"The Privacy Guidelines build on a set of core principles that Federal departments and agencies must follow. Those principles require specific, uniform action and reflect basic privacy protections and best practices. Agencies must: (1) Share protected information only to the extent it is terrorism information, homeland security information, or law enforcement information related to terrorism; (2) Identify and review the protected information to be shared within the ISE [Information Sharing Environment]; (3) Enable ISE participants to determine the nature of the protected information to be shared and its legal restrictions (e.g., "this record contains individually identifiable information about a U.S. citizen"); (4) Assess, document, and comply with all applicable laws and policies; (5) Establish data accuracy, quality, and retention procedures; (6) Deploy adequate security measures to safeguard protected information; (7) Implement adequate accountability, enforcement, and audit mechanisms to verify compliance; (8) Establish a redress process consistent with legal authorities and mission requirements; (9) Implement the guidelines through appropriate changes to business processes and systems, training, and technology; (10) Make the public aware of the agency's policies and procedures as appropriate; (11) Ensure agencies disclose protected information to non-Federal entities-including State, local, tribal, and foreign governments-only if the non-Federal entities provide comparable protections; and (12) State, local, and tribal governments are required to designate a senior official accountable for implementation". (White House, National Strategy for Information Sharing, 2007, pp. 27-28)