June 1, 1999
This attachment provides guidance and model language on privacy statements. You can use this guidance and model language to help identify the issues that privacy policies must cover, draft the language, and get it approved. This will allow you to post your policies expeditiously.
This document provides guidance on the following situations:
(1) Introductory language.
Discussion: Web sites are the front door for many contacts by individuals with the government. Having clear overview language about your privacy practices at the start of the policy can provide a helpful introduction to a web policy.
Web privacy policies can reassure individuals that information you collect about them when they visit your site will be well and appropriately handled. You should write such reassurances in plain English.
"The privacy of our customers has always been of utmost importance to the Social Security Administration. In fact our first regulation, published in 1937, was written and published to ensure your privacy. Our concern for your privacy is no different in the electronic age.
(2) Information collected and stored automatically.
Discussion: In the course of operating a web site, certain information may be collected automatically in logs or by cookies. Some agencies may be able to collect a great deal of information, but by policy elect to collect only limited information. In some instances, agencies may have the technical ability to collect information and later take additional steps to identify people, such as by looking up static Internet Protocol addresses that can be linked to specific individuals. Your policy should make clear whether or not you are collecting this type of information and whether you will take further steps to collect more information.
"Information Collected and Stored Automatically
If you do nothing during your visit but browse through the website, read pages, or download information, we will gather and store certain information about your visit automatically. This information does not identify you personally. We automatically collect and store only the following information about your visit:
We use this information to help us make our site more useful to visitors -- to learn about the number of visitors to our site and the types of technology our visitors use. We do not track or record information about individuals and their visits.
"This is how we will handle information we learn about you from your visit to our website. The information we receive depends upon what you do when visiting our site.
If you visit our site to read or download information, such as consumer brochures or press releases:
We collect and store only the following information about you: the name of the domain from which you access the Internet (for example, aol.com, if you are connecting from an America Online account, or princeton.edu if you are connecting from Princeton University's domain); the date and time you access our site; and the Internet address of the website from which you linked directly to our site.
We use the information we collect to measure the number of visitors to the different sections of our site, and to help us make our site more useful to visitors.
"Example Information Collected for Statistical Purpose/p>
(3) Information Collected from E-mails and Web Forms.
Discussion: Many websites receive identifiable information from e-mails or web forms. Some statement is appropriate about how the identifiable information is treated when the individual provides it. One general and helpful comment is to say (when it is true) that you only use information included in an e-mail for the purposes provided and that the information will be destroyed after this purpose has been fulfilled.
The FTC then has the following disclosure at its "Talk to Us" link:
You can contact us by postal mail, telephone, or electronically, via an on-line form. Before you do, there are a few things you should know.
The material you submit may be seen by various people. We may enter the information you send into our electronic database, to share with our attorneys and investigators involved in law enforcement or public policy development. We may also share it with a wide variety of other government agencies enforcing consumer protection, competition, and other laws. You may be contacted by the FTC or any of those agencies. In other limited circumstances, including requests from Congress or private individuals, we may be required by law to disclose information you submit.
Also, e-mail is not necessarily secure against interception. If your communication is very sensitive, or includes personal information like your bank account, charge card, or social security number, you might want to send it by postal mail instead."
(4) Security, Intrusion, Detection Language.
Discussion: Many webmasters use information collected on a site to detect potentially harmful intrusions and to take action once an intrusion is detected. In some situations, the policy of the agency may be not to collect personal information such as from IP logs. In the event of authorized law enforcement investigations, however, and pursuant to any required legal process, information from those logs and other sources may be used to help identify an individual.
Sample One: The Department of Defense uses the following language to alert users that information may be collected for security purposes:
"4. For site security purposes and to ensure that this service remains available to all users, this government computer system employs software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage.
5. Except for authorized law enforcement investigations, no other attempts are made to identify individual users or their usage habits. Raw data logs are used for no other purposes and are scheduled for regular destruction in accordance with National Archives and Records Administration guidelines.
6. Unauthorized attempts to upload information or change information on this service are strictly prohibited and may be punishable under Infrastructure Protection Act."
Sample Two: Department of Justice Privacy and Security Notice:
"For SITE SECURITY purposes and to ensure that this service remains available to all users, this Government computer system employs software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage.
NOTICE: We will not obtain personally-identifying information about you when you visit our site, unless you choose to provide such information to us."
(5) Significant actions where information enters a System of Records.
To date, a large fraction of federal web pages have not collected significant amounts of identifiable information in ways that entered directly into systems of records covered by the Privacy Act. Looking ahead, a greater range of actions may take place based on information provided to web sites. Examples might include electronic commerce transactions or updating of information about eligibility for benefits.
In systems of records where traditional paper collections of information are supplemented or replaced by electronic forms offered through a web site, therules of the Privacy Act continue to apply. For situations where a Privacy Act notice would be required in the paper-based world, the general principle is that the equivalent notice is required in the on-line world. Posting of the relevant Privacy Act notice on the web page or through a well-marked hyperlink would be appropriate.
Steering Committee for Federal Agency Privacy Policies
The Steering Committee has helped develop the guidance in this document, drawing on the diverse functional experience of its members. Its members are available for questions and comments on the development of agency web privacy policies.
The following two persons from the Federal Trade Commission are not members of the Steering Committee. They have worked with privacy policies for both the public and private sector, however, and have offered to be available for questions from those working on agency policies: