OMB issues privacy guidance
Departments and agencies to conduct privacy impact assessments before developing or making changes to tech systems.
OMB guidance for implementing the privacy provisions of the E-Government Act of 2002
In an effort to ensure personal information is protected, the Office of Management and Budget yesterday directed departments and agencies to conduct privacy impact assessments before developing or making changes to tech systems.
Agencies should review how information is collected and used in the organization, according to a memo to agency heads from OMB Director Joshua Bolten. The memo provides guidance for implementing the privacy provisions of the E-Government Act of 2002.
"As the National Strategy [to Secure Cyberspace] indicates, cyberspace security programs that strengthen protections for privacy and other civil liberties, together with strong privacy policies and practices in the federal agencies, will ensure that information is handled in a manner that maximizes both privacy and security," Bolten wrote.
Privacy assessments for the fiscal 2005 information technology budget requests are due to OMB by Oct. 3. Assessments must be conducted before developing IT systems that collect, maintain or disseminate identifiable information, or when initiating new information collection for 10 or more people, OMB officials said.
Agencies must also develop a plan to make their Web site privacy policies machine-readable, which means they automatically provide notification when the site doesn't cover a visitor's privacy protections. Agencies must present a timetable for translating the privacy policies into that format, including milestones to show the progress over the next year, officials said.
For their Web sites, agencies must tell visitors when it's voluntary to submit information, how to grant consent for an agency to use voluntary personal data and about their rights under the Privacy Act, OMB officials said.
Agency sites will also be required to disclose the nature of the information collected, the use of the information, whether and to whom the information will be shared and the safeguards applied to the information, officials said.
NEXT STORY: Defense IT achievements honored