bureausand offices
thatexcel in open datapracticesacrosstheenterprise;
v. Workingwiththeagency' sSeniorAgencyOfficialforPrivacy(SAOP)orother
relevantofficialstoensurethatprivacyandconfidentialityarefully protected;and
v1. WorkingwiththeChieflnformationSecurityOfficer(CISO)andmissionownersto
assessoverall organizational risk,based onthe impactofreleasingpotentially
sensitivedata,and makearisk-based determination.
4. Strengthenmeasurestoensurethatprivacyandconfidentialityarefully protectedand thatdata
are properlysecured- Agencies must incorporateprivacyanalyses intoeach stageofthe information' s
lifecycle. In particular,agencies mustreviewthe information collectedorcreated forvalid restrictionsto
releaseto determinewhether it can be madepubliclyavailable,consistentwiththe Open Government
Directive's presumption in favorofopenness,and totheextentpermitted by lawand subjectto privacy,
confidentialitypledge,security,tradesecret,contractual ,orothervalid restrictionsto release. Ifthe
agencydeterminesthatinformationshould notbe madepubliclyavailableononeofthesegrounds,the
agencymustdocumentthisdetermination in consultation with its OfficeofGeneral Counselor
equivalent.
As agenciesconsiderwhetherornotinformation may bedisclosed,theymustalsoaccountforthe
"mosaiceffect" ofdataaggregation. Agenciesshould notethatthemosaiceffectdemandsa risk-based
26
OMBStati sti cal Poli cy Directives3and 4describethescheduleand manner in whichdata producedbytheprincipal stati sti cal agenci es will be
released.Stati sti cal Poli cy DirectiveNo. 4:Release and Di sseminati onofStati sti cal ProductsProducedbyFederal Stati sti calAgencies, available
at http://www.whitehouse.gov/sites/defaul t/fil es/omb/assets/omb/fedreg/2008/030708 directive-4.pdf; Stati sti cal PolicyDirective3:
Compilation,Release,and EvaluationofPrincipal FederalEconomi cIndi cators,available at
http://www.whitehouse.gov/sites/default!files/omb/assets/omblinforeg/statpoli cy/dir 3 fr 09251985. pdf
9
analysis, often utilizingstatistical methodswhose parameterscan changeovertime,dependingon the
natureofthe information,theavailabilityofotherinformation,and thetechnology in placethatcould
facilitatethe process ofidentification. Because ofthecop1plexity ofthi sanalysis and thescopeofdata
involved,agenciesmaychooseto takeadvantage ofentities in the ExecutiveBranchthat may have
relevant expe1tise,includingthe staffofData.gov. Ultimately,it is the responsibilityofeach agencyto
perform the necessaryanalysisand complywith all applicable laws,regulations,and policies. In some
cases, this assessment mayaffecttheamount,type,form,and detail ofdata releasedbyagencies.
As OMB has noted,"Theindividual's rightto privacymust beprotected in Federal Government
informationactivities involvingpersonal information."
27
As agenciesconsidersecurity-related
restrictionsto release, they should focus on information confidentiality, integrity,and availabilityas part
oftheagency'soverall risk managementframework. Theyare required to incorporatetheNational
InstituteofStandardsandTechnology(NIST)Federal Information ProcessingStandard (FIPS)
Publication 199"Standardsfor SecurityCategorizationofFederal Information and Information Systems,"
which includes guidanceand definitionsfor confidentiality,integrity,and availability.
28
Agencies should
also consultwith the Controll edUnclassified Information (CUI) program to ensurecompliancewith CUI
requirements,
29
theNational Strategyfor Information Sharingand Safeguarding/
0
and the bestpractices
found in ProjectOpenData. In additionto complyingwith the PrivacyActof1974,the-Government
Actof2002,FISMA, and CIPSEA, agencies should implementinformation policiesbased upon Fair
Information PracticePrincipl es and NISTguidanceon Securityand PrivacyControlsfor Federal
Information Systemsand Organizations.
31
Forexampl e, agenciesmust:
a. Collectorcreateonlythatinformation necessary for the properperformanceofagency
functions and which has practical utility;
32
b. Limitthecollectionorcreationofinformationwhich identifiesindividualsto thatwhich is
legallyauthorized and necessaryfor the properperformanceofagencyfunctions;
33
c. Limitthesharingofinf01mation thatidentifi es individualsorcontains proprietary
informationto thatwhich is legallyauthorized,and imposeappropriateconditionson use
whereacontinuingobligation to ensurethe confidentialityoftheinformationexists;
34
d. Ensurethatinformation isprotectedcommensuratewith the ri sk and magnitudeofthe harm
thatwould resultfrom the loss,mi suse, or unauthorized accessto ormodificationofsuch
information;
35
and
e. Takeintoaccountotherpubliclyavailable informationwhen determiningwhetherparticular
information should be consideredPII (as defined in pmtIofthis Memorandum).
27
See OMB CircularA-130,availableathttp://www.whitehouse.gov/omb/Circulars al30 a130trans4/
28
NIST FIPSPublication 199"Standardsfor Securi tyCategorizati onofFederalInformationand Information Systems",availableat
http://csrc.ni st.gov/publi cati ons/fips/fips199/FfPS-PUB-199-final.pdf
29
Executi ve Order I3556,Controll ed UnclassifiedInformation,availableathttp://www.whitehouse.gov/the-press-office/20I0/II/04/executive-
order- 13556-controlled-unclassilied-informat ion.
30
TheWhite House,NationalStrategyforInformation SharingandSafeguarding (December20II), availableathttp://www.whitehouse.gov/the-
press-office/2012/12/19/nati onal-strategy- informati on-sharing-and-safeguarding
31
See NIST Special Publication 800-53 "Securityand PrivacyCont rolsfor FederalInformationSystemsand Organi zations", availableat
hltp:l/csrc. nist.gov/pubI icat ions/draft s/800-53-rev4/sp800-53-rev4-ipd. pdf
32
See OMB CircularA-130,section 8(a)(2).
33
See OMB CircularA-130,section 8(a)(9)(b).
3
' See OMB CircularA-130, secti on8(a)(9)(c).
35
See OMB Circul arA-130,secti on8(a)(9)(a).
10
5. Incorporatenewinteroperabilityandopennessrequirementsintocoreagencyprocesses-
Consistentwith44U.S.C. 3506(b)(2), agenciesmustdevelopand maintain an Information Resource
Management(IRM)StrategicPlan. IRMStrategicPlansshouldalign withtheagency'sStrategicPlan(as
required byOMBCircularA-ll),
36
supporttheattainmentofagencyprioritygoalsas mandated by the
GovernmentPerformanceand ResultsModernizationActof2010,
37
provideadescription ofhowIRM
activities helpaccomplish agency missions, and ensurethatIRMdecisionsare integratedwith
organizational planning,budget, procurement,financial management,human resources management,and
program decisions. As partofthe annual PortfolioStatprocess,
38
agenciesmustupdatetheirIRM
StrategicPlansto describehowtheyare meetingnewand existing information lifecyclemanagement
requirements. Specifically,agenciesmustdescribehowthey have institutionalizedand operationalized
the interoperabilityand opennessrequirements in thisMemorandum intotheircoreprocessesacrossall
applicableagencyprogramsand stakeholders.
IV. Implementation:
Asagenciestakestepsto meettherequirements in thisMemorandum, it is importanttoworkstrategically
and prioritizethoseelementsthatcanbeaddressed immediately,supp011 mission-critical objectives,and
result in moreefficientuseoftaxpayerdollars.
Agenciesshouldconsiderthefollowingas they implementtherequirementsofthis Memorandum:
1. RolesandResponsibilities- TheClinger-CohenActof1996assignsagencyCIOsstatutory
responsibilityfor promotingtheeffectiveand efficientdesign and operationofall majorIRMprocesses
within theiragency. Accordingly,agencyheadsmustensurethatCIOsarepositioned withthe
responsibilityand authorityto implementthe requirementsofthisMemorandum in coordinationwiththe
agency'sChiefAcquisitionOfficer,ChiefFinancial Officer, ChiefTechnologyOfficer,SeniorAgency
Official for Geospatial Information, SeniorAgencyOfficialfor Privacy(SAOP),Chieflnformation
SecurityOfficer(CISO), SeniorAgencyOfficialfor RecordsManagement,and ChiefFreedomof
InformationAct(FOIA)Officer. TheCIOshouldalso workwiththeagency'spublicaffairsstaff,open
governmentstaff, webmanagerordigital strategist, programownersand otherleadership,as applicable.
A keycomponentofagencies ' managementofinformation resources involvesworkingcloselywith the
agency'sSAOPand otherrelevantofficialsto ensurethateachstageofthe planningprocessincludesa
full analysisofprivacy,confidentiality,and securityissues. Agencyheads mustalsoensurethatprivacy
and securityofficialsarepositionedwiththeauthorityto identify informationthatmayrequireadditional
protectionand agencyactivitiesthatmayrequireadditional safeguards. Consistentwith OMB
Memorandum M-05-08,
39
eachagency' s SAOPmusttakeon acentral planningand policy-makingrole in
all agency information managementactivities, beginningattheearlieststagesofplanningand continuing
throughoutthe life cycleofthe information. In addition, ifan agency'sSAOP is not positioned withinthe
officeoftheCIO,theagencyshoulddesignate an officialwithintheofficeoftheCIOto serve asa liaison
to helpcoordinatewith the agency'sprivacyoffice.
36
OMB Circul arA-ll ,availableathttp: //www.whitehouse.gov/omb/circulars aII current year aII toe
37
Pub.L. No. 111-352 (2011)(codified as 31USC 11 20 note).
38
In March20 12OMB establi shedPortfolioStat accountabilitysessions,engagingdirectlywith agencyleadership toassess the maturityand
effect iveness ofcurrent ITmanagement practi ces and address management opportuniti es and challenges. For FY13OMB PortfolioStatguidance.
seeOMB Memorandum M-13-09,Fiscal Year2013 PorifolioStatGuidance:Strengthening FederaliT PorifolioManagement (Mar. 27,2013),
availableathttp://www.whitehouse.gov/sites/defaul t/fil es/omb/memoranda/?013/m-13-09.pdf.
39
OMB Memorandum M-05-08, Designation ofSeniorAgencyOfficialsforPrivacy(Feb. II,2005),availableat
htt p:1lm. 1vhi teh ouse.govIsites/default/fiIes/omb/assets/ombit11emoranda/fv2005/m05 -08.pdf
11
2. Government-wideCoordination- The Federal CIO will work with the United States Chief Technology
Officer (CTO) and the Administrator of the OMB Office of Information and Regulatory Affairs (OIRA)
to help improve the interoperability and openness of government information. To this end, the Federal
CIO will work to establish an interagency working group supp01ted by the Federal CIO Council. The
working group should focus on leveraging government-wide communities of practice to help with the
development of tools that support information interoperability and openness through repositories such as
Project Open Data. Part of this work should be to share best practices related to interoperability and
openness within government (e.g. , Federal , state, local , and tribal). These collaborations shall be subject
to statutory limitations and conducted in a way that fully protects privacy, confidentiality, confidential
business information, and intellectual property rights.
3. Resources- Policy implementation may require upfront investments depending on the maturity of
existing information life cycle management processes at individual agencies. Agencies are encouraged to
evaluate current processes and identify implementation opportunities that may result in more efficient use
of taxpayer dollars. However, effective implementation should result in downstream cost savings for the
enterprise through increased interoperability and accessibility of the agency's information resources.
Therefore, these potentialupfront investments should be considered in the context of their future benefits
and be funded appropriately through the agency' s capital planning and budget processes. Some of the
requirements in this Memorandum may require additional tools and resources. Agencies should make
progress commensurate with available tools and resources.
In addition, tools, best practices, and schema to help agencies implement the requirements of this
Memorandum can be found through the Digital Services Innovation Center and in Project Open Data.
4. AccountabilityMechanisms- Progress on agency implementation of the actions required in this
Memorandum will be primarily assessed by OMB and the public through analysis of the agency' s updates
to IRM plans (part III, section 5), the completeness of the enterprise data inventory (part III, section 3.a),
and the data made available in the agency's public data listing (part III, section 3.b).
Nothing in this Memorandum shall be construed to affect existing requirements for review and clearance
of pre-decisional information by OMB relating to legislative, budgetary, administrative, and regulatory
materials. Moreover, nothing in this Memorandum shall be construed to reduce the protection of
information whose release would threaten national security, invade personal privacy, breach
confidentiality or contractual terms, violate the Trade Secrets Act,
40
violate other statut01y confidentiality
requirements,
41
or damage other compelling interests. This Memorandum is not intended to, and does
not, create any right or benefit, substantive or procedural , enforceable at law or in equity by any party
against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any
other person.
40
18 usc 1905.
41
See 13 U. S.C. 8, 9 and 301(g) and 22 U.S.C. 3104.
12

You might also like