Your Rights under the E-Government Act of 2002
The E-Government Act was passed by Congress in 2002 and supplements many of the privacy rights guaranteed by the Privacy Act of 1974. This document will make you aware of the rights guaranteed to you by the E-Government Act when you visit a Federal Web page. If you have any questions about the E-Government Act that are not addressed here, please consult the Office of Management and Budget’s memorandum that addresses the E-Government Act or contact DOT’s Privacy Officer.
Privacy Impact Assessments
Individuals are entitled to know if the government maintains any of their personally identifiable information, to review it and amend it. The phrase Privacy Impact Assessments (PIA) describes the process used to evaluate the collection of personal data in information systems. The objective of a PIA is to determine if collected personal information data is necessary and relevant. To accomplish this objective, a PIA is used to identify and address information privacy when planning, developing, implementing, and operating individual agency information management systems and integrated information systems. A PIA will assess "security and privacy risks" associated with operating information systems that collect, access, use, or disseminate personal information. It is required by law that PIAs be made available on an agency Web site for all information collections that contain any personally identifiable information. DOT conducts PIAs on all of its applicable systems.
Web Site Privacy Practices
The E-Government Act specifies various requirements for all Web sites registered to the Federal Government. Many of these requirements pertain to information security and privacy. The most notable of these requirements pertains to Departmental Privacy Policies.
Privacy Policies
The E-Government Act requires all Federal Agencies, including as DOT, to provide information about their information handling procedures. A Privacy Policy will be made available to you throughout DOT's web sites. This policy will be written in clear language that enables you to understand what your privacy rights are when visiting a DOT Web site.
This includes:
- The purpose(s) for collecting the information you provide on the Web site.
- Whether the information you provide will be shared, with whom, and under what circumstances.
- What personal information you provide, such as your name or social security number, will be stored in a system of records.
- What information is collected automatically, such as your computer’s IP address, when you visited the site, and what pages you viewed.
- If any content on the site is intended for children under 13, and if so, whether it meets the requirements of the Children’s Online Privacy Protection Act (“COPPA”).
Other Web Site Practices
The E-Government Act stipulates that Agencies must adopt machine readable technology that alerts users automatically if their personal privacy preferences are compatible with the Agency’s site. This allows a user to make an informed decision about whether they feel a site is secure enough to use. In other words, a Federal Agency’s Web site might prompt warning message to appear on your computer screen if your personal privacy preferences are not the same as the Federal Agency. This allows you to make your own decision about whether to use that Agency’s Web site.
DOT has selected P3P as the technology to implement this requirement. Machine readable privacy policies written in P3P can be automatically read by Internet Explorer browsers versions 6.0 and above.
Persistent Tracking Technology
The E-Government Act also prohibits the usage of persistent tracking technology (“persistent cookies”) unless the Agency can demonstrate a compelling need to do so, in which case it must disclose the purpose of the information collection, to whom and when it will be disclosed, and the privacy safeguards that will be applied to store the information. It is also the Agency’s responsibility to inform you that the information you provide might be shared with authorized law enforcement or the Department of Homeland Security.
It is DOT’s policy not to use any persistent tracking technologies on any of its Web sites.
How Information Is Secured
The E-Government Act requires that DOT and other Federal Agencies specify how information that you give us is stored. This includes an explanation in the Privacy Policy about how information is protected, how it is used in day-to-day operations, and what technical controls are used to guarantee its security.
Properly securing the information we collect online is a primary commitment. To help us do this, we take the following steps to:
- Employ internal access controls to ensure the only people who see your information are those with a need to do so to perform their official duties
- Train relevant personnel on our privacy and security measures to know requirements for compliance
- Secure the areas where we hold hard copies of information we collect online
- Perform regular backups of the information we collect online to insure against loss
- Use technical controls to secure the information we collect online including but not limited to:
- Secure Socket Layer (SSL)
- Encryption
- Firewalls
- Password protections
- We periodically test our security procedures to ensure personnel and technical compliance
- We employ external access safeguards to identify and prevent unauthorized tries of outsiders to hack into, or cause harm to, the information in our systems
Who is Responsible for Enacting the E-Government Act?
The E-Government Act requires that all Federal Agencies designate a specific employee to oversee the day-to-day responsibilities of privacy assurance. For the DOT this role is filled by the DOT’s Privacy Officer.
Summary
To summarize, an Agency’s Privacy Policy must clarify to you all the ways in which they will collect and use your personal information. The E-Government Act requires all Federal Agencies to make these practices known to the public. It also requires that Federal Agencies allow you to access your personal information so that you can verify its accuracy.
Overall, there are many indispensable aspects to a good Privacy Program. PIAs, a comprehensive Privacy Policy, machine-readable formatting, and good information management all contribute to a successful implementation of the E-Government Act of 2002.