(a)A state agency shall publish a privacy and security policy for its Web site, and post a link to the policy from its home page. The privacy and security policy shall address the following: (1)Notice: Disclose the agency's information practices before collecting personal information from the public. The use of logging software, cookies, and/or Web bugs. Information collected by other technologies and processes. Information collected via e-mail and Web-based forms. (2)Choice: Options with respect to how personal information collected from them may be used for purposes beyond those for which the information was provided and whether they wish to have that information shared. (3)Access: The procedure under which an individual may obtain and/or have the agency correct information about the individual. (4)Security: The procedures to ensure that information collected from individuals is accurate and secure from unauthorized use. (b)Web pages designed for children must comply with all applicable federal and state laws intended to protect minors. (c)Prior to providing access to information or services on a state Web site that require user identification, each state agency shall conduct a transaction risk assessment, and implement appropriate privacy and security safeguards. At a minimum, state Web sites that require an individual to enter the following information shall use an SSL session or equivalent technology to encrypt the data: (1)Both the individual's name and other personal information, such as an SSN; (2)Transaction payment information; (3)An individual's access identification code and password. (4)An individual's e-mail address. (d)Any Web based form that requests information from the public shall have a link to the associated privacy and security policy.
This agency hereby certifies that the proposal has been
reviewed by legal counsel and found to be within the agency's legal authority
to adopt.
Filed with the Office of
the Secretary of State on February 26, 2002
TRD-200201182 Renee Mauzy
General Counsel
Department of Information Resources
Earliest possible date of adoption: April 14, 2002
For further information, please call: (512) 475-4750
|