Background and Definitions
In the 21st century, information has become an increasingly vital element of organizational and personal success. Despite its importance, most organizations are unaware of increasing federal mandates on controlling information and are at risk because they lack clearly prescribed information requirements, periods of collection or collection devices. Information management, also known as knowledge management, spans the spectrum of technical and administrative disciplines of information technology and business management.
Unfortunately, current focus on cybersecurity and information assurance misses one key factor — collection approval. Starting in 1933 by Executive Order 6226 and later codified in the Federal Reports Act, which became the Paperwork Reduction Act in 1980, the federal government established information collection management to eliminate duplicative, unwarranted and unlawful collections — in addition to minimizing manpower and material costs.
World War I, the New Deal and World War II produced an unprecedented need for information from the private sector. The ensuing information requirements placed a huge burden both on the public sector and the federal government. The same holds true today, adherence to record keeping and disclosure requirements comes at the cost of overall productivity. To understand what information collection management encompasses, a few definitions, according to 5 CFR 1320.3, Controlling Paperwork Burdens on the Public, are provided below.
Information: Any statement or estimate of fact or opinion, regardless of form or format.
Collection of information: Obtaining, causing to be obtained, soliciting or requiring the disclosure to an agency, third parties or the public of information by or for an agency by means of identical questions posed to, or identical reporting, recordkeeping, or disclosure requirements imposed on, ten or more persons, whether such collection of information is mandatory, voluntary, or required to obtain or retain a benefit. “Ten or more persons” refers to the persons to whom a collection of information is addressed by the agency within any 12-month period.
Recordkeeping: A requirement imposed by or for an agency on persons to maintain specified records.
Burden: The total time, effort, or financial resources expended by persons to generate, maintain, retain, or disclose or provide information to or for a Federal agency.
Conduct or Sponsor: A Federal agency is considered to “conduct or sponsor” a collection of information if the agency collects the information, causes another agency to collect the information, contracts or enters into a cooperative agreement with a person to collect the information, or requires a person to provide information to another person, or in similar ways causes another agency, contractor, partner in a cooperative agreement, or person to obtain, solicit or require the disclosure to third parties or the public of information by or for an agency.
Collection requirements can come from laws, directives, standard operating procedures, memorandums, emails, phone calls and in-person requests. Common collection devices are, but are not limited to, surveys, questionnaires, webpages, IT systems, forms, reports, emails, phone calls, messages, in-person requests, selection boards, working groups and committees. Collections are conducted through both formal and informal processes, whether in person or electronically.
Information collection management is focused on elemental data collection and not the methods of collection. It is the mandate of information management control officers (IMCO) to provide impartial review, ensure proper coordination, maintain an information collection budget (ICB) and act as the official case file record keeper. To keep the programs (e.g., Office of Management and Budget, Department of Defense, Department of the Navy) from being too burdensome, policy declares certain items as either “non-information” or “exempt.” Subject matter expert review is required in making these determinations.
Information collections are prescribed, coming from higher authority, or adopted, coming from similar or lower authority. Information requirements start at the office level and extend to the executive, congressional and judicial branches of government. Once an information requirement extends beyond a single office, it requires subject matter expert review and if pertinent, IMCO approval at the appropriate level.
There are a variety of factors affecting program recognition and participation. Government downsizing and realignments starting in the 1990s and continuing into the next two decades have led to a majority of organizations eliminating form management officer (FMO) and IMCO positions, effectively ending the programs. It is important to note that commonly FMOs and IMCOs are a combined position and that historically FMOs have been considered subject matter experts in stocking and distributing physical media. Requirements for stock items have declined since the 1990s; in turn, so to have the assessed needs for FMOs. Additionally, the Office of Management and Budget in June 1995 eliminated the interagency requirement from the 5 CRF 1320.
In turn, the General Services Administration in January 2005 eliminated its interagency requirement as well. The actions of the OMB and the GSA were done in part to remove hindrances to burgeoning information technologies, with an expectation that these technologies would relieve the inherit burden of work done primarily using physical media.
Now 20 years later, it is clear that IT has far from reduced the paperwork burden. The ease of generating collection requests and devices has produced a deluge of new IT burden. Furthermore, limited IT resources and lagging policy updates have left the government in the lurch while the paperwork burden grows. This gap in resources and policy produces quasi-electronic workflows that require numerous conversions to and from paper. Beyond the changes from IT, continued loss of FMO and IMCO positions results in a lack of governance of collection devices. This lack of governance means that most organizations do not review collection devices before issuance, do not keep an index of collection devices issued or maintain case history files.
Both FMOs and IMCOs are important both as subject matter experts on standardized collections and as reviewers of privacy act statements, classification marking and supersession notices. Collection devices not reviewed by SMEs, FMOs and IMCOs represent inherent risks as sources of illegal public collections and privacy and security breaches as well as the risk of lost records.
Information requirements reviewed by IMCOs are commonly described as exempt, symbolized or unauthorized. Authorized requirements are those which are exempt or assigned a control number. Control numbers are assigned in serial order and are referred to as symbols. Unauthorized collections, also referred to as unlicensed collections, frequently come from official sources that have sidestepped the review process, are beyond the approval period or were disapproved. Due to the various legal requirements on information collection, storage, retrieval and disclosure, it is imperative that each collection receive proper adjudication.
Unauthorized collections should not be responded to and should be forwarded to the organization’s IMCO. Symbolized collections do not meet exception criteria but are given a limited approval period and receive a control number that must be disclosed on all collection devices. These collections are required to go through a cost-benefit assessment which includes use of the DoD Cost Assessment & Program Evaluation Web tool. These symbolized collections are approved for up to three years at which time, if not renewed, expire and are self-canceling. Exempt collections may be difficult to distinguish from unauthorized collections because they are not required to display a control number. Any exempted collection is declared as such in its authorizing document. The status of all collection approval can be validated by the organization’s IMCO.
Department of the Navy Information Collection Management
From the perspective of the Department of the Navy, information collection management falls into four general categories: public, federal, DoD and DON component. Public collections are governed by 5 CFR Part 1320, Controlling Paperwork Burdens on the Public. The “public” is always nonfederal employees or their family members, nearly always contractors and can be federal employees and their family members when not based on federal employment. The term “paperwork” is rather arcane and reflects the most visible manifestation of the collection process. The true focus of the program is solicitation approval for all “front-end” means of data acquisition. All subsequent use of data should be covered by official use and sharing agreements. All public collections must be reviewed by the DON IMCO and most require approval by the Office of Management and Budget and assignment of an OMB information control symbol.
The other three management categories maintain the same focus as public collections, but expand policy to cover federal employees, retirees and family members. Federal collections are governed by 41 CFR 102-195, the Interagency Reports Management Program. In January 2005, the General Services Administration updated the policy to a reserved status. This policy change eliminated the requirement for GSA approval before collecting information from another federal agency.
It is important to note that the Defense Department maintains a requirement in DoD Instruction (DoDI) 8910.01 for DoD components requesting information from agencies outside the department to obtain the DoD IMCO approval prior to making a request. DoD collections are governed by DoDI 8910.01, Information Collection and Reporting, and DoD 8910.01-M, DoD Procedures for Management of Information Requirements. DON components requesting information from outside the DON, require a DON IMCO review and often require the DoD IMCO’s approval and assignment of a DoD information control symbol.
DON component collections are governed by Secretary of the Navy (SECNAV) Instruction 5210.16, Department of the Navy (DON) Forms Management and Information Requirements (Reports) Management Programs, and SECNAV Manual 5214.1, Department of the Navy Information Requirements (Reports) Manual. The term “report” is a bit of a misnomer and relates to the most abstract elements of information collection management, such as data calls delivered by naval message or command email. DON information collection management is concerned with all sources of initial data collection.
Information collection management in the DON is officiated in three-tiers: (1) the departmental IMCO; (2) Navy and Marine Corps IMCOs; and (3) the major command IMCOs. Unauthorized collections, commonly referred to as “bootlegs,” represent significant risk to the DON due to improper adjudication and competition for limited resources. Collection burdens are vastly underestimated, especially within the uniformed community. Burdens include personnel hours spent for development, solicitation and processing along with any required purchases that can range from postage, courier service and storage costs to software and hardware purchases. Personnel hours are assessed regardless of pay category.
Ultimately, there are only 24 hours in a day. Most civilians are limited to 40-hour workweeks and generally service member’s workweeks are capped at around 60 hours. In the concurrent multi-mission environment, mission critical tasks compete for time and resources, not only with other mission critical tasks, but with bootleg collections as well.
One of the most important and most overlooked elements of information collection management is the information collection budget known as the ICB. The ICB can be hard to conceptualize since it is mostly comprised of obligated payroll funds. Personnel hours are converted into a dollar equivalent and then any physical costs are added. At the Office of the Chief of Naval Operations level, the budget is split into fleet and ashore establishment costs. Information requirements that are symbolized are added to the budget and these budgets are made available along with an index so that: (1) executives can evaluate the burden; (2) respondents can validate the burden placed on them; and (3) organizations can review current collections before embarking on new ones. The ICB is a great resource for evaluating human capital allocation and organizational focus on first-mission tasks.
Ultimately, there is a divide between “customers” and “community.” Information collections, for the most part, are done from respondents for which the information is part and parcel of their everyday work.
An example of “customers” and “community” is the DoD Social Security number (SSN) reduction effort. Form managers and IT system managers function as customers for this effort and are responsible for the implementation of the devices that collect SSNs. Program managers and their staffs exemplify the community and ultimately only use forms and IT systems per instruction. Considering this example, the SSN reduction effort is not a first-mission task of the community and any collection of information from them as part of this effort comes at the expense of their first-mission. Now consider all possible non-first-mission information collections placed on this community. What is an acceptable loss of first-mission productivity?
Historically, this concept came into play when supplies and troops failed to show up on the battlefield in World War II. One Navy example is Operation Watchtower. During the invasion of Guadalcanal, Vice Adm. Robert L. Ghormley, then Commander of the South Pacific Area and South Pacific Force, and his staff became so entrenched in paperwork it threatened logistics operations. Lack of delegation and an inefficient command structure were contributing factors in his being relieved of command.
Information collection management is an all-hands responsibility. Participation in these programs is mandatory and helps ensure lawful collection, storage and disposition of data, as well as authorized collection, with the smallest overall burden possible. The spread of information starts with people agreeing to share information. Collection of information is so ubiquitous that most people do not stop to consider: (1) the authority of collection; (2) its official use; (3) sharing agreements; (4) the record retention period; or (5) associated penalties when mandatory requirements are not met.
Take time to authenticate information collection requests and ensure collection devices are current. Information collection management is a means for organizations to maintain an information collection budget, historic index of collections and case files on approved collections.
For assistance please contact your organization’s IMCO or the DON IMCO at OPNAV.DONFORMS.DNS51@NAVY.MIL.
FOR MORE INFORMATION
DoD Instruction (DoDI) 8910.01, Information Collection and Reporting.
SECNAV Instruction 5210.16, Department of the Navy (DON) Forms Management and Information Requirements (Reports) Management Programs .
SECNAV Manual 5214.1, Department of the Navy Information Requirements (Reports) Manual.
Micah T. Wilson is the OPNAV Directives, Forms, and Reports Management (DNS-15) Contractor Support Lead. Barbara Figueroa is the DON/Navy Forms Management Officer and Information Management Collection Officer (IMCO).