Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 118th Congress · H.R. 7571 (Introduced in House) — To establish a regional trade, investment, and people-to-people partnership of countries in the Western Hemisphere to... · Sec. 102

Sec. 102. E-governance framework

1,019 words·~5 min read·/bill/118/hr/7571/ih/section-102·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

The Institute shall develop and maintain a comprehensive e-governance framework for Americas partner countries. The purpose of the e-governance framework developed under subsection
(a)shall be to allow for the development of interoperable services to harmonize and facilitate the delivery of effective and transparent government services within and between Americas partner countries. In developing the e-governance framework under subsection (a), the Institute shall ensure that the framework adheres to the following principles: The framework shall be designed to allow different government systems to, when appropriate, seamlessly share data with each other, consistent with applicable laws and privacy restrictions under subsection (d). The framework should seek to avoid centralized control over data, and should allow the government of each Americas partner country to maintain control over its own data while still facilitating cross-border data sharing. Data control and hosting under the framework should be consistent with local law and international agreements. Nothing in this paragraph may be construed to contravene or supercede laws or agreements in effect before the date of the enactment of this Act. The framework should, to the greatest extent practicable, be built on open standards that are freely available to the public. The framework should ensure that each Americas partner country maintains control over the data of citizens of that country. The framework should allow for the collaboration of public and private entities in the development, design, and maintenance of e-governance systems. Systems developed by the Institute should, to the extent practicable, be open source. Systems developed by Americas partner countries are encouraged to be open source as well. The framework shall account, consistent with other provisions of this Act, for existing e-governance systems developed by Americas partner countries, including by adopting, in part or in whole, existing e-governance systems as part of the framework or as reference implementations within the framework. The e-governance framework developed under subsection
(a)shall incorporate privacy best-practices, including as follows: Systems developed under the framework should collect only the minimal set of data necessary for a given purpose and without any additional processing unnecessary for fulfilling that purpose. The Institute shall define necessary access controls for data and require encryption of data where appropriate. The Institute shall develop and publish a data retention policy, which shall— be honored by any system operating under the framework; include a disclosure of— what user information is stored by a particular system; whether that information is encrypted; and for how long the information is stored; and provide for the Institute to provide, in a timely fashion, all data held related to an individual or entity upon the request of the individual or entity. Systems developed under the framework shall, to the greatest extent practicable, include a mechanism by which— a user may request that any system operating under the framework delete any data on the user; and such a request is honored within 72 hours, except as required by other applicable law. Systems developed under the framework shall, to the greatest extent practicable, incorporate mechanisms under which— a user may request to correct inaccurate data in the framework related to the user; and such a request is honored within 72 hours after the correct data has been verified. The Institute may develop and enforce such other privacy practices as the Institute considers appropriate. The e-governance framework developed under subsection
(a)shall incorporate cyber security best practices, including the following: Appropriate access controls and user authentication, which may— vary by service according to the sensitivity of the data involved; and include the integration of any national electronic identification systems of Americas partner countries. Regular penetration testing by an outside organization certified by the Institute, to be conducted not less frequently than once a year. Provision of a common vulnerability disclosure policy for systems operating under the framework. Such other cyber security best practices as the Institute considers appropriate. Each system of an Americas partner country operating under the e-governance framework developed under subsection
(a)shall undergo annual audits by an outside organization certified by the Institute. That audit shall assess the compliance of the system with the privacy and security requirements of this section and such other requirements as the Institute considers necessary. If an audit conducted under paragraph
(1)indicates that a system or systems of an Americas partner country are substantially noncompliant with the privacy and security requirements of this section, the Institute may— designate the system or systems as noncompliant; recommend that other Americas partner countries take such actions as may be necessary to protect the privacy and security of the systems and data of those countries; and withhold, in part or in whole, further assistance to the country the system or systems of which are designated as noncompliant, including revoking privileges or access to any services or shared infrastructure of the Institute, until such a time as the Institute determines that the system or systems are compliant. The Institute may certify as partially or wholly compliant any system of an Americas partner country if the Institute determines that the country is making a good faith effort at compliance, but has not fully achieved compliance with all the requirements of this section. A certification under subparagraph
(A)may include a certification that a system is temporarily compliant— during— the development of the system; partial deployments of the system; or deployments of minimum viable products; or if the Institute determines that compliance with the requirements of this section would substantially hinder the ability of a country to effectively provide critical services to citizens of the country and there is no practical path to achieve compliance and effectively provide such services. If the participation of a country in a partnership agreement is suspended under section 201(d), the Institute— may terminate the provision of any services or assistance to the country; and may take such steps as are necessary to ensure any systems affected by the termination are transitioned appropriately to minimize disruptions to the citizens of that country. The Institute shall ensure that all resources necessary to develop systems compliant with the e-governance framework developed under subsection
(a)are available in all necessary languages.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.