HHS Machine-Readable Privacy Policy Guide - Substance Abuse ...

More documents

Recommendations

Info

Table of Contents Machine-Readable Privacy Policy Guide US Department of Health and Human Services Table of Contents .......................................................................................... i Preface.........................................................................................................iv Document Change History .............................................................................v 1. Introduction....................................................................................... 6 1.1 Purpose .............................................................................................6 1.2 Background........................................................................................6 1.3 Scope................................................................................................7 1.4 Document Organization .......................................................................7 2. Federal Privacy Requirements............................................................ 8 2.1 Federal Statutes .................................................................................8 2.1.1 The Privacy Act of 1974 .............................................................8 2.1.2 The E-Government Act of 2002...................................................8 2.1.3 The Children’s Online Privacy Protection Act of 1998 .....................9 2.1.4 The Clinger-Cohen Act of 1996 ...................................................9 2.1.5 The Health Insurance Portability and Accountability Act of 1996 .....9 2.1.6 The Paperwork Reduction Act of 1995........................................ 10 2.1.7 The Computer Matching and Privacy Protection Act of 1988.......... 10 2.1.8 The Freedom of Information Act of 1966.................................... 10 2.1.9 The Federal Data Quality Act .................................................... 11 2.2 Federal Memoranda and Other Guidance.............................................. 11 2.2.1 Federal Register Vol. 67, No. 36 ............................................... 11 2.2.2 OMB Memorandum M-05-04..................................................... 11 2.2.3 OMB Circular A-130, Appendix III ............................................. 12 2.2.4 OMB Circular A-11 .................................................................. 12 2.2.5 OMB Memorandum M-03-22..................................................... 13 2.2.6 OMB Memorandum 01-05 ........................................................ 13 2.2.7 OMB Memorandum 99-18 ........................................................ 14 2.2.8 OMB Memorandum 00-13 ........................................................ 14 3. Machine-Readable Privacy Policy Roles and Responsibilities.............15 3.1 Headquarters Level ........................................................................... 15 3.1.1 HHS CIO ................................................................................ 15 3.1.2 HHS Chief Security Officer (CSO) .............................................. 15 3.1.3 HHS Web Management Team ................................................... 15 3.1.4 HHS Privacy Advocate ............................................................. 16 3.1.5 HHS Privacy Act Officer............................................................ 16 3.1.6 HHS Office of Information Resources Management (OIRM), Information Collection Clearance Staff .................................................... 16 3.2 OPDIV Level ..................................................................................... 16 3.2.1 OPDIV Heads/Management Officials .......................................... 16 3.2.2 OPDIV CIOs ........................................................................... 17 3.2.3 OPDIV ISSOs.......................................................................... 17 Page i
Machine-Readable Privacy Policy Guide US Department of Health and Human Services 3.2.4 Website Owners and Website Administrators .............................. 17 3.2.5 OPDIV Privacy Contact ............................................................ 17 3.2.6 OPDIV Information Collection Clearance Officer .......................... 18 3.2.7 Other Personnel...................................................................... 18 4. Machine-Readable Privacy Policy Process .........................................19 4.1 Machine-Readable Privacy Policy Overview ........................................... 19 4.2 Machine-Readable Privacy Policy Specification ...................................... 19 4.3 Purpose of Machine-Readable Privacy Policy ......................................... 20 4.4 Benefits of a Machine-Readable Privacy Policy ...................................... 20 4.5 Timing ............................................................................................. 20 4.6 Scope.............................................................................................. 20 5. Machine-Readable Privacy Policy Activities .......................................22 5.1 Step 1: Assign Roles and Responsibilities ............................................. 22 5.2 Step 2: Create Website Inventory ....................................................... 22 5.3 Step 3: Assess Website Inventory for Public Websites ........................... 22 5.4 Step 4: Preparing the Machine-Readable Privacy Policy.......................... 22 5.5 Step 5: Assess Website Privacy Practices ............................................. 23 5.5.1 Website Identifying Information................................................ 24 5.5.2 Right to Access IIF .................................................................. 25 5.5.3 Accountability......................................................................... 26 5.5.4 Categories of Data Collected .................................................... 27 5.5.5 Purpose of Data Collection ....................................................... 28 5.5.6 Data Recipients ...................................................................... 30 5.5.7 Data Retention Policies ............................................................ 30 5.5.8 Policy Expiration Date.............................................................. 31 5.5.9 Conduct Cookie Analysis .......................................................... 31 5.6 Step 6: Complete the Machine-Readable Data Analysis Worksheet .......... 32 5.7 Step 7: Determine Number of Machine-Readable Privacy Policies ............ 32 5.8 Step 8: Select a Machine-Readable Privacy Policy Generator .................. 33 5.9 Step 9: Create the Machine-Readable Privacy Policy File ........................ 34 5.10 Step 10: Create a Machine-Readable Policy Reference File .................. 34 5.11 Step 11: Select Policy Reference File Locating Strategy ...................... 35 5.11.1 The Well-Known Location ......................................................... 36 5.11.2 HTTP Headers......................................................................... 36 5.11.3 Embedded Link Tags ............................................................... 37 5.12 Step 12: Validate Machine-Readable Privacy Policies .......................... 38 5.13 Step 13: Maintaining Machine-Readable Privacy Policies ..................... 38 6. Conclusion.........................................................................................39 Appendix A: Document Feedback ................................................................40 Page ii
Page 1: Information Security Program Machin
Page 5 and 6: Machine-Readable Privacy Policy Gui
Page 7 and 8: 1.Introduction Machine-Readable Pri
Page 25 and 26: 5.5.1 Website Identifying Informati
Page 31 and 32: 5.5.6 Data Recipients Machine-Reada
Page 43 and 44: Appendix C: Glossary Machine-Readab
Page 53 and 54:
Machine-Readable Privacy Policy Gui
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
show all

HHS Machine-Readable Privacy Policy Guide - Substance Abuse ...

Create successful ePaper yourself

Delete template?

Save as template?