Required Web Content and Links

16. Ensure Access to Mandatory Content

Laws, regulations, or other policies will occasionally mandate that agencies place certain links on their website. Agencies must respect and adhere to these statutory or executive-level mandates and incorporate these requirements in a manner that does not reduce the usability or performance of the agency’s website and digital services.

At a minimum, agencies must post links to the following information on the agency’s principal website and on any known sub-agency or other major entry points to their site:

• A. USA.gov;
• B. the website’s privacy policy;
• C. the agency’s Freedom of Information Act webpage;
• D. a page about the agency with descriptions of the agency organization structure, mission, and statutory authority, and links to the following information:
  1. the agency’s strategic plan and annual performance plans;
  2. the agency’s Privacy Program Page;
  3. the agency point of contact as required by the Small Business Paperwork Relief Act of 2002
  4. the agency’s Open Government Page;
  5. the agency’s Plain Writing Page;
  6. information as required under the No Fear Act of 2002;
  7. information associated with the agency’s implementation of the Information Quality Act.

For other required links, Federal agencies should determine the best location on their website to place those links based on user needs and the underlying requirement from law or policy.

12. Ensure Accessibility for Individuals with Disabilities

Section 508 of the Rehabilitation Act was enacted to eliminate barriers in information technology, open new opportunities for people with disabilities, and encourage the development of technologies that will help achieve these goals. ²⁸ The law applies to all Federal departments and agencies when they develop, procure, maintain, or use electronic and information technology. ²⁹ Under Section 508, departments and agencies must ensure that employees and members of the public with disabilities have access to information and data that is comparable to access available to others unless an undue burden would be imposed on the department or agency.

A. Agencies must comply with Section 508 and with the Electronic and Information Technology (EIT) Accessibility Standards. ³⁰ Additionally, agencies must also adhere to their own Section 508 regulations and policies. Section 508 does not limit rights, remedies, or procedures otherwise available under other Federal laws, including Sections 501, 503, and 504 of the Rehabilitation Act and the Americans with Disabilities Act. ³¹;
B. Section 508 technical and EIT Accessibility requirements must be included in the requirements document for the procurement of EIT products and services and planned for and built into the development, operations and management lifecycle of a Federal website or digital service. Any new functionality must be regularly tested to ensure it meets the EIT Accessibility Standards and is accessible for persons with disabilities.;
C. Agencies must develop accessibility statements for their website and appoint a Section 508 Coordinator as required by OMB Memorandum, Strategic Plan for Improving Management of Section 508 of the Rehabilitation Act. ³² ;

Increase Transparency

Transparency of Federal programs, performance, and spending facilitates increases in accountability and citizen engagement. To support increased transparency, the Accessibility Committee has expanded on information available to agencies by creating a best practices library. The library may be found at https://cio.gov/2011/05/ and contains examples of best practices in policy and procedures that can increase transparency. Feedback from the listening sessions and the national dialogue indicates several areas that would benefit from more transparency. Specific areas include opportunities for public engagement, inter-agency collaboration, and standardizing agency approaches to Section 508 implementation.

Transparency of agency Section 508 practices and application will be improved through two key actions: (1) providing the public with a standard feedback mechanism and statement available on agency websites, and (2) making www.section508.gov the one-stop information resource for agencies with respect to successful Section 508 management and implementation. Specifically, within 180 days of the release of this strategic plan:

1. the General Services Administration (GSA) will share with OMB the action plan for transforming www.section508.gov into the one-stop source of information and communication for successfully managing Section 508 implementation throughout the acquisition lifecycle.
2. Federal agencies will include an accessibility statement on all inter- and intranet websites. Secondary sites can link to the accessibility statement on the domain website. The accessibility statement should, at a minimum, include contact information for the agency Section 508 program, date of the last update, and the ability for website visitors to provide comments and/or feedback regarding the agency Section 508 program. Sample and best-in-practice accessibility statements can be found at www.section508.gov.

Part 6, Section 210 | PUBLIC REPORTING AND PERFORMANCE.GOV

210.6 How are agency-specific plans and reports made available to the public on the agency’s website?

To enhance transparency of performance data, all Federal agencies should make information, including prior plans and reports, as easy as possible to locate from the agency’s individual website (e.g., www.usda.gov). Federal Agencies must also provide a hyperlink on Performance.gov to the agency’s public website (e.g., https://www.usda.gov/our-agency/about-usda/performance) where the agency has published current and past performance plans and reports. In adherence to OMB Memorandum M-17-06, agencies must create a prominent link directly to their performance plans and reports from their “About Agency” or “About Us” page, which is directly off of the agency’s homepage.

Agencies may also want to create links from this page to other planning and performance reporting documents, such as the human capital operating plans, information resources management plans, Agency Financial Reports or Performance and Accountability Reports, Congressional Budget Justifications, and other acquisition or capital asset management plans where those other documents are publicly available and relevant to performance on strategic objectives. Agency performance planning and reporting documents available on the agency website should be consistent with Administration policies and not include predecisional information.

When developing performance information for publication, agencies should be open, transparent, and accountable for results of progress against stated performance goals and objectives, publishing information online consistent with the Federal Records Act, privacy and security restrictions, and other applicable law and policy including OMB Circular A-130, Managing Information as a Strategic Resource. It is important that agencies communicate relevant, reliable, and timely performance information within and outside their organizations to improve performance outcomes and operational efficiency.

Machine-readable. Consistent with the GPRA Modernization Act of 2010, information published through Performance.gov will be made available to the public in a machine-readable format. See section 240 for additional information on an initiative to make agency performance plans and reports ‘machine readable’ with the 2021 Budget and Performance Planning / Reporting cycle.

Link Location, Link Name, Search Engines and URLs

Section 1614.703(d) of the interim rule requires an agency to title its posted EEO information Equal Employment Opportunity Data Posted Pursuant to the No Fear Act. This section further requires an agency to prominently place a hyperlink to the data on the homepage of its public Web site. There was some objection both to the location of the hyperlink and its name.

As for the location, agencies argue that their homepages already are well populated with hyperlinks which primarily are mission-specific. Adding another hyperlink, thereby producing crowding, may in fact be counter-productive. Moreover, many people visiting an agency Web site do so through hyperlinks from other non-agency Web sites or search engines that bypass an agency’s homepage. Some agencies allow internet users to compose a personal homepage, which again bypasses the agency’s standard homepage. For these and other reasons, the agencies that commented uniformly were of the opinion that a hyperlink on an agency’s homepage is not the best way to ensure the public’s assess to an agency’s posted EEO data. These agencies therefore suggested that each agency decide itself where to place its EEO data and hyperlinks to that data since each agency best knows where a target audience goes to look for certain information. A number of agencies offered suggestions where the hyperlink would be better placed, such as on the “About the Agency” or “Working for the Agency/Employment” pages.

The Commission is concerned that without a uniform hyperlink location members of the public seeking EEO data from more than one agency will have trouble finding the data. If one agency’s hyperlink is on the “About the Agency” page, another’s is on the “Employment Opportunities” page, another’s is on a page entitled “Civil Rights”, and another’s is on the homepage, locating the data for multiple agencies could well end up as an exercise in trial and error. Even assuming that the homepage is not the best or most intuitive location for the hyperlink, EEOC is convinced that it would not be in the public interest to allow each agency to decide where on its Web site it will place the hyperlink. Thus, if not the homepage, EEOC must dictate another uniform location. The problem is that there are no other locations common to all agency public Web sites. Agencies do not label their “About the Agency” and “Employment” pages identically. Not every agency has an Employment Opportunities page. Thus, there is no way to standardize through a rule an alternative location for the link. This leaves only the homepage as the one Web page all agencies possess in common, and therefore it is the homepage which shall house the link.

Regarding the title of the hyperlink, EEOC agrees that it is too wordy. EEOC, however, does not agree that the label “No FEAR” will be widely misunderstood by members of the public. On the contrary, the term “No FEAR Act” has attained familiarity among employees and those involved in EEO matters. Accordingly, the final rule provides that the hyperlink shall be called “No FEAR Act Data”. However, agencies will be required to title the page where its data appears as follows:

“Equal Employment Opportunity Data Posted Pursuant to Title III of the Notification and Federal Employee Antidiscrimination and Retaliation Act of 2002 (No FEAR Act), Pub. L. 107-174.”

In furtherance of making every agency’s No FEAR Act data easily accessible, it was suggested that agencies maintain their posted data so that it is readily retrievable by commercial search engines. EEOC agrees and has added a subsection setting forth this requirement.

Finally, some commenters suggested that each agency provide EEOC with the hyperlink to its No FEAR data and that EEOC post the agency hyperlinks in one location on EEOC’s public Web site. EEOC has decided to adopt this suggestion. Therefore, the final rule contains the requirement that an agency provide EEOC with the URL for the location of its No FEAR data and provide URL updates as necessary. Agencies can e-mail their URLs to EEOC at NoFEAR.URLS@eeoc.gov.

11. Ensure Information Quality and Accuracy

The Internet enables agencies to communicate information quickly and easily to a wide audience, which, while of great benefit to society, also increases the potential harm that can result from disseminating incorrect information. Taking this into account, information disseminated from Federal Government websites and digital services, or from third-party services on behalf of the Government, is expected to be authoritative and reliable.

The Information Quality Act applies to all information disseminated from Federal websites, and in certain cases, to information published to third-party sites on behalf of the Government. OMB has published Information Quality Guidelines to help agencies meet this requirement. ²⁶

E. Agencies must clearly identify external links from their websites, and to the extent practicable update or remove the links when the external information is no longer sufficiently accurate, relevant, timely, necessary or complete.

1. Agency websites must clearly state that the content of external links to non-Federal Agency websites is not endorsed by the Federal Government and is not subject to Federal information quality, privacy, security, and related guidelines.
2. Agencies should choose the best approach to identify external links to users in a way that minimizes the impact on the usability of their websites and digital services.

16. Ensure Access to Mandatory Content

Laws, regulations, or other policies will occasionally mandate that agencies place certain links on their website. Agencies must respect and adhere to these statutory or executive-level mandates and incorporate these requirements in a manner that does not reduce the usability or performance of the agency’s website and digital services.

At a minimum, agencies must post links to the following information on the agency’s principal website and on any known sub-agency or other major entry points to their site:

• A. USA.gov;
• B. the website’s privacy policy;
• C. the agency’s Freedom of Information Act webpage;
• D. a page about the agency with descriptions of the agency organization structure, mission, and statutory authority, and links to the following information:
  1. the agency’s strategic plan and annual performance plans;
  2. the agency’s Privacy Program Page;
  3. the agency point of contact as required by the Small Business Paperwork Relief Act of 2002
  4. the agency’s Open Government Page;
  5. the agency’s Plain Writing Page;
  6. information as required under the No Fear Act of 2002;
  7. information associated with the agency’s implementation of the Information Quality Act.

For other required links, Federal agencies should determine the best location on their website to place those links based on user needs and the underlying requirement from law or policy.

16. Ensure Access to Mandatory Content

Laws, regulations, or other policies will occasionally mandate that agencies place certain links on their website. Agencies must respect and adhere to these statutory or executive-level mandates and incorporate these requirements in a manner that does not reduce the usability or performance of the agency’s website and digital services.

At a minimum, agencies must post links to the following information on the agency’s principal website and on any known sub-agency or other major entry points to their site:

• A. USA.gov;
• B. the website’s privacy policy;
• C. the agency’s Freedom of Information Act webpage;
• D. a page about the agency with descriptions of the agency organization structure, mission, and statutory authority, and links to the following information:
  1. the agency’s strategic plan and annual performance plans;
  2. the agency’s Privacy Program Page;
  3. the agency point of contact as required by the Small Business Paperwork Relief Act of 2002
  4. the agency’s Open Government Page;
  5. the agency’s Plain Writing Page;
  6. information as required under the No Fear Act of 2002;
  7. information associated with the agency’s implementation of the Information Quality Act.

For other required links, Federal agencies should determine the best location on their website to place those links based on user needs and the underlying requirement from law or policy.

16. Ensure Access to Mandatory Content

Laws, regulations, or other policies will occasionally mandate that agencies place certain links on their website. Agencies must respect and adhere to these statutory or executive-level mandates and incorporate these requirements in a manner that does not reduce the usability or performance of the agency’s website and digital services.

At a minimum, agencies must post links to the following information on the agency’s principal website and on any known sub-agency or other major entry points to their site:

• A. USA.gov;
• B. the website’s privacy policy;
• C. the agency’s Freedom of Information Act webpage;
• D. a page about the agency with descriptions of the agency organization structure, mission, and statutory authority, and links to the following information:
  1. the agency’s strategic plan and annual performance plans;
  2. the agency’s Privacy Program Page;
  3. the agency point of contact as required by the Small Business Paperwork Relief Act of 2002
  4. the agency’s Open Government Page;
  5. the agency’s Plain Writing Page;
  6. information as required under the No Fear Act of 2002;
  7. information associated with the agency’s implementation of the Information Quality Act.

For other required links, Federal agencies should determine the best location on their website to place those links based on user needs and the underlying requirement from law or policy.

III. Privacy Policies on Agency Websites

1. Privacy Policy Clarification. To promote clarity to the public, agencies are required to refer to their general web site notices explaining agency information handling practices as the “Privacy Policy.”

2. Effective Date. Agencies are expected to implement the following changes to their websites by December 15, 2003.

3. Exclusions: For purposes of web privacy policies, this guidance does not apply to:

   1. information other than “government information” as defined in OMB Circular A-130;
   2. agency intranet web sites that are accessible only by authorized government users (employees, contractors, consultants, fellows, grantees);
   3. national security systems defined at 40 U.S.C. 11103 as exempt from the definition of information technology (see section 202(i) of the E-government Act).

4. Content of Privacy Policies.

   1. Agency Privacy Policies must comply with guidance issued in OMB Memorandum 99-18 and must now also include the following two new content areas:

      1. Consent to collection and sharing ¹⁵. Agencies must now ensure that privacy policies:

         1. inform visitors whenever providing requested information is voluntary;
         2. inform visitors how to grant consent for use of voluntarily-provided information; and
         3. inform visitors how to grant consent to use mandatorily-provided information for other than statutorily-mandated uses or authorized routine uses under the Privacy Act.

      2. Rights under the Privacy Act or other privacy laws ¹⁶. Agencies must now also notify web-site visitors of their rights under the Privacy Act or other privacy-protecting laws that may primarily apply to specific agencies (such as the Health Insurance Portability and Accountability Act of 1996, the IRS Restructuring and Reform Act of 1998, or the Family Education Rights and Privacy Act):

         1. in the body of the web privacy policy;
         2. via link to the applicable agency regulation (e.g., Privacy Act regulation and pertinent system notice); or
         3. via link to other official summary of statutory rights (such as the summary of Privacy Act rights in the FOIA/Privacy Act Reference Materials posted by the Federal Consumer Information Center at www.Firstgov.gov).

   2. Agency Privacy Policies must continue to address the following, modified, requirements:

      1. Nature, purpose, use and sharing of information collected . Agencies should follow existing policies (issued in OMB Memorandum 99-18) concerning notice of the nature, purpose, use and sharing of information collected via the Internet, as modified below:

         1. Privacy Act information. When agencies collect information subject to the Privacy Act, agencies are directed to explain what portion of the information is maintained and retrieved by name or personal identifier in a Privacy Act system of records and provide a Privacy Act Statement either:

            1. at the point of collection, or
            2. via link to the agency’s general Privacy Policy ¹⁸.

         2. “Privacy Act Statements”. Privacy Act Statements must notify users of the authority for and purpose and use of the collection of information subject to the Privacy Act, whether providing the information is mandatory or voluntary, and the effects of not providing all or any part of the requested information.

         3. Automatically Collected Information (site management data). Agency Privacy Policies must specify what information the agency collects automatically (i.e., user’s IP address, location, and time of visit) and identify the use for which it is collected (i.e., site management or security purposes).

         4. Interaction with children: Agencies that provide content to children under 13 and that collect personally identifiable information from these visitors should incorporate the requirements of the Children’s Online Privacy Protection Act (“COPPA”) into their Privacy Policies (see Attachment C) ¹⁹.

         5. Tracking and customization activities. Agencies are directed to adhere to the following modifications to OMB Memorandum 00-13 and the OMB follow-up guidance letter dated September 5, 2000:

            1. Tracking technology prohibitions:

               1. agencies are prohibited from using persistent cookies or any other means (e.g., web beacons) to track visitors’ activity on the Internet except as provided in subsection (b) below;

               2. agency heads may approve, or may authorize the heads of sub-agencies or senior official(s) reporting directly to the agency head to approve, the use of persistent tracking technology for a compelling need. When used, agency’s must post clear notice in the agency’s privacy policy of:

                  • the nature of the information collected;
                  • the purpose and use for the information;
                  • whether and to whom the information will be disclosed; and
                  • the privacy safeguards applied to the information collected.

               3. agencies must report the use of persistent tracking technologies as authorized for use by subsection b. above (see section VII) ²⁰.

            2. The following technologies are not prohibited:

               1. Technology that is used to facilitate a visitor’s activity within a single session (e.g., a “session cookie”) and does not persist over time is not subject to the prohibition on the use of tracking technology.

               2. Customization technology (to customize a website at the visitor’s request) if approved by the agency head or designee for use (see v.1.b above) and where the following is posted in the Agency’s Privacy Policy:

                  • the purpose of the tracking (i.e., customization of the site);
                  • that accepting the customizing feature is voluntary;
                  • that declining the feature still permits the individual to use the site; and
                  • the privacy safeguards in place for handling the information collected.

               3. Agency use of password access to information that does not involve “persistent cookies” or similar technology.

         6. Law enforcement and homeland security sharing: Consistent with current practice, Internet privacy policies may reflect that collected information may be shared and protected as necessary for authorized law enforcement, homeland security and national security activities.

      2. Security of the information ²¹. Agencies should continue to comply with existing requirements for computer security in administering their websites ²² and post the following information in their Privacy Policy:

         1. in clear language, information about management, operational and technical controls ensuring the security and confidentiality of personally identifiable records (e.g., access controls, data storage procedures, periodic testing of safeguards, etc.), and
         2. in general terms, information about any additional safeguards used to identify and prevent unauthorized attempts to access or cause harm to information and systems. (The statement should be at a level to inform the public that their information is being protected while not compromising security.)

5. Placement of notices. Agencies should continue to follow the policy identified in OMB Memorandum 99-18 regarding the posting of privacy policies on their websites. Specifically, agencies must post (or link to) privacy policies at:

   1. their principal web site;
   2. any known, major entry points to their sites;
   3. any web page that collects substantial information in identifiable form.

6. Clarity of notices. Consistent with OMB Memorandum 99-18, privacy policies must be:

   1. clearly labeled and easily accessed;
   2. written in plain language; and
   3. made clear and easy to understand, whether by integrating all information and statements into a single posting, by layering a short “highlights” notice linked to full explanation, or by other means the agency determines is effective.

Sec. 534. (NOTE: 5 USC app. 6 note.) The departments, agencies, and commissions funded under this Act, shall establish and maintain on the homepages of their Internet websites–

• (1) a direct link to the Internet websites of their Offices of Inspectors General; and
• (2) a mechanism on the Offices of Inspectors General website by which individuals may anonymously report cases of waste, fraud, or abuse with respect to those Departments, agencies, and commissions.