June 2, 1999
M-99-18
MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES
FROM: | Jacob J. Lew Director |
SUBJECT: | Privacy Policies on Federal Web Sites |
This memorandum directs Departments and Agencies to post clear privacy policies on World Wide Web sites, and provides guidance for doing so. As a first priority, you must post privacy policies to your Department or Agency’s principal web site by September 1, 1999. By December 1, 1999, add privacy policies to any other known, major entry points to your sites as well as at any web page where you collect substantial personal information from the public. Each policy must clearly and concisely inform visitors to the site what information the agency collects about individuals, why the agency collects it, and how the agency will use it. Privacy policies must be clearly labeled and easily accessed when someone visits a web site.
Federal agencies must protect an individual’s right to privacy when they collect personal information. This is required by the Privacy Act, 5 U.S.C. 552a, and OMB Circular No. A-130, "Management of Federal Information Resources," 61 Fed. Reg. 6428 (Feb. 20, 1996), and supported by the Principles for Providing and Using Personal Information published by the Information Infrastructure Task Force on June 6, 1995. Posting a privacy policy helps ensure that individuals have notice and choice about, and thus confidence in, how their personal information is handled when they use the Internet.
New information technologies offer exciting possibilities for improving the quality and efficiency of government service to the American people. Web sites are a powerful tool for conveying information on topics relating to activities, objectives, policies and programs of the Federal Government. Web pages provide a simple and speedy means of gaining access to information about the Government, thereby increasing knowledge and understanding of what Government is doing on the people’s behalf. Looking ahead, as contemplated for instance by the Government Paperwork Elimination Act, people will conduct more and more business and other activities with the Government electronically. We cannot realize the full potential of the web until people are confident we protect their privacy when they visit our sites.
To assist Departments and Agencies in reviewing their existing privacy policy or in creating such a policy, I have attached guidance and model privacy language for several different information practices that may apply to your web sites. You can use the model language verbatim, or as a starting point in crafting a policy tailored to meet your own requirements and needs.
For any questions about this guidance, contact Peter P. Swire, Chief Counselor for Privacy,
Office of Management and Budget, phone (202) 395-1095, fax (202) 395-5167, e-mail Peter_Swire@omb.eop.gov. To provide assistance to Agencies and Departments in implementing web privacy policies, Mr. Swire will form a Steering Committee for Federal Agency Privacy Policies.