ATTACHMENT A

Use this guidance if your Web site is not associated with a Privacy Act System of Records and is accessible to the public.

Revision to existing Web privacy policy

  • The "Privacy Statement" or "Privacy Notice" must now be renamed "Privacy Policy" (hereafter referred to as privacy policy statement).

    This is a name change.

  • The privacy policy statements of all Commerce Web sites must notify Web site visitors of their rights under the Privacy Act. This requirement applies regardless of whether the Web site uses or collects any Privacy Act information, or indeed, any information at all. For those Web sites that do not use or collect Privacy Act information, this requirement can be met by including a link to a site that provides the required information on rights under the Privacy Act. Links usable for this purpose include the following:

    • This is a new requirement.

  • The privacy policy statement must inform users how to grant consent to use of voluntarily-provided information. In most cases, this can be done by a general statement such as, for example: "Submitting voluntary information constitutes your consent to the use of the information for the stated purpose."

    This is a new requirement.

  • When an agency Web site requests that a user provide voluntary information, it must explicitly inform the user that providing the information is voluntary.

    This is a new requirement.

  • The privacy policy statement must include, in clear language, information about management, operation, and technical controls ensuring the security and confidentiality of personally identifiable records, and, in general terms, information about any additional safeguards used to identify and prevent unauthorized attempts to access or cause harm to information and systems (while not compromising security). If the site does not involve Privacy Act information, this requirement can be met by statements such as the following:
    We collect no personally identifiable information about you when you visit our site unless you choose to provide that information to us.

    For the protection of users of our Web sites, we have safeguards in place to identify and prevent unauthorized attempts to access or cause harm to information and systems.

    This is a new requirement.

Revision to Persistent Cookie Policy

Note:

Please be aware that the former Commerce policy of allowing use of persistent cookies and other tracking technologies for users of Commerce Web sites only with a Secretarial waiver has been rescinded.  Recently issued OMB guidance rendered the former policy obsolete. The Commerce Persistant Cookie Policy memorandum is the official notification of this policy change.

 

Department of Commerce Web Advisory Council (WAC)
U.S. Department of Commerce

Send questions and comments about this page to WAC@doc.gov
Page last updated October 12, 2010