type, the retention period, and the authority responsible for making the retention decision. After a computer failure, check all personal data that was being processed at the time of failure for inaccuracies resulting from the failure. If  the  data  volumes  permit  economic  processing, some sensitive applications may use a dedicated processing period. Examine  files  created  from  files  known  to contain personal data to ensure they cannot be used to regenerate any personal data. A formal process  must  be  established  to  determine  and certify that such files are releasable in any given instance. In aggregating personal data, consider whether the consequentfile has been increased in value to a theft-attracting level. When    manipulating    aggregations    and combinations   of   personal   data,   make   it impossible to trace any information concerning an individual. Take steps so that no inference, deduction, or derivation processes can be used to recover personal data. Programming Practices The   following   practices   are   suggested   for programming procedures: Subject  all  programming  development  and modification to independent checking by a second  programmer,  bound  by  procedural requirements   developed   by   a   responsible supervisor. Inventory  current  programs  that  process  or access personal data; verify their authorized usage. Enforce programming practices that clearly and fully identify personal data in any computer program. Strictly  control  and  require  written  authorization for  all  operating  system  changes  that  involve software  security. Assignment of Responsibilities The following  practices  are  suggested  for  the assignment of responsibilities: Designate   an   individual   responsible   for examining facility practices in the storage, use, and processing of personal data, including the use   of   security   measures,   information management  practices,  and  computer  system access controls. Both internal uses and the authorized external transfer of data should be considered by this individual and any risks reported to the relevant upper management authority and the AIS technical manager. Designate  an  individual  responsible  during  each processing  period  (shift)  for  ensuring  the  facility is adequately staffed with competent personnel and enforcing the policies for the protection of personal  data. Ensure that all military, civil service, and other employees   engaged   in   the   handling   or processing of personal data adhere to established codes  of  conduct. Procedural Inspecting Whenever  appropriate,  conduct  an  independent examination of established procedures. Inspections of both  specific  information  flow  and  general  practices  are possible. The following points should be considered when  developing  an  inspection: Inspecting groups can be established within organizations   to   provide   assurance   of compliance  independent  of  those  directly responsible. Independent,  outside  inspectors  can  be  contacted to   provide   similar   assurance   at   irregular intervals. Inspection reports should be maintained for routine inspection and used to provide additional data for tracing compromises of confidentiality. IDENTIFICATION TECHNIQUES Once   security   measures   and   information management   practices   are   established,   the   AIS technical  manager  should  consider  methods  of  personal identification of individuals for authorized access to the AIS facility. The identification of each individual allowed  to  use  a  system  is  a  necessary  step  in safeguarding the data contained in that system. For a broader knowledge of personal identification and identification techniques, refer to  Guidelines on 4-39