THE VIEW FROM INSIDE
THE VIEW FROM INSIDE
Walter R. Houser
OMB's privacy chief does good job on Web policy
By Walter R. Houser
Peter Swire, the Clinton administration's new privacy counselor, has hit the ground running.
Formally known as Memorandum M99-18, the policy requires all departments and agencies to post appropriate privacy policies on their Web sites. It comes amid rising public concern about privacy in general and about personal data collected via the Internet in particular.
Swire's memo is a straightforward implementation of well-established principles of the Privacy Act of 1974. It states, 'Each policy must clearly and concisely inform visitors to the site what information the agency collects about individuals, why the agency collects it and how the agency will use it. Privacy policies must be clearly labeled and easily accessed when someone visits a Web site.' It couldn't be much clearer.
The Privacy Act, with its subsequent enhancements, penalizes federal employees for failing to safeguard citizens' personal data. It requires agencies to print detailed notices in the Federal Register describing their Privacy Act systems of record and justifying the collection and use of the data collected.
If your agency or department keeps and retrieves personal data about citizens or gathers it via the Web, it has created a system of records. Thus, its Web site guest book is likely to qualify as a component of that system of record. Your agency must inform its privacy officer that it has created another system of record. Given the hassle of preparing a Federal Register notice, your agency may want to rethink whether it really needs a guest book for Web site visitors.
Slow on sites
Federal webmasters typically have technical, not policy, backgrounds. Consequently, agencies have been slow to establish privacy policies for their Web sites.
They have also been slow to inform the public of their practices for handling personal data. The Center for Democracy and Technology recently surveyed agency Web sites and found that the majority either had no policy posted or their posted policy was difficult to find [GCN, June 28, Page 61].
The memo gives agencies until Sept. 1 to post privacy notices on their main Web sites. By Dec. 1, agencies are required to add privacy policies to other known entry points to their sites as well as on any Web page where they collect personal information from visitors.
The memo contains a rare bonus: model language federal webmasters can use for various Web site practices. They can use the OMB-supplied language verbatim or rewrite it to suit their own needs. Either way, OMB has done much of the heavy lifting.
The model language gives agencies a major advantage in complying with the mandate. Webmasters and privacy officers can step through the items, selecting or adapting text as they need to.
Copy at will
Oversight agencies are rarely so direct with their guidance. They tend to be cautious because of possible misinterpretations and therefore avoid publishing examples. Rarely do seasoned policy-makers actually invite agencies to quote their language verbatim, for fear that the guidance would be misapplied.
Policy-makers typically are worried that their language might become the rationale for accidental or intentional misconstruction.
It is refreshing when new talent such as Swire comes to town. His work is direct and clear, with an abundance of usable examples. His well-crafted policy will be far easier to implement than much of what we've seen from OMB.
Walter R. Houser, who has more than two decades of experience in federal information management, is webmaster for a Cabinet agency. His own Web home page is at www.cpcug.org/user/houser.