E-Services Privacy Standard

Medium

Purpose

Privacy issues are of concern for many people who are asked to provide personal information through e-services. Privacy standards may ease the concern of the customer and hopefully encourage the use of the services.

Standard

  1. All e-services accepting personally identifiable information shall provide privacy policy information.
  2. Privacy policies shall state:
    1. What and why personally identifiable information is collected.
    2. How the information will be used and under what circumstances it will be released, or if applicable the specific laws providing that the information is confidential.
    3. Choices available to the individual for reviewing and correcting customer submitted information.
    4. Contact information.
    5. If social security numbers are collected, notification as required in the Privacy Act of 1974 must be given.
    6. Reference to a security policy.
    7. The web pages/applications or specific type of information/service areas covered by this policy.
    8. If and how cookies are used.

Definition

Personally identifiable information - Any recorded information that uniquely identifies the person, such as, but not limited to, name, account number, social security number, user ID, PIN number, e-mail address, or biometric data. Data that can be tied to a device or residence owned or used by an individual, such as, but not limited to, the individual's telephone number, mailing address or computer IP address.

E-Services - Services provided electronically via interactive media. For example but not limited to:

  • Interactive Voice Response (IVR)
  • World Wide Web

Cookies - Cookies are text files that are transmitted between your browser and the web server. There are two types of cookies:

  • In memory cookies - deleted on closing browser
  • Disk cookies are stored until they expire or are deleted.

Guidance

  1. E-Services Privacy Policy Best Practices
  2. Sample Privacy Policy and Disclaimer
  3. Privacy Act of 1974
  4. Guidelines from the Online Privacy Alliance

Policy

Inform customers of the agencies' intentions regarding the privacy of their personal information.

Scope

This standard applies to all executive branch state agencies including the University Systems Office but excluding other higher education institutions, i.e. campuses and agricultural and research centers.

Statement of Commitment

North Dakota's CIO/CTO directs that IT Policy be created to establish statewide information technology policies and standards as defined within ND Century Code (Chapter 54-59-09).

Non-Compliance

Non-compliance with this standard shall be reported to the Office of the State Auditor.


Revision Number: 2
Revision Date: 2004-11-02
Effective Date: 2004-03-14
Last Reviewed: 2020-03-11
Number: POL0020129