Agencies tackle privacy policy

More than half of the 60 agencies reporting to Office of Management and Budget officials said that they have or plan to soon have machine-readable privacy policies as mandated under the E-Government Act of 2002.

The E-Gov Act requires agencies to inform officials about the progress of their implementation of privacy provisions, such as machine-readable policies, privacy impact assessments for new or changed technology systems, use of tracking technology and designation of a single privacy official at the agency.

The agencies that complied with that part of the mandate have identified Web site privacy policies that have been or will be translated into a standard computer language readable by the browser, according to OMB's E-Government Act report released to Congress this month. With the machine-readable policies, the browser automatically notifies the user if the site is in line with the user's privacy preferences.

"Other agencies were 'undecided,' [and] indicated they were either examining the field or they were awaiting a recommendation from OMB on what standard to use," the report states.

Although OMB does not endorse one standard, there is only one way to become compliant: use the Platform for Privacy Preferences Project (P3P) developed by the World Wide Web Consortium.

Agency officials are improving their understanding of privacy impact assessments (PIAs), and many plan to post the assessments on their Web sites, according to the report.

OMB officials said agencies should involve program owners and experts in information technology, security, privacy and policy in the crafting of the PIAs. Agency officials indicated they will post the PIAs on the Web sites, unless it would raise security concerns, according to the report.

Of the 60 agencies reporting to OMB, most said they did not use tracking technology, such as persistent cookies, to monitor a Web site visitor's activities. In most cases, this tracking technology is not allowed, unless agencies get permission.

Agencies also had to identify the main officials responsible for privacy issues, and agencies generally designated one official as the point of contact for IT and Web site issues and a second person for policy issues, the report states. Some agencies had three separate officials while others gave all areas of responsibility to a single person.

"OMB is in the process of communicating with the listed individuals to supplement the information provided and develop a contact roster," the report states. "By communicating with all three principals, OMB can ensure that agency privacy officials are part of the agency's capital planning and investment process."

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • Social network, census

    5 predictions for federal IT in 2017

    As the Trump team takes control, here's what the tech community can expect.

  • Rep. Gerald Connolly

    Connolly warns on workforce changes

    The ranking member of the House Oversight Committee's Government Operations panel warns that Congress will look to legislate changes to the federal workforce.

  • President Donald J. Trump delivers his inaugural address

    How will Trump lead on tech?

    The businessman turned reality star turned U.S. president clearly has mastered Twitter, but what will his administration mean for broader technology issues?

  • Login.gov moving ahead

    The bid to establish a single login for accessing government services is moving again on the last full day of the Obama presidency.

  • Shutterstock image (by Jirsak): customer care, relationship management, and leadership concept.

    Obama wraps up security clearance reforms

    In a last-minute executive order, President Obama institutes structural reforms to the security clearance process designed to create a more unified system across government agencies.

  • Shutterstock image: breached lock.

    What cyber can learn from counterterrorism

    The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group