M-99-18 Attachment
June 1, 1999
GUIDANCE AND MODEL LANGUAGE FOR FEDERAL WEB SITE PRIVACY POLICIES
(1) Introductory language.
(2) Information collected and stored automatically.
(3) Information collected from e-mails and web forms.
(4) Security, intrusion, and detection language.
(5) Significant actions where information may be subject to the Privacy Act.
(1) Introductory language.
- You do not have to give us personal information to visit our site. - We collect personally identifiable information (name, email address, Social Security number, or other unique identifier) only if specifically and knowingly provided by you. - Personally identifying information you provide will be used only in connection with Social Security Online or for such other purposes as are described at the point of collection. - Information is collected for statistical purposes and SSA sometimes performs analyses of user behavior in order to measure customer interest in the various areas of our site. We will disclose this information to third parties only in aggregate form.- We do not give, sell or transfer any personal information to a third party.
- We do not enable "cookies." (A "cookie" is a file placed on your hard drive by a Web site that allows it to monitor your use of the site, usually without your knowledge.)
(2) Information collected and stored automatically.
1. The Internet domain (for example, "xcompany.com" if you use a private Internet access account, or "yourschool.edu" if you connect from a university's domain) and IP address (an IP address is a number that is automatically assigned to your computer whenever you are surfing the Web) from which you access our website;2. The type of browser and operating system used to access our site;
3. The date and time you access our site;
4. The pages you visit; and
5. If you linked to the White House website from another website, the address of that website.
Below is an example of the information collected based on a standard request for a World Wide Web document:xxx.yyy.com - - [28/Jan/1997:00:00:01 -0500]
"GET /sitename/news/nr012797.html HTTP/1.0" 200 16704
Mozilla 3.0/www.altavista.digital.comxxx.yyy.com (or 123.123.23.12) -- this is the host name (or IP address) associated with the requester (you as the visitor). In this case, (....com) the requester is coming from a commercial address. Depending on the requestor's method of network connection, the host name (or IP address) may or may not identify a specific computer. Connections via manyInternet Service Providers assign different IP addresses for each session, so the host name identifies only the ISP. The host name (or IP address) will identify a specific computer if that computer has a fixed IP address.
[28/Jan/1997:00:00:01 -0500] -- this is the date and time of the request
"GET /sitename/news/nr012797.html HTTP/1.0" - this is the location of the requested file
200 -- this is the status code - 200 is OK - the request was filled
16704 -- this is the size of the requested file in bytes
Mozilla 3.0 -- this identifies the type of browser software used to access the page, which indicates what design parameters to use in constructing the pages
www.altavista.digital.com -- this indicates the last site the person visited, which indicates how people find this site
Requests for other types of documents use similar information. No other user-identifying information is collected.
(3) Information Collected from E-mails and Web Forms.
"If you identify yourself by sending an E-mail:You also may decide to send us personally-identifying information, for example, in an electronic mail message containing a complaint. We use personally-identifying information from consumers in various ways to further our consumer protection and competition activities. Visit Talk to Us to learn what can happen to the information you provide us when you send us e-mail."
(4) Security, Intrusion, Detection Language.
"4. For site security purposes and to ensure that this service remains available to all users, this government computer system employs software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage.
5. Except for authorized law enforcement investigations, no other attempts are made to identify individual users or their usage habits. Raw data logs are used for no other purposes and are scheduled for regular destruction in accordance with National Archives and Records Administration guidelines.
6. Unauthorized attempts to upload information or change information on this service are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act."
(5) Significant actions where information enters a System of Records.
Steering Committee for Federal Agency Privacy Policies
M99-18, Attachment
The Budget Legislative Information Management Reform/GPRA Grants Management Financial Management Procurement Policy Information & Regulatory Policy Contact the White House Web Master