RULE 200.00.05-001 - Machine Readable Privacy Policy

RULE 200.00.05-001. Machine Readable Privacy Policy

1.0 Purpose

The purpose of the machine readable privacy policy standard is to have all state agencies create machine readable policies, mandated by Act 1713 of 2003, in a consistent manner.

2.0 Scope

This standard statement applies to all state agencies, boards and commissions.

3.0 Background

Act 1713 of 2003 requires state and local governments operating a website to incorporate a machine readable privacy policy into each of its websites no later than July 1, 2004. The Arkansas Information Systems Act of 1997 (Act 914, 1997) gives the Office of Information Technology the authority to define standards, policies and procedures to manage the information resources within the state. This is accomplished through work with a multi-agency working group known as the Shared Technical Architecture Team.

4.0 References

4.1 Act 1713 of 2003: http://www.arkleg.state.ar.us/ftproot/acts/2003/public/act1713.pdf

4.2 Act 914 of 1997: Authorized the Office of Information Technology (OIT) to develop statewide policies.

4.3 Platform for Privacy Preferences Specification: http://www.w3.org/P3P/

5.0 Standard

5.1 All state agencies that operate a website shall comply with the P3P specification, developed by the World Wide Web Consortium (W3C), in the creation of their website machine readable privacy policies.

6.0 Procedures

Agencies must be able to demonstrate compliance with this standard.

7.0 Revision History

Date

Description of Change

5/15/2005

Original Standard Statement Published

8.0 Definitions

Machine readable privacy policy:

Enables web sites to "translate" their human-readable privacy practices into a standard, machine-readable format (XML) that can be retrieved automatically and interpreted easily by a user's browser

9.0 Related Resources

Report by Technology Investigation Center on P3P specification: http://www.tic.state.ar.us/Reports/p3preport.htm

9.1 Platform for Privacy Preferences Project: http://www.w3.org/P3P/#Enable

9.2 P3P Toolbox: http://www.p3ptoolbox.org/

10.0 Inquiries

Direct inquiries about this standard to:

Office of Information Technology

Shared Technical Architecture

124 West Capitol Avenue, Suite 200, Little Rock, Arkansas 72201

Phone: 501-682-4300

FAX: 501-682-2040

Email: ITarch@mail.state.ar.us

OIT policies can be found on the Internet at: http://www.techarch.state.ar.us

(5/27/2005)

The following state regulations pages link to this page.