Agencies tackle privacy policy

More than half of the 60 agencies reporting to Office of Management and Budget officials said that they have or plan to soon have machine-readable privacy policies as mandated under the E-Government Act of 2002.

The E-Gov Act requires agencies to inform officials about the progress of their implementation of privacy provisions, such as machine-readable policies, privacy impact assessments for new or changed technology systems, use of tracking technology and designation of a single privacy official at the agency.

The agencies that complied with that part of the mandate have identified Web site privacy policies that have been or will be translated into a standard computer language readable by the browser, according to OMB's E-Government Act report released to Congress this month. With the machine-readable policies, the browser automatically notifies the user if the site is in line with the user's privacy preferences.

"Other agencies were 'undecided,' [and] indicated they were either examining the field or they were awaiting a recommendation from OMB on what standard to use," the report states.

Although OMB does not endorse one standard, there is only one way to become compliant: use the Platform for Privacy Preferences Project (P3P) developed by the World Wide Web Consortium.

Agency officials are improving their understanding of privacy impact assessments (PIAs), and many plan to post the assessments on their Web sites, according to the report.

OMB officials said agencies should involve program owners and experts in information technology, security, privacy and policy in the crafting of the PIAs. Agency officials indicated they will post the PIAs on the Web sites, unless it would raise security concerns, according to the report.

Of the 60 agencies reporting to OMB, most said they did not use tracking technology, such as persistent cookies, to monitor a Web site visitor's activities. In most cases, this tracking technology is not allowed, unless agencies get permission.

Agencies also had to identify the main officials responsible for privacy issues, and agencies generally designated one official as the point of contact for IT and Web site issues and a second person for policy issues, the report states. Some agencies had three separate officials while others gave all areas of responsibility to a single person.

"OMB is in the process of communicating with the listed individuals to supplement the information provided and develop a contact roster," the report states. "By communicating with all three principals, OMB can ensure that agency privacy officials are part of the agency's capital planning and investment process."

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group