Deadline for Web privacy policies looms

Agencies have three weeks to beef up their Web site privacy policies as required under the E-Government Act of 2002. By Dec. 15, agencies’ online privacy policies must inform visitors: “Agencies should explain how the information is being protected, maintained and received,” said Eva Kleederman, a privacy policy analyst with the Office of Management and Budget. She spoke yesterday at a privacy event in Washington sponsored by the Center for Democracy and Technology and the Council for Excellence in Government. Agencies also must notify site users of their rights under the Privacy Act and other privacy laws and detail any use of tracking technology, such as session cookies, or applications that let users customize their version of a site.Kleederman said more and more agencies are allowing site customization, and many use tracking technology applications.Finally, each agency must submit to OMB a list of privacy impact assessments they have done of IT projects. Agencies had to include the assessments with their fiscal 2005 budget submissions OMB anticipates the inventory will identify several hundred assessments that the agency can use to get an overview of privacy projects and trends, Kleederman said. “Our analysis will be included in our report to Congress on how we are meeting the requirements of the E-Government Act,” she said.