Privacy Requirements

Requirement:

All federal public websites* must comply with existing laws and directives that address the need to protect the privacy of the American people when they interact with their government. Some of the key requirements for federal public websites include:

1. Conducting privacy impact assessments;
   
   
2. Posting privacy policies on each website;
   
   
3. Posting a "Privacy Act Statement" that tells visitors the organization's legal authority for collecting personal data and how the data will be used; and
   
   
4. Translating privacy policies into a standardized machine–readable format.

Organizations should review the following laws and regulations related to privacy protections to ensure that their public websites meet the full range of requirements.

• OMB Memorandum 03–22, OMB Guidance for Implementing the Privacy Provisions of the E–Government Act of 2002
• E–Government Act of 2002, Section 207(f)(1)(B)
• Privacy Policies and Data Collection on Federal Websites
• Clarification of OMB's Cookies Policy (Memo from OMB to Department of Commerce)
• Privacy Act of 1974
• OMB Circular A–130, App 1
• Children's Online Privacy Protection Act of 1998 (COPPA)

Examples

• The Social Security Administration has a comprehensive Privacy Policy that is written in plain language and clearly explains how SSA will handle personal information collected over the Internet.
• The Department of Treasury has a machine readable privacy statement that can be read on each page.
• NOAA provides a clear explanation at the top of their Privacy Policy explaining that they are committed to privacy protection. They also provide an easy–to–read format about each topic related to privacy.

* These requirements apply to executive departments and agencies and their public websites. Check the specific law to see if it also applies to the judicial or legislative agencies or to intranets.