Online Privacy and Web 2.0 @ HHS
By Mark Brown
The President has designated October as National Cyber Security Awareness Month, and the theme for this year is “Our Shared Responsibility.” The Federal government has had a culture of privacy for decades, going back to at least the Privacy Act of 1974. One of the key foundations of this culture is that any use of technology should be assessed to determine the impact, whether directly or indirectly, to privacy. While many claim that these types of restrictions stifle innovation – these practices also ensure that information about the public and individual privacy is protected when they interact with their government. Every week Facebook, Apple, or other Web 2.0 affiliated companies find themselves the subject of news articles about provocative use of personal information. Protecting privacy is particularly important for HHS, where we often deal with sensitive health issues. While we want to encourage citizens to engage, we also want to protect them from disclosing too much about their health conditions, medical history, or other personally identifiable information.
Key policy makers within the Federal government at the Office of Management and Budget (OMB) are encouraging government agencies to embrace new technologies. While encouraging agencies to use social media and other technologies to reach constituents and support an Open Government, OMB has also emphasized the need to protect privacy and has identified strict requirements for using third-party Websites and applications, including providing clear notice when using web measurement and customization tools on Federal Websites.
Two key OMB guidance documents, OMB M-10-22, “Guidance on Agency Use of Web Measurement and Customization Technologies” and OMB M-10-23, “Guidance for Agency Use of Third-Party Websites and Applications” recently passed their first anniversary. The first targets Federal Websites and their use of cookies and other Web measurement and customization tools, while the second targets the use of external or third-party Websites or applications (including social media sites like Facebook, YouTube, Flickr, etc).
While emerging technologies may bring new privacy challenges, it is important that the Department is transparent about its privacy practices and is in compliance with OMB guidance. HHS supports the responsible use of emerging technologies, and we encourage all managers of new media accounts to honor their shared responsibility by taking the time to consider and understand the possible privacy implications of engaging over third party websites and applications. The HHS Cybersecurity Program has worked closely with the HHS New Media community to solicit input on the implementation of the previously mentioned OMB memos, and members of the Web community should reach out to their privacy counterparts to become aware of the key requirements for compliance with the latest OMB guidance. The HHS Cybersecurity Program strives to provide useful and relevant guidance, so we encourage you to review the Implementation Memorandum for OMB M-10-22 and M-10-23.
If you have specific questions, please contact the HHS Cybersecurity Program at HHS.Cybersecurity
@hhs.gov or visit us on the Web at http://www.hhs.gov/ocio/securityprivacy/index.html.
Mark Brown is the HHS Senior Information Security Officer and the OS Senior Official for Privacy. His full office location acronym is HHS/OS/ASA/OCIO. |
Add a Comment | Privacy Policy | Permalink | Blog Home |