THE VIEW FROM INSIDE

THE VIEW FROM INSIDE

Walter R. Houser

OMB's privacy chief does good job on Web policy

By Walter R. Houser

Peter Swire, the Clinton administration's new privacy counselor, has hit the ground running.

On the job only a few weeks, he has written the Office of Management and Budget's new Web privacy policy. It was signed June 2 by Jacob Lew, OMB director, and promptly sent to federal agencies [GCN, June 14, Page 1].

Formally known as Memorandum M99-18, the policy requires all departments and agencies to post appropriate privacy policies on their Web sites. It comes amid rising public concern about privacy in general and about personal data collected via the Internet in particular.

Swire's memo is a straightforward implementation of well-established principles of the Privacy Act of 1974. It states, 'Each policy must clearly and concisely inform visitors to the site what information the agency collects about individuals, why the agency collects it and how the agency will use it. Privacy policies must be clearly labeled and easily accessed when someone visits a Web site.' It couldn't be much clearer.

The Privacy Act, with its subsequent enhancements, penalizes federal employees for failing to safeguard citizens' personal data. It requires agencies to print detailed notices in the Federal Register describing their Privacy Act systems of record and justifying the collection and use of the data collected.

If your agency or department keeps and retrieves personal data about citizens or gathers it via the Web, it has created a system of records. Thus, its Web site guest book is likely to qualify as a component of that system of record. Your agency must inform its privacy officer that it has created another system of record. Given the hassle of preparing a Federal Register notice, your agency may want to rethink whether it really needs a guest book for Web site visitors.

Slow on sites

Federal webmasters typically have technical, not policy, backgrounds. Consequently, agencies have been slow to establish privacy policies for their Web sites.

They have also been slow to inform the public of their practices for handling personal data. The Center for Democracy and Technology recently surveyed agency Web sites and found that the majority either had no policy posted or their posted policy was difficult to find [GCN, June 28, Page 61].

Swire's memorandum gives agencies much-needed prodding to take action on this sensitive issue. To his credit, he includes privacy policy language for the principle categories of information collection occurring on federal Web sites. He addresses the use of static pages and cookie files and cites real-life examples of language addressing Web forms and e-mail.

The memo gives agencies until Sept. 1 to post privacy notices on their main Web sites. By Dec. 1, agencies are required to add privacy policies to other known entry points to their sites as well as on any Web page where they collect personal information from visitors.

At the risk of belaboring the obvious, this means a link to your privacy policy should appear legibly and noticeably not only on your home page, but also on your most popular entry pages. A link must appear when you collect data or invite feedback via e-mail.

The memo contains a rare bonus: model language federal webmasters can use for various Web site practices. They can use the OMB-supplied language verbatim or rewrite it to suit their own needs. Either way, OMB has done much of the heavy lifting.

The model language gives agencies a major advantage in complying with the mandate. Webmasters and privacy officers can step through the items, selecting or adapting text as they need to.

Copy at will

Oversight agencies are rarely so direct with their guidance. They tend to be cautious because of possible misinterpretations and therefore avoid publishing examples. Rarely do seasoned policy-makers actually invite agencies to quote their language verbatim, for fear that the guidance would be misapplied.

Policy-makers typically are worried that their language might become the rationale for accidental or intentional misconstruction.

It is refreshing when new talent such as Swire comes to town. His work is direct and clear, with an abundance of usable examples. His well-crafted policy will be far easier to implement than much of what we've seen from OMB.

Walter R. Houser, who has more than two decades of experience in federal information management, is webmaster for a Cabinet agency. His own Web home page is at www.cpcug.org/user/houser.

inside gcn

  • A forward-located Control and Reporting Center. Air Force photo.

    Data security at the tactical edge: Rightsizing solutions

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above