While there may be a lack of overall privacy law, the federal government is in the unusual position of having legal obligations concerning personal data collection and management (Congress likes to impose obligations on itself that it is unwilling to impose on the public). Unlike the gathering and collecting of every morsel of factoid by most entities, when the feds are the information squirrels, the nuts have significant rights concerning the information gathered. Where the squirrels wear badges and collect the nuts pursuant to a criminal investigation, then we are on an even more serious branch known as the 4th Amendment and Constitutional restrictions on searches and seizures.
Federal agencies are a part of the Executive Branch of the Federal Government. This means that their boss is the President. While the Boss can not pass new laws (that is Congress' job), the Boss can significantly influence policy by issuing Executive Orders that direct the way agencies should conduct their business. Previous Executive Orders have dealt with such subjects as environmental compliance, Y2K compliance, and e-government efforts.
The Clinton Administration issued two Presidential documents known as Memorandum on the issue of privacy. [M-99-18] [M-00-13] These documents, directed at the heads of the Executive Departments and Agencies, instructed agencies to adopt privacy policies, comply with those policies, and, although not required by law, to comply with COPPA. Also, in the height of a ruckus about the covert use of cookies, the President forbade agencies to use cookies except in certain limited circumstances.
According to the Memoranda, federal agencies shall:
- Post privacy policies that are
- clearly labeled, easily accessible, and clearly written,
- on the agency's homepage, all other major entry points to the site, and all pages where substantial amounts of personal information are posted.
- Comply with the privacy policy.
- Not use cookies "unless, in addition to clear and conspicuous notice, the following conditions are met: a compelling need to gather the data on the site, appropriate and publicly disclosed privacy safeguards for handling of the information derived from "cookies"; and personal approval by the head of the agency.
- Comply with the Children's Online Privacy Protection Act.
Executive Orders are instructions from the boss to the different offices. They do not generally create private rights of actions and therefore are not generally enforceable.
