Skip Navigation
  • Text Size: A A A
  • Print
  • Email
  • Facebook
  • Tweet
  • Share
  • Print
  • Email
  • Facebook
  • Tweet
  • Share

Policy 2010-0001

HHS-OCIO Policy for Machine-Readable Privacy Policies

January 28, 2010

Table of Contents

1. Purpose

The HHS –OCIO Policy for Machine-Readable Privacy Policies establishes a standardized approach for implementing a machine-readable privacy policy on HHS public Websites. HHS1is required under Section 208 of the E-Government Act of 2002 “to translate privacy policies into a standardized machine-readable format.”2 In its guidance accompanying Section 208, the Office of Management and Budget (OMB) further defined the requirement that agencies “adopt machine-readable technology that alerts users automatically about whether site privacy practices match their personal privacy preferences. Such technology enables users to make an informed choice about whether to conduct business with that site.”3

In 2000, the World Wide Web Consortium (W3C) developed the machine-readable privacy specification Platform for Privacy Preferences (P3P). The P3P specification includes a standard vocabulary for describing Website data practices and a base data schema for describing the type of data collected. A machine-readable privacy policy accompanies a human-readable privacy policy, which is a privacy policy written in a natural language (e.g., English). Every machine-readable privacy policy-enabled Website must also have a human-readable privacy policy.


Implementing machine-readable privacy policies will identify and disclose Website privacy practices to the public. Specifically, machine-readable privacy policies will serve as a platform to:


Ensure that Website information collection and use practices conform to applicable legal, regulatory, and policy requirements;

Examine and evaluate Website data collection and data use practices to mitigate potential privacy risks; and

Ensure that the public is accurately informed of Website data collection and data use practices.


While this Policy provides a high-level summary of the requirements, detailed instructions on the process can be found in complementary materials including the HHS-OCIO Machine-Readable Privacy Policy Training and the HHS-OCIO Machine-Readable Privacy Policy Standard Operating Procedures. (These documents are located at: This Policy also provides a summary of federal legislation, regulations, and guidance related to Website privacy practices.


This Policy familiarizes HHS personnel with machine-readable privacy requirements set forth in the E-Government Act of 2002 and machine-readable privacy specification, P3P. All HHS public Websites must have machine-readable privacy policies that are maintained regularly.


This Policy is first issuance, and codifies the Department’s authority to develop, document, implement, and oversee P3P at HHS.


2. Background

The Federal Government has recognized the public’s increasing concerns about online privacy. Individuals are concerned with what information is collected on Websites, how it is used, and whether or not they have a choice in providing the information.


This document is not a description of privacy policies in general. Public citizens, along with private sector and public sector organizations, interacting with HHS must be informed of Website privacy practices in accordance with the policy located at



The E–Government Act of 2002 requires agencies to have both a privacy policy written in standard language, referred to as a human-readable privacy policy, and machine-readable technology that automatically alerts users about whether site privacy practices match their personal privacy preferences, referred to as a machine-readable privacy policy. Such technology enables users to make an informed choice about whether to conduct business with that site. Implementing machine-readable privacy policies also supports e-Government goals of creating a citizen-centric government by increasing the effectiveness, efficiency, and quality of government services.


The benefits of a machine-readable privacy policy include:


• Compliance with Section 208 of the E-Government Act of 2002;
• Automatic access of a Website’s privacy practices;
• An increase in transparency of data collection and data use processes, thus increasing the level of public trust in the Department;
• An increase in public confidence through anticipation of privacy concerns; and

Improvement in awareness of potential privacy risks, exposures, and liabilities.


As a result, the HHS-OCIO Policy for Machine-Readable Privacy Policies has been developed to ensure users are informed of Website privacy practices and comply with federal laws and guidance.

3. Scope

This Policy applies to all HHS organization components (i.e., Operating Divisions [OPDIVs] and Staff Divisions [STAFFDIVs]) and organizations conducting business for and on behalf of the

Department through contractual relationships when using HHS information technology (IT) resources and communicates the implementation of the machine-readable privacy policy. This Policy does not supersede any other applicable law, higher level agency directive, or existing labor management agreement in effect as of the effective date of this Policy.


Department officials shall apply this Policy to employees, contractor personnel, interns, and other non-government employees. All organizations collecting or maintaining information, or using or operating information systems on behalf of the Department, are also subject to the stipulations of this Policy. The content of and compliance with this Policy shall be incorporated into applicable contract language and grant agreements, as appropriate.


Agencies shall use this Policy or may create a more restrictive OPDIV/STAFFDIV policy, but not one that is less restrictive, less comprehensive than, or less compliant with this document.


4. Policy

All HHS public Websites, including those hosted on behalf of the Department by a contractor, shall have a privacy policy that is presented in a machine-readable format in compliance with the E-Government Act of 2002, Section 2084. To comply with this requirement, OPDIVs/STAFFDIVs shall follow the machine-readable privacy policy methodology detailed in this Policy. Machine-readable privacy policies are not required on HHS Intranet web pages.


4.1 Machine-Readable Privacy Policy Overview

OPDIVs/STAFFDIVs shall collect the necessary data from system owners to develop a machine-readable privacy policy. Necessary data shall be collected by following the HHS Machine-Readable Privacy Policy Guide (located at . Using the information gathered from system owners, OPDIVs/STAFFDIVs shall complete a questionnaire,5entitled the Machine-Readable Data Analysis Worksheet, and create, at a minimum, two extensible markup language (XML) files. The XML files shall serve as the machine-readable technology to automatically alert users about whether the federal Website privacy practices match their personal privacy preferences. Such technology enables users to make an informed choice about whether to conduct business with that site.


Machine-readable privacy policies must include the same data elements that are required by a human-readable privacy policy, which include practices involving the collection, use, disclosure and retention of information on public Websites. The machine-readable privacy assessment requires that the Website owners and developers answer privacy-related questions regarding the following: Access, Data Categories, Choices, Usage, Sharing, Retention, Dispute Resolution Mechanisms, and Expiration. Machine-readable privacy policies shall be reviewed and updated concurrently with the review and revision of human-readable privacy policies.


OPDIVs/STAFFDIVs shall conduct quarterly reviews of the status of machine-readable privacy policies on their public Websites. Any Website that does not have a machine-readable privacy policy shall be documented in HHS Quarterly Federal Information Security Management Act (FISMA) Data Analyses. In addition, OPDIVs/STAFFDIVs shall work to develop a machine-readable privacy policy for the Website(s) within three months, before the next Quarterly FISMA Data Analyses.


4.2 Machine-Readable Privacy Policy Specification


OPDIVs/STAFFDIVs shall follow the P3P specification for implementing machine-readable privacy policies, as it is the only machine-readable privacy specification that complies with the requirements of Section 208 of the E-Government Act of 2002. For the remainder of this document, the terms machine-readable privacy policy and P3P are used interchangeably.


4.3 Timing


Per OMB Memorandum (M) 05-04, dated December 31, 2005, all HHS public Websites are required to have an operational machine-readable privacy policy.6Machine-readable privacy policies shall be developed and implemented in accordance with the system development life cycle of HHS public Websites.


5. Roles and Responsibilities

5.1 Department Level


5.1.1 HHS Chief Information Officer (CIO) and Senior Agency Official for Privacy (SAOP)7


The HHS Chief Information Officer (CIO), who is also the Senior Agency Official for Privacy (SAOP), is responsible for:


Overseeing the development and implementation of machine-readable privacy policies.


5.1.2 HHS Chief Information Security Officer (CISO)


The HHS Chief Information Security Officer (CISO) is responsible for:


• Providing a standard methodology and requirements for developing and implementing machine-readable privacy policy;
• Reporting annually to OMB on compliance with Section 208 of the E-Government Act of 2002; and
• Collaborating with other Department-level stakeholders to periodically identify improvements to the machine-readable privacy policy implementation process.


5.1.3 HHS Web Management Team


The HHS Web Management Team is responsible for:


Working with the HHS CISO, HHS Privacy Act Officer, and the HHS Privacy Advocate to ensure that proper machine-readable privacy policies are published on HHS Web servers.


5.1.4 HHS Privacy Advocate


The HHS Privacy Advocate is responsible for:


• Serving as a resource for privacy programs and awareness;
• Serving as Chairman of the HHS Data Council Privacy Subcommittee;
• Encouraging awareness of potential privacy issues and policies;
• Coordinating the review of all privacy-related documents;
• Providing privacy-related guidance as needed;
• Serving as a liaison for HHS privacy matters to external organizations; and
• Fostering the working relationships between the offices of the HHS Privacy Advocate, the HHS Privacy Officer, and the HHS CISO.


5.1.5 HHS Privacy Officer


The HHS Privacy Officer is responsible for:


• Keeping apprised of applicable privacy law;
• Reviewing HHS Privacy Act System of Records Notices (SORNs) prior to publication;
• Informing the Department of the Privacy Act requirements and corresponding operating procedures; and
• Reviewing Website privacy statements for accuracy, appropriateness, and applicability.


5.1.6 HHS Office of the Chief Information Officer (OCIO) Information Collection Clearance Staff


The HHS OCIO Information Collection Clearance Staff are responsible for:


• Ensuring compliance with OMB directives on the Paperwork Reduction Act of 1995 (PRA); and
• Providing guidance and assistance for compliance with the PRA.


5.1.7 HHS Records Officer


The HHS Records Officer is responsible for:


• Ensuring compliance with the Federal Records Act; laws, regulations, and guidance of the National Archives and Records Administration (NARA); OMB directives; and GAO audit requirements;
• Serving as chairperson of the HHS Records Management Council;
• Developing HHS records management policies and procedures; and
• Providing department-wide guidance, training, and assistance for compliance with laws and regulations.



5.2 Operating Division Level



5.2.1 OPDIV Chief Information Officers (CIOs)

OPDIV CIOs are responsible for:


• Overseeing the development and implementation of machine-readable privacy policies.
• Ensuring that completed8machine-readable privacy policies are implemented on all applicable OPDIV public Websites (both existing and in-development);
• Ensuring completed machine-readable privacy policies are reviewed annually and attesting that they are adequately and accurately completed; and
• Ensuring that all machine-readable privacy policies are monitored and maintained.


5.2.2 OPDIV Chief Information Security Officers (CISOs)


OPDIV CISOs are responsible for:


Serving as the key point of contact (POC) to the HHS CISO for OPDIV-specific machine-readable privacy matters.


5.2.3 OPDIV Senior Officials for Privacy (SOP)


OPDIV SOPs are responsible for:


Determining whether or not system Privacy Impact Assessments (PIA) are promoted in the FISMA compliance tool based on machine-readable privacy policy compliance; and

serving as the key POC to their OPDIV CISO for privacy matters.


5.2.4 OPDIV Information Systems Security Officers (ISSOs)


OPDIV ISSOs are responsible for:


• Coordinating the completion and implementation of machine-readable privacy policies;
• Working with Website owners to collect information needed to complete machine-readable privacy policies; and
• Updating the OPDIV CIO/OPDIV management on the progress of machine-readable privacy policy completion, which enables the OPDIV CIO to monitor OPDIV-wide progress and the effectiveness of the machine-readable privacy policy program.


5.2.5 Website Owners and Website Administrators


Website Owners and Website Administrators are responsible for:


• Working with ISSOs, CIOs, or other staff to provide information relative to completing machine-readable privacy policies;
• Identifying any additional resources needed to complete machine-readable privacy policies;
• Implementing, conducting ongoing testing, and maintaining machine-readable privacy policies on existing Websites and Websites in development;
• Implementing, conducting ongoing testing, and maintaining machine-readable policy reference files on any Web server that hosts an HHS Website; and
• Ensuring machine-readable privacy policies are successfully validated. (“Validated” means that is has been proven that the policy is able to be automatically read by a web browser; refer to the machine-readable training document for guidance on how to perform this validation.


5.2.6 OPDIV Privacy Contact


The OPDIV Privacy Contacts are responsible for:


• Serving as a POC for issues related to the Privacy Act within the OPDIV;
• Serving as a resource for questions on acceptable Website privacy practices; and
• Maintaining awareness of privacy laws, regulations, and issues.


A list of OPDIV privacy contacts is available at Specific titles and job descriptions vary by OPDIV.


5.2.7 OPDIV Information Collection Clearance Officer


The OPDIV Information Collection Clearance Officer is responsible for:


• Ensuring OPDIV compliance with OMB and Departmental directives on the Paperwork Reduction Act of 1995; and
• Providing guidance and assistance for compliance with the Paperwork Reduction Act of 1995.


5.2.8 OPDIV Records Officer


The OPDIV Records Officer is responsible for:


• Ensuring compliance with the Federal Records Act and HHS Records Management policy and procedures.



5.2.9 Technical Staff


Staff completing machine-readable privacy policies may need to consult or coordinate with other OPDIV staff or subject matter experts. Specific job titles and job descriptions may vary by OPDIV. In general, technical staff can include: IT specialists; Web masters; Web designers; server administrators; Web content management staff; and other staff with responsibilities related to budgeting for IT, security, and privacy needs.


The responsibilities of technical staff include:


• Providing guidance and insight on enterprise-wide Web content configuration management practices;
• Providing guidance on mandatory Website approval processes; and
• Providing guidance on agency design templates, P3P deployment plan, Website testing procedures, and Section 508 approval.


6. Applicable Privacy Laws / Guidance

6.1 Federal Statutes


6.1.1The Federal Records Act of 1950 (44 U.S.C. Chapter 31)

The Federal Records Act of 1950 defines a records management framework for all federal agencies to follow. Each agency is required to “make and preserve records containing adequate and proper documentation of the organization, functions, policies, decisions, procedures, and essential transactions of the agency and designed to furnish the information necessary to protect the legal and financial rights of the Government and of persons directly affected by the agency’s activities.”9Federal agencies must establish and maintain an active, continuing program for the economical and efficient management of the records of the agency. The program, among other things, shall provide for: (1) effective controls over the creation and over the maintenance and use of records in the conduct of current business; (2) cooperation with the Administrator of General Services and the Archivist in applying standards, procedures, and techniques designed to improve the management of records, promote the maintenance and security of records deemed appropriate for preservation, and facilitate the segregation and disposal of records of temporary value; and (3) compliance with sections 2101-2117, 2501-2507, 2901-2909, and 3101-3107, of this title and the regulations issued under them. .”10

6.1.2 The Privacy Act of 1974, as amended

The Privacy Act protects the privacy of individuals by establishing “Fair Information Practices” for the collection, maintenance, use, and dissemination of information by federal agencies. For several years the Privacy Act, along with its accompanying case law, was the most significant milestone in the history of the protection of the privacy of personal information held by the Federal Government. In the more recent past, subsequent laws, regulations, and guidance have built upon the principles first articulated in the Privacy Act.


6.1.3The Paperwork Reduction Act of 1995


PRA focuses on increasing the efficiency of the Federal Government’s information collection practices. PRA specifies that CIOs shall improve protection for the privacy and security of information under their agency’s control. PRA also created the Office of Information and Regulatory Affairs (OIRA) within OMB to provide central oversight of information management activities across the Federal Government. Furthermore, the PRA requires agencies to receive an

OMB information collection approval number (also known as an “OMB control number”) for an IT system, prior to using that system to collect information from any person.


6.1.4The Clinger-Cohen Act of 1996


The Clinger-Cohen Act of 1996 (which includes both the Information Technology Management Reform Act and the Federal Acquisition Reform Act) is intended to improve the productivity, efficiency, and effectiveness of federal programs through the improved acquisition, use, and disposal of IT resources. Among other effects, the Act makes agencies responsible for IT resource acquisition and management under the guidance of the CIO and emphasizes that value shall be maximized and risk shall be minimized in capital planning and budget processes. In effect, the Clinger-Cohen Act places the burden of incorporating privacy controls into IT investments at the agency and CIO levels.


6.1.5The Children’s Online Privacy Protection Act of 1998


The Children’s Online Privacy Protection Act of 1998 (COPPA) applies to private sector Websites that collect personal information online from children under the age of 13. OMB M-00-13, Privacy Policies and Data Collection on Federal Websites, extended the provisions of COPPA to federal Websites. COPPA identifies the content that a Website operator must include in a privacy policy, outlines when and how to seek verifiable consent from a parent, and specifies the responsibilities an operator has for protecting children’s privacy and safety online.


Further discussion of COPPA requirements, compliance, and implementation can be found on the Federal Trade Commission’s COPPA Website at


6.1.6The Rehabilitation Act of 1998 (Section 508), as amended


The 1998 Amendment to Section 508 of the Rehabilitation Act states that when a federal agency is developing, procuring, maintaining, or using electronic and information technology, they are required to ensure individuals with disabilities (both members of the public and federal employees) have access and the ability to utilize the data in a way that is comparable to how an individual without disabilities would access and utilize the data. If this process would cause undue burden to the federal agency, that agency is required to develop a comparable means to provide the access and ability to utilize the data.


6.1.7NARA Code of Federal Regulations 36 CFR § Subpart B


36 CFR § Part 1236defines regulations for the electronic transfer of records to NARA. This includes maintaining the integrity of the record(s) during the transfer process (as defined by the agency’s records disposition schedule), contacting NARA to assist with the file transfer process if the agency cannot transfer the record(s) to newer media, and temporarily maintaining a copy of the record until NARA provides official notification that the transfer was successful. Requirements surrounding the creation, maintenance, use, and disposition of electronic records are defined in 36 CFR § Part 1236.


6.2 OMB Guidance


HHS must also comply with OMB guidance on implementing these various legislative acts. This section lists some relevant, though not exhaustive, OMB memoranda regarding privacy and information resource management as it pertains to privacy policies.


6.2.1OMB M-07-20, FY 2007 E-Government Act Reporting Instructions


OMB M-07-20 provides agencies with instructions for completing the annual E-Government Act report as required by the E-Government Act of 2002 (Pub. L. No. 107-347). The E-Government Act requires the OMB to report to Congress a summary of the information reported by agencies pursuant to Section 202(g) of the Act. New requirements include the following:


• Providing seven specific pieces of information related to the agency’s e-Government initiatives in Section 1 of the Agency’s Report (Implementation ofElectronic Government Initiatives) for this year, as opposed to describing just one internal agency-specific E-Government initiative; and
• Streamlining the information provided so that only the Website link is included for both previously reported and new information.


6.2.2OMB M-05-04, Policies for Federal Agency Public Websites


OMB M-05-04, under the requirements of Section 208 of the E-Government Act of 2002, reiterates federal agency responsibilities under existing information resource management law and guidance and establishes several new requirements, including:


Establishing and maintaining information dissemination product inventories, priorities, and schedules;

Establishing and enforcing agency-wide linking policies;

Assuring agency principal and public Websites, and any other major entry points, include a search function; and

Using approved domains only (.gov, .mil, or for the sponsorship of information dissemination products, including public Websites.


6.2.3OMB M-03-22, Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002


OMB M-03-22 directs agencies to conduct reviews of how they use technology to collect new information. OMB M-03-22 also directs agencies to conduct reviews when they buy or develop new IT systems for the purposes of handling collected PII and Website privacy policy content.


OMB M-03-22 indicates that PIAs should be conducted and/or updated when an information system that collects, maintains or disseminates information in identifiable form11 is developed or procured, as well as when significant changes occur to a system that create new privacy risks.

In addition to the aforementioned requirements related to conducting PIAs, OMB M-03-22 outlines new and previously established requirements for privacy policies on agency Websites. New content requirements outlined in OMB M-03-22 include ensuring Website privacy policies inform Website visitors of their rights under the Privacy Act or other applicable privacy laws, and implementing machine-readable privacy policies on all public Websites.


6.2.4OMB M-00-13, Privacy Policies and Data Collection on Federal Websites


OMB M-00-13 reiterates Website privacy policy requirements and issues guidance prohibiting the use of cookies on federal agency Websites. OMB later updated the guidance issued in OMB M-00-13 to prohibit only the use of persistent cookies. Unless an agency demonstrates a compelling need for the persistent cookie, its use is prohibited by the agency head. The prohibition of persistent cookies does not include using session cookies.


6.2.5OMB M-99-18, Privacy Policies on Federal Websites


OMB M-99-18 directs federal agencies to post privacy policies on principle Websites, major entry points, and Websites in which substantial personal information is collected from the public. Agency privacy policies must clearly and concisely inform visitors to the site what information the agency collects about individuals, why the agency collects it, and how the agency will use the information.

7. Information and Assistance

All Department policies and standards are posted on the following Website: Direct questions, comments, suggestions, or requests for further information regarding this Policy to the HHS CISO, (202) 205-9581.

8. Effective Date/Implementation

The effective date of this Policy is the date the policy is approved.


Requirements stated in this Policy are consistent with law, regulations, and other Department policies applicable at the time of its issuance. Actions taken through the implementation of this Policy must comply with the requirements of pertinent laws, rules and regulations, as well as the lawful provisions of applicable negotiated agreements for employees in exclusive bargaining units.


The HHS policies contained in this issuance shall be exercised in accordance with Public Law 93-638, the Indian Self-Determination and Education Assistance Act, as amended, and the HHS Secretary’s policy statement dated August 7, 1997, as amended, titled Department Policy on Consultation with American Indian/Alaska Native Tribes and Indian Organizations. It is HHS policy to consult with Indian people to the greatest practicable extent and to the extent permitted by law before taking actions that affect these governments and people; to assess the impact of the Department’s plans, projects, programs, and activities on tribal and other available resources; and to remove any procedural impediments to working directly with tribal governments or Indian people.


9. Approved



_____________/s/___________________                                         _January 28, 2010________

Michael W. Carleton                                                                           DATE

HHS Chief Information Officer (CIO)                                             

HHS Senior Agency Official for Privacy (SAOP)




eXtensible Markup Language (XML)— A specification created by the World Wide Web (WWW) Consortium. XML allows designers to create their own customized tags, enabling the definition, transmission, validation, and interpretation of data between applications and between organizations.


Human-Readable Privacy Policy— A human-readable privacy policy is a privacy policy written in a natural language (English). Every machine-readable privacy policy enabled Website must have a human-readable privacy policy.


Internet— The Internet is a global system of interconnected computer networks that use the standardized Internet Protocol Suite (Transmission Control Protocol [TCP]/Internet Protocol [IP]) and is accessible to the general public.


Intranet— A network based on TCP/IP protocols (an Internet) belonging to an organization, usually a corporation, accessible only by the organization's members, employees, or others with authorization.


Machine-Readable Policy File— A privacy policy file that can be read automatically by a web browser or other software agent to enable an end-user to quickly determine a website’s privacy practices, and whether that site’s privacy practices are in accordance with the end-user’s privacy preferences, without the end-user having to read the entire privacy policy. A machine-readable policy is a distillation of the website’s human-readable privacy policy.


Personally Identifiable Information (PII)— Information in an IT system or online collection: (1) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address), or (2) by which an agency intends to identify specific individuals in conjunction with other data elements (i.e., indirect identification). (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors.) (Defined in OMB M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002


Platform for Privacy Preferences (P3P)— A specification created by the WWW Consortium. P3P allows users' web browsers to automatically understand Websites’ privacy practices.


Section 508— A section within the Rehabilitation Act of 1973 that www.Section508.govrequires federal departments and agencies that develop, procure, maintain, or use electronic and information technology to ensure that federal employees and members of the public with disabilities have access to and use of information and data, comparable to that of the employees and members of the public without disabilities–unless it is an undue burden to do so (Defined in ).


Website— A collection of interlinked Web pages (on either Internet or Intranet sites) with a related topic, usually under a single domain name, which includes an intended starting file called a “home page.” From the home page, access is gained to all the other pages on the Website.


Web ServerA computer that provides WWW services on the Internet. It includes the hardware, operating system, Web server software, and Web site content (Web pages). If the Web server is used internally and not by the public, it may be known as an “intranet server” (Defined in National Institute of Standards and Technology [NIST] Special Publication 800-44, Guidelines on Securing Public Web Servers)


World Wide Web Consortium (W3C)— A group of more than 500 companies, universities, and nonprofit organizations that work together to develop common protocols that promote the continued evolution and interoperability of the WWW.


Appendix A: Privacy Policy Notice

Title II of the E-Government Act of 2002 requires all federal agency Websites to have a privacy policy that is consistent with the privacy policy requirements outlined in the Privacy Act of 1974, 5 U.S.C. § 552a (hence forth, “Privacy Act”), as amended. The Website privacy policy must include notices to address the following:


• What information is collected;
• Why the information is being collected;
• The intended use of the information by the agency;
• With whom the information will be intentionally shared;
• What notice or opportunities for consent are provided to individuals regarding the information that is collected and how that information is shared;
• How the information is secured; and
• The rights of the individual under Section 552a of the Privacy Act, and other laws relevant to the protection of the privacy of an individual.



Appendix B: Sample Privacy Policy Notice

This section contains the current privacy policy notice, as it appears on the HHS Website at


HHS Privacy Policy Notice

Thank you for visiting our HHS Web site and for reviewing our Privacy Policy. Our policy is clear:


We collect no information about you, other than information automatically collected and stored (see below), when you visit our Web site unless you choose to provide that information to us.


(NOTE: For information on the Medical Privacy Rule, please go to

Information Automatically Collected and Stored:


When you browse through any Web site, certain personal information about you can be collected. We automatically collect and temporarily store the following information about your visit:


• Name of the domain you use to access the Internet (for example,, if you are using an American Online account, or, if you are connecting from Stanford University's domain);
• Date and time of your visit;
• Pages you visited; and
• Address of the Web site you came from when you came to visit.


We use this information for statistical purposes and to help us make our site more useful to visitors. Unless it is specifically stated otherwise, no additional information will be collected about you.


Personally Provided Information:


You do not have to give us personal information to visit our Web sites.


If you choose to provide us with additional information about yourself through an e-mail message, form, survey, etc., we will only maintain the information as long as needed to respond to your question or to fulfill the stated purpose of the communication.


However, all communications addressed to the HHS Secretary or the HHS Webmaster are maintained, as required by law, for historical purposes. These communications are archived on a monthly basis, but are also protected by the Privacy Act which restricts our use of them, yet permits certain disclosures.



HHS does not disclose, give, sell or transfer any personal information about our visitors, unless required for law enforcement or statute.

Intrusion Detection:


This site is maintained by the U.S. Government. It is protected by various provisions of Title 18, U.S. Code. Violations of Title 18 are subject to criminal prosecution in federal court.


For site security purposes and to ensure that this service remains available to all users, we employ software programs to monitor traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. In the event of authorized law enforcement investigations, and pursuant to any required legal process, information from these sources may be used to help identify an individual.

Systems of Records:


Information originally collected in traditional paper systems can be submitted electronically, i.e., electronic commerce transactions and information updates about eligibility benefits. Electronically submitted information is maintained and destroyed pursuant to the Federal Records Act, and in some cases may be subject to the Privacy Act. If information that you submit is to be used in a Privacy Act system of records, there will be a Privacy Act Notice provided.


HHS Data Council's HHS Privacy Committee



[1] For the remainder of this document, the terms “HHS” and “the Department” are used interchangeably.

[2] E-Government Act of 2002, Section 208(C)(2).

[3] OMB Memorandum 03-22, Implementing the Privacy Provisions of the E-Government Act of 2002, Attachment A, Section IV.

[4] E-Government Act of 2002, Section 208, (c)(2) reads: “PRIVACY POLICIES IN MACHINE-READABLE FORMATS- The Director shall issue guidance requiring agencies to translate privacy policies into a standardized machine-readable format.” Note also that all websites containing “government information” are required to have a machine-readable policy. “Government information” is defined in OMB Circular A-130 as “information created, collected, processed, disseminated, or disposed of by or for the Federal Government.”

[5] This questionnaire, and instructions on how to complete it, can be found within HHS Machine-Readable Privacy Policy Guide and the Privacy Policy Machine Readable Training (located at: The questionnaire efficiently collects all relevant data necessary to develop a machine-readable privacy policy.

[6] Office of Management and Budget (OMB) Memorandum (M-) 05-04 required compliance with federal website privacy provisions outlined in the E-Government Act of 2002 by December 31, 2005.

[7] Per OMB M-05-08, Designation of Senior Agency Official for Privacy, HHS has designated the HHS CIO as the SAOP. Should this designation change, this Policy will be revised to assign separate roles and responsibilities to both the HHS CIO and SAOP.

[8] “Completed” means the policy can be automatically read by a Web browser, and that all required data elements of the policy are in place; refer to the machine-readable training document for guidance on how to perform these validations:



[11] For this document, the terms “information in identifiable form (IIF)” and “personally identifiable information (PII)” are used interchangeably.