Agencies eye Web privacy

OMB Memo on Privacy Provisions of the E-Gov Act

Agencies are meticulously examining their Web pages for weaknesses in privacy protections, as Office of Management and Budget officials call their attention to Section 208 of the E-Government Act of 2002.

Section 208 lays out rules and guidelines agencies must follow to protect the privacy of citizens using government Web sites. OMB officials issued a memorandum offering specific guidance on implementing the privacy provisions in late September. Agencies must begin submitting annual reports on their compliance with the privacy rules, and the first report is due Dec. 15.

The agencies are moving into high gear now, said David Grant, director of accessibility solutions at Watchfire Corp., a company that makes software tools including products for automating the privacy validation process.

"Privacy was always a 'nice-to-have,' but there was never something like this to enforce it," he said. "Agencies and departments are all concerned."

Both Section 208 and OMB's September memo spell out clear rules that agencies have to follow. The problem is that most agencies have Web pages that predate those rules, sometimes by years, Grant said. Now they are under orders to examine their older pages and bring them into compliance.

The rules include some fairly standard practices that almost any Web site will offer. Agencies must post privacy policies on Web sites used by the public, for example, and must spell out in the policies what information the site collects and how it is used. The policies must inform users when they reveal information voluntarily.

However, the rules also define some limits on what federal sites can do that agencies might have done in the past.

For example, agencies cannot use persistent cookies to track visitors. Persistent cookies are small files that the site transfers to a user's computer to identify visitors when they return to the site. But agencies can use session cookies, which track a visitor's clicks through the site and can temporarily personalize the site, but expire as soon as the visitor leaves.

Agencies also have to submit privacy impact assessments to OMB — and make them publicly available when purchasing new information technology equipment — when making changes to their Web sites that could affect privacy.

Sorting through all of the rules and ensuring compliance are daunting tasks, but agencies are tackling them. Commerce Department officials are working on updating all of their sites in time to meet the deadline, said Tom Pyke, the department's chief information officer.

"The department's chief privacy officer is working with CIOs across the department who are responsible for the privacy statements on Commerce Web sites, to guide them as they update the privacy statements and make any other changes that may be required by this guidance," he said. "Commerce expects to be able to report to OMB in December 2003 that these actions have been completed."

The Securities and Exchange Commission is undertaking a similar effort, said spokesman John Nester. SEC staff members are developing plans for reviewing the SEC site for policy statements and evaluating the information technology systems that work with Web interfaces to determine what information they collect.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.