NextGov reports on the Obama administration’s Web 2.0 policies and how they affect privacy:
On June 25, the Office of Management and Budget ended a 10-year ban on cookies, which monitor what a user does on a website, and updated privacy notice requirements for sites such as Facebook and YouTube that incorporate nongovernment social networking tools.
The regulations give agencies the green light to install online interactive features that citizens typically encounter on commercial sites, but the agencies must follow a strict set of conditions.
For example, sites using cookies to gather personally identifiable information that can be traced back to an individual’s name, such as the location of an Internet server, must delete this data within a year. Cookies are files saved on users’ computers when they visit a website and often store a visitors’ login information and remember their preferences, as well as monitor a site’s traffic volume and visitor demographics. Under the rules announced on June 25, agencies that use third-party services to collect PII also must conduct multiple privacy impact assessments to determine whether controls are in place that meet federal privacy regulations. […]
The memo tries to cover all possible categories of PII by not restricting the definition to a laundry list of items such as e-mail addresses, Social Security numbers and ZIP codes. Instead, determining what it is “requires a case-by-case assessment of the specific risk that an individual can be identified,” the memo stated. “It is important for an agency to recognize that non-PII can become PII whenever additional information is made publicly available — in any medium and from any source — that, when combined with other available information, could be used to identify an individual.” […]
The Center for Democracy and Technology, a privacy group that supported relaxing the ban within limits, also found holes in the new policies. The center’s blog on Friday stated, “The memos released today are a start toward a more nuanced way to approach these tools for federal agencies, but do not provide the guidance around measurement technologies that we hoped for.”