OMB tells agencies how to treat their online 'friends'

The Obama administration issues new guidance for agencies use of Web technologies

Agencies got guidance today on how they should treat the “friends” they’ve made on Facebook.

The Office of Management and Budget issued new requirements to agencies for using third-party Web sites and applications, as well as online customization technologies.

It’s hard to find a government agency that isn’t tweeting, friending or posting videos on a YouTube channel. However, according to the Obama administration, policies for government use of communication technologies hasn’t kept pace with agencies’ forays into social media and Web 2.0 technologies. At the same time, previous OMB policy kept agencies from using technologies such as persistent cookies that could yield accurate analytics about Web traffic, the administration said.

The guidance OMB released today is designed to deal with those perceived policy gaps while protecting privacy, according to administration officials.

OMB Director Peter Orszag released new guidelines today in a memo. They apply to any federal agency using third-party Web sites or applications to engage with the public to put in place for the principles of the Obama administration’s Open Government Directive, the memo said.

Under the new requirements, when using a third-party Web site or application, agencies must examine the third party’s privacy policy to evaluate the risks and determine whether it’s appropriate for the agency’s use before using the site. OMB said agencies should also:

  • Provide an alert to visitors explaining that they are being directed to a nongovernment Web site that may have different privacy policies from the official Web site when posting a link that leads to a third-party Web site or any other location not in the official government domain.
  •  Take the steps needed to disclose the third party’s involvement if an agency incorporates or embeds a third-party application on its Web site.
  • Apply appropriate branding to distinguish third-party activities from its own.
  • Limit the amount of information collected through use of a third-party Web site or application to what’s necessary.

Agencies also have to do an adapted privacy impact assessment for an agency’s use of such Web sites and applications, and update their internal privacy policies for use of the tools. Agencies should also make information and services comparable to what’s available through their use of third-party sites available in other ways.

“Our view is that this is going on already, it has been for many years and it’s important the we set down a clear set of rules of the road so agencies have confidence when they engage in this area that they are doing it in the right way,” Michael Fitzpatrick, associate administrator at OMB’s Office of Information and Regulatory Affairs, told reporters during a conference call. Fitzpatrick was taking about agencies use of Web 2.0 or social media technologies.

Fitzpatrick said that by asking for public comment on regulatory proposals through social media such as chat rooms or town halls, the administration thinks agencies will access more people than they would through the traditional process of proposing rules through the Federal Register.

“It’s our great hope that our continued use and application of these new technologies are really going to break down barriers between people and their government, and allow for much greater collaboration and participation,” Fitzpatrick said.

Meanwhile, Fitzpatrick made the case that agencies should be taking advantage of Web measurement and customization technologies that companies do. However, he said that it’s become difficult for agencies to do so, because had been bound by 10-year-old policies that didn’t contemplate today’s technologies.

To update those policies, Orszag released another memo today to give agencies guidance for online use of Web measurement and customization technologies that are used to remember a user’s online interactions with a Web site or online application.

Fitzpatrick said the guidance incorporates thousands of public comments that officials began to gather last summer and meetings with interested parties.

“We’ve developed what we think is now a 21st century perspective on the use of these technologies to enhance government Web sites,” he said. “It permits agencies within clear constraints and restrictions to use these types of technologies.”

Under the new guidance, agencies are prohibited from using the technologies to:

  • Track user individual-level activity on the Internet outside of the Web site or application where the technology originates.
  • Share the data obtained through such technologies with other agencies without the user’s explicit consent.
  • Cross-reference without the user’s explicit consent any data gathered from Web measurement and customization technologies against personally identifiable information to determine individual-level online activity.
  • Collect personally identifiable information without the user’s explicit consent.

Agencies also can’t use Web measurement and customization technologies that don’t allow people to easily opt out. The memo also provides limitations for how the technology can be used in different situations, broken down in tiers of usage, and on how long data can be retained.

About the Author

Ben Bain is a reporter for Federal Computer Week.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected