Agencies tackle privacy policy

More than half of the 60 agencies reporting to Office of Management and Budget officials said that they have or plan to soon have machine-readable privacy policies as mandated under the E-Government Act of 2002.

The E-Gov Act requires agencies to inform officials about the progress of their implementation of privacy provisions, such as machine-readable policies, privacy impact assessments for new or changed technology systems, use of tracking technology and designation of a single privacy official at the agency.

The agencies that complied with that part of the mandate have identified Web site privacy policies that have been or will be translated into a standard computer language readable by the browser, according to OMB's E-Government Act report released to Congress this month. With the machine-readable policies, the browser automatically notifies the user if the site is in line with the user's privacy preferences.

"Other agencies were 'undecided,' [and] indicated they were either examining the field or they were awaiting a recommendation from OMB on what standard to use," the report states.

Although OMB does not endorse one standard, there is only one way to become compliant: use the Platform for Privacy Preferences Project (P3P) developed by the World Wide Web Consortium.

Agency officials are improving their understanding of privacy impact assessments (PIAs), and many plan to post the assessments on their Web sites, according to the report.

OMB officials said agencies should involve program owners and experts in information technology, security, privacy and policy in the crafting of the PIAs. Agency officials indicated they will post the PIAs on the Web sites, unless it would raise security concerns, according to the report.

Of the 60 agencies reporting to OMB, most said they did not use tracking technology, such as persistent cookies, to monitor a Web site visitor's activities. In most cases, this tracking technology is not allowed, unless agencies get permission.

Agencies also had to identify the main officials responsible for privacy issues, and agencies generally designated one official as the point of contact for IT and Web site issues and a second person for policy issues, the report states. Some agencies had three separate officials while others gave all areas of responsibility to a single person.

"OMB is in the process of communicating with the listed individuals to supplement the information provided and develop a contact roster," the report states. "By communicating with all three principals, OMB can ensure that agency privacy officials are part of the agency's capital planning and investment process."

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.