On Air: Federal Drive with Tom Temin
Trending:
Listen Live
All News

OIRA outlines privacy assessments for using 3rd party websites

New memo gives agencies a template to develop privacy impact assessments when using commercial sites. The guidance follows OMB\'s June 2010 memo on using Web co...

Jason Miller@jmillerWFED
January 5, 2012 3:02 pm
2 min read
     

More than 18 months after releasing guidance for ensuring privacy when using third-party websites, the Office of Management and Budget gave agencies the approach to do it.

Kevin Nyland, the deputy administrator in OMB’s Office of Information and Regulatory Policy, sent agency chief information officers a memo Dec. 29 outlining how agencies should prepare an adapted Privacy Impact Assessment (PIA). The PIA should address specific functions of a third-party website or application that the agency is using.

Agencies must complete the PIA before using a third-party website, which could include commercial offerings such as YouTube, Facebook or survey sites.

“To facilitate agency use of third-party websites and applications, OMB has worked with the CIO Council’s Privacy Committee to develop a model PIA reflecting the requirements for an adapted PIA,” the memo stated.

        Join us May 6 at 1 p.m. EST for Federal News Network's Industry Exchange Data where we'll explore how you can employ data to modernize your agency. | Register today!

OMB initially required PIAs in a June 2010 memo outlining how agencies should use Web cookies.

The PIA memo calls on agencies to develop a PIA with eight sections:

  • Specific purpose of how the agency is using the third-party site or application.
  • Any personal identifiable information (PII) likely to become available to the agency through the use of the site or app.
  • How the agency will use the PII.
  • How the agency will share or disclose the personal information.
  • How the agency will maintain and retain the personal information.
  • How will the PII be secured.
  • How the agency will identify and mitigate other privacy risks.
  • How the agency will create or modify a system of records.

“An agency may prepare one PIA to cover multiple websites or applications that are functionally comparable, as long as the agency’s practices are substantially similar across each website and application,” the memo stated.

“For example, one PIA may be sufficient to cover an agency’s use of multiple social media websites where limited PII is made available to the agency, but none is collected, shared or maintained. However, if an agency’s use of a website or application raises distinct privacy risks, the agency should prepare a PIA that is exclusive to that website or application.”

RELATED STORIES:

OMB bakes new cookie policy for federal websites

DHS shares privacy expertise in new handbook

        Read more: All News

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

READ MORE
     
Jason Miller

Jason Miller is executive editor of Federal News Network and directs news coverage on the people, policy and programs of the federal government. 

Follow @jmillerWFED

    military construction

    Air Force investing in privatized housing, lawmakers are not sold on the idea

    Defense Read more
    Amelia Brust/Federal News Network

    Biden Administration tweaks regulations for how states, cities can use federal funding

    Agency Oversight Read more
Related Topics
All News Management Office of Management and Budget Radio Interviews Technology