118 STAT. 3270 PUBLIC LAW 108–447—DEC. 8, 2004 (C) ensure compliance and consistency with both online and offline stated privacy and data protection policies; and (D) provide agencies with ongoing awareness and rec ommendations regarding privacy and data protection proce dures. (3) REQUIREMENTS OF REVIEW.—The Inspector General of each agency shall contract with an independent, third party that is a recognized leader in privacy consulting, privacy tech nology, data collection and data use management, and global privacy issues, to— (A) evaluate the agency’s use of information in identifi able form; (B) evaluate the privacy and data protection procedures of the agency; and (C) recommend strategies and specific steps to improve privacy and data protection management. (4) CONTENT.—Each review under this subsection shall include— (A) a review of the agency’s technology, practices and procedures with regard to the collection, use, sharing, disclosure, transfer and storage of information in identifi able form; (B) a review of the agency’s stated privacy and data protection procedures with regard to the collection, use, sharing, disclosure, transfer, and security of personal information in identifiable form relating to agency employees and the public; (C) a detailed analysis of agency intranet, network and Websites for privacy vulnerabilities, including— (i) noncompliance with stated practices, procedures and policies; and (ii) risks for inadvertent release of information in an identifiable form from the website of the agency; and (D) a review of agency compliance with this Act. (e) REPORT.— (1) IN GENERAL.—Upon completion of a review, the Inspector General of an agency shall submit to the head of that agency a detailed report on the review, including rec ommendations for improvements or enhancements to manage ment of information in identifiable form, and the privacy and data protection procedures of the agency. (2) INTERNET AVAILABILITY.—Each agency shall make each independent third party review, and each report of the Inspector General relating to that review available to the public. (f) DEFINITION.—In this section, the definition of ‘‘identifiable form’’ is consistent with Public Law 107–347, the E Government Act of 2002, and means any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. SEC. 523. None of the funds made available under this Act may be obligated or expended to establish or implement a pilot program under which not more than 10 designated essential air service communities located in proximity to hub airports are required to assume 10 percent of their essential air subsidy costs for a 4 year period commonly referred to as the EAS local participa tion program. Public information. Contracts.
�
