Texas Register
TITLE 1 ADMINISTRATION
PART 10DEPARTMENT OF INFORMATION RESOURCES
CHAPTER 206STATE WEB SITES
RULE §206.3Privacy and Security of State Web Sites
ISSUE 06/14/2002
ACTION Final/Adopted
Preamble Texas Admin Code Rule
(a)A state agency shall publish a privacy and security policy for its Web site, and post a link to the policy from its home page. The privacy and security policy shall address the following:

  (1)Notice: Disclose the agency's information practices before collecting personal information from the public. The use of logging software, cookies, and/or Web bugs. Information collected by other technologies and processes. Information collected via e-mail and Web-based forms.

  (2)Choice: Options with respect to how personal information collected from them may be used for purposes beyond those for which the information was provided and whether they wish to have that information shared.

  (3)Access: The procedure under which an individual may obtain and/or have the agency correct information about the individual.

  (4)Security: The procedures to ensure that information collected from individuals is accurate and secure from unauthorized use.

(b)Web pages designed for children must comply with all applicable federal and state laws intended to protect minors.

(c)Prior to providing access to information or services on a state Web site that require user identification, each state agency shall conduct a transaction risk assessment, and implement appropriate privacy and security safeguards. At a minimum, state Web sites that require an individual to enter the following information in a Web based electronic form shall use an SSL session or equivalent technology to encrypt the data:

  (1)Both the individual's name and other personal information, such as an SSN;

  (2)Transaction payment information;

  (3)An individual's access identification code and password;

  (4)An individual's e-mail address.

(d)Any Web based form that requests information from the public shall have a link to the associated privacy and security policy.

This agency hereby certifies that the adoption has been reviewed by legal counsel and found to be a valid exercise of the agency's legal authority.

Filed with the Office of the Secretary of State on May 28, 2002

TRD-200203264

Renee Mauzy

General Counsel

Department of Information Resources

Effective date: June 17, 2002

Proposal publication date: March 15, 2002

For further information, please call: (512) 475-2153

 

Next Page       Previous Page

Link to Texas Secretary of State Home Page | link to Texas Register home page | link to Texas Administrative Code home page | link to Open Meetings home page