Federal Internet Law & Policy
An Educational Project

Federal Privacy Policies

Dont be a FOOL; The Law is Not DIY

While there may be a lack of overall privacy law, the federal government is in the unusual position of having legal obligations concerning personal data collection and management (Congress likes to impose obligations on itself that it is unwilling to impose on the public). Unlike the gathering and collecting of every morsel of factoid by most entities, when the feds are the information squirrels, the nuts have significant rights concerning the information gathered. Where the squirrels wear badges and collect the nuts pursuant to a criminal investigation, then we are on an even more serious branch known as the 4th Amendment and Constitutional restrictions on searches and seizures.

Federal Privacy Policies

Federal agencies are a part of the Executive Branch of the Federal Government. This means that their boss is the President. While the Boss can not pass new laws (that is Congress' job), the Boss can significantly influence policy by issuing Executive Orders that direct the way agencies should conduct their business. Previous Executive Orders have dealt with such subjects as environmental compliance, Y2K compliance, and e-government efforts.

The Clinton Administration issued two Presidential documents known as Memorandum on the issue of privacy. [M-99-18] [M-00-13] [See also M-03-22] These documents, directed at the heads of the Executive Departments and Agencies, instructed agencies to adopt privacy policies, comply with those policies, and, although not required by law, to comply with COPPA. Also, in the height of a ruckus about the covert use of cookies, the President forbade agencies to use cookies except in certain limited circumstances.

According to the Memoranda, federal agencies shall:

Executive Orders are instructions from the boss to the different offices. They do not generally create private rights of actions and therefore are not generally enforceable.

Privacy Impact Statements

"A PIA is an analysis of how personal information is collected, stored, shared, and managed in a federal system. Specifically, according to Office of Management and Budget (OMB) guidance, the purpose of a PIA is to (1) ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; (2) determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and (3) examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks." [GAO Social Media p 6]

Federal Information Security Management Act

FISMA requires federal agencies to train employees and contractors re privacy

Information Breach

News & Blogs

© Cybertelecom ::