Required web content and links

Part 6, Section 210 | PUBLIC REPORTING AND PERFORMANCE.GOV

210.6 How are agency-specific plans and reports made available to the public on the agency’s website?

To enhance transparency of performance data, all Federal agencies should make information, including prior plans and reports, as easy as possible to locate from the agency’s individual website (e.g., www.usda.gov). Federal Agencies must also provide a hyperlink on Performance.gov to the agency’s public website (e.g., https://www.usda.gov/our-agency/about-usda/performance) where the agency has published current and past performance plans and reports. In adherence to OMB Memorandum M-17-06, agencies must create a prominent link directly to their performance plans and reports from their “About Agency” or “About Us” page, which is directly off of the agency’s homepage.

Agencies may also want to create links from this page to other planning and performance reporting documents, such as the human capital operating plans, information resources management plans, Agency Financial Reports or Performance and Accountability Reports, Congressional Budget Justifications, and other acquisition or capital asset management plans where those other documents are publicly available and relevant to performance on strategic objectives. Agency performance planning and reporting documents available on the agency website should be consistent with Administration policies and not include predecisional information.

When developing performance information for publication, agencies should be open, transparent, and accountable for results of progress against stated performance goals and objectives, publishing information online consistent with the Federal Records Act, privacy and security restrictions, and other applicable law and policy including OMB Circular A-130, Managing Information as a Strategic Resource. It is important that agencies communicate relevant, reliable, and timely performance information within and outside their organizations to improve performance outcomes and operational efficiency.

Machine-readable. Consistent with the GPRA Modernization Act of 2010, information published through Performance.gov will be made available to the public in a machine-readable format. See section 240 for additional information on an initiative to make agency performance plans and reports ‘machine readable’ with the 2021 Budget and Performance Planning / Reporting cycle.

Link Location, Link Name, Search Engines and URLs

Section 1614.703(d) of the interim rule requires an agency to title its posted EEO information Equal Employment Opportunity Data Posted Pursuant to the No Fear Act. This section further requires an agency to prominently place a hyperlink to the data on the homepage of its public Web site. There was some objection both to the location of the hyperlink and its name.

As for the location, agencies argue that their homepages already are well populated with hyperlinks which primarily are mission-specific. Adding another hyperlink, thereby producing crowding, may in fact be counter-productive. Moreover, many people visiting an agency Web site do so through hyperlinks from other non-agency Web sites or search engines that bypass an agency’s homepage. Some agencies allow internet users to compose a personal homepage, which again bypasses the agency’s standard homepage. For these and other reasons, the agencies that commented uniformly were of the opinion that a hyperlink on an agency’s homepage is not the best way to ensure the public’s assess to an agency’s posted EEO data. These agencies therefore suggested that each agency decide itself where to place its EEO data and hyperlinks to that data since each agency best knows where a target audience goes to look for certain information. A number of agencies offered suggestions where the hyperlink would be better placed, such as on the “About the Agency” or “Working for the Agency/Employment” pages.

The Commission is concerned that without a uniform hyperlink location members of the public seeking EEO data from more than one agency will have trouble finding the data. If one agency’s hyperlink is on the “About the Agency” page, another’s is on the “Employment Opportunities” page, another’s is on a page entitled “Civil Rights”, and another’s is on the homepage, locating the data for multiple agencies could well end up as an exercise in trial and error. Even assuming that the homepage is not the best or most intuitive location for the hyperlink, EEOC is convinced that it would not be in the public interest to allow each agency to decide where on its Web site it will place the hyperlink. Thus, if not the homepage, EEOC must dictate another uniform location. The problem is that there are no other locations common to all agency public Web sites. Agencies do not label their “About the Agency” and “Employment” pages identically. Not every agency has an Employment Opportunities page. Thus, there is no way to standardize through a rule an alternative location for the link. This leaves only the homepage as the one Web page all agencies possess in common, and therefore it is the homepage which shall house the link.

Regarding the title of the hyperlink, EEOC agrees that it is too wordy. EEOC, however, does not agree that the label “No FEAR” will be widely misunderstood by members of the public. On the contrary, the term “No FEAR Act” has attained familiarity among employees and those involved in EEO matters. Accordingly, the final rule provides that the hyperlink shall be called “No FEAR Act Data”. However, agencies will be required to title the page where its data appears as follows:

“Equal Employment Opportunity Data Posted Pursuant to Title III of the Notification and Federal Employee Antidiscrimination and Retaliation Act of 2002 (No FEAR Act), Pub. L. 107-174.”

In furtherance of making every agency’s No FEAR Act data easily accessible, it was suggested that agencies maintain their posted data so that it is readily retrievable by commercial search engines. EEOC agrees and has added a subsection setting forth this requirement.

Finally, some commenters suggested that each agency provide EEOC with the hyperlink to its No FEAR data and that EEOC post the agency hyperlinks in one location on EEOC’s public Web site. EEOC has decided to adopt this suggestion. Therefore, the final rule contains the requirement that an agency provide EEOC with the URL for the location of its No FEAR data and provide URL updates as necessary. Agencies can e-mail their URLs to EEOC at NoFEAR.URLS@eeoc.gov.

III. Privacy Policies on Agency Websites

1. Privacy Policy Clarification. To promote clarity to the public, agencies are required to refer to their general web site notices explaining agency information handling practices as the “Privacy Policy.”

2. Effective Date. Agencies are expected to implement the following changes to their websites by December 15, 2003.

3. Exclusions: For purposes of web privacy policies, this guidance does not apply to:

   1. information other than “government information” as defined in OMB Circular A-130;
   2. agency intranet web sites that are accessible only by authorized government users (employees, contractors, consultants, fellows, grantees);
   3. national security systems defined at 40 U.S.C. 11103 as exempt from the definition of information technology (see section 202(i) of the E-government Act).

4. Content of Privacy Policies.

   1. Agency Privacy Policies must comply with guidance issued in OMB Memorandum 99-18 and must now also include the following two new content areas:

      1. Consent to collection and sharing ¹⁵. Agencies must now ensure that privacy policies:

         1. inform visitors whenever providing requested information is voluntary;
         2. inform visitors how to grant consent for use of voluntarily-provided information; and
         3. inform visitors how to grant consent to use mandatorily-provided information for other than statutorily-mandated uses or authorized routine uses under the Privacy Act.

      2. Rights under the Privacy Act or other privacy laws ¹⁶. Agencies must now also notify web-site visitors of their rights under the Privacy Act or other privacy-protecting laws that may primarily apply to specific agencies (such as the Health Insurance Portability and Accountability Act of 1996, the IRS Restructuring and Reform Act of 1998, or the Family Education Rights and Privacy Act):

         1. in the body of the web privacy policy;
         2. via link to the applicable agency regulation (e.g., Privacy Act regulation and pertinent system notice); or
         3. via link to other official summary of statutory rights (such as the summary of Privacy Act rights in the FOIA/Privacy Act Reference Materials posted by the Federal Consumer Information Center at www.Firstgov.gov).

   2. Agency Privacy Policies must continue to address the following, modified, requirements:

      1. Nature, purpose, use and sharing of information collected. Agencies should follow existing policies (issued in OMB Memorandum 99-18) concerning notice of the nature, purpose, use and sharing of information collected via the Internet, as modified below:

         1. Privacy Act information. When agencies collect information subject to the Privacy Act, agencies are directed to explain what portion of the information is maintained and retrieved by name or personal identifier in a Privacy Act system of records and provide a Privacy Act Statement either:

            1. at the point of collection, or
            2. via link to the agency’s general Privacy Policy ¹⁸.

         2. “Privacy Act Statements”. Privacy Act Statements must notify users of the authority for and purpose and use of the collection of information subject to the Privacy Act, whether providing the information is mandatory or voluntary, and the effects of not providing all or any part of the requested information.

         3. Automatically Collected Information (site management data). Agency Privacy Policies must specify what information the agency collects automatically (i.e., user’s IP address, location, and time of visit) and identify the use for which it is collected (i.e., site management or security purposes).

         4. Interaction with children: Agencies that provide content to children under 13 and that collect personally identifiable information from these visitors should incorporate the requirements of the Children’s Online Privacy Protection Act (“COPPA”) into their Privacy Policies (see Attachment C) ¹⁹.

         5. Tracking and customization activities. Agencies are directed to adhere to the following modifications to OMB Memorandum 00-13 and the OMB follow-up guidance letter dated September 5, 2000:

            1. Tracking technology prohibitions:

               1. agencies are prohibited from using persistent cookies or any other means (e.g., web beacons) to track visitors’ activity on the Internet except as provided in subsection (b) below;

               2. agency heads may approve, or may authorize the heads of sub-agencies or senior official(s) reporting directly to the agency head to approve, the use of persistent tracking technology for a compelling need. When used, agency’s must post clear notice in the agency’s privacy policy of:

                  • the nature of the information collected;
                  • the purpose and use for the information;
                  • whether and to whom the information will be disclosed; and
                  • the privacy safeguards applied to the information collected.

               3. agencies must report the use of persistent tracking technologies as authorized for use by subsection b. above (see section VII) ²⁰.

            2. The following technologies are not prohibited:

               1. Technology that is used to facilitate a visitor’s activity within a single session (e.g., a “session cookie”) and does not persist over time is not subject to the prohibition on the use of tracking technology.

               2. Customization technology (to customize a website at the visitor’s request) if approved by the agency head or designee for use (see v.1.b above) and where the following is posted in the Agency’s Privacy Policy:

                  • the purpose of the tracking (i.e., customization of the site);
                  • that accepting the customizing feature is voluntary;
                  • that declining the feature still permits the individual to use the site; and
                  • the privacy safeguards in place for handling the information collected.

               3. Agency use of password access to information that does not involve “persistent cookies” or similar technology.

         6. Law enforcement and homeland security sharing: Consistent with current practice, Internet privacy policies may reflect that collected information may be shared and protected as necessary for authorized law enforcement, homeland security and national security activities.

      2. Security of the information ²¹. Agencies should continue to comply with existing requirements for computer security in administering their websites ²² and post the following information in their Privacy Policy:

         1. in clear language, information about management, operational and technical controls ensuring the security and confidentiality of personally identifiable records (e.g., access controls, data storage procedures, periodic testing of safeguards, etc.), and
         2. in general terms, information about any additional safeguards used to identify and prevent unauthorized attempts to access or cause harm to information and systems. (The statement should be at a level to inform the public that their information is being protected while not compromising security.)

5. Placement of notices. Agencies should continue to follow the policy identified in OMB Memorandum 99-18 regarding the posting of privacy policies on their websites. Specifically, agencies must post (or link to) privacy policies at:

   1. their principal web site;
   2. any known, major entry points to their sites;
   3. any web page that collects substantial information in identifiable form.

6. Clarity of notices. Consistent with OMB Memorandum 99-18, privacy policies must be:

   1. clearly labeled and easily accessed;
   2. written in plain language; and
   3. made clear and easy to understand, whether by integrating all information and statements into a single posting, by layering a short “highlights” notice linked to full explanation, or by other means the agency determines is effective.

Sec. 534. (NOTE: 5 USC app. 6 note.) The departments, agencies, and commissions funded under this Act, shall establish and maintain on the homepages of their Internet websites–

• (1) a direct link to the Internet websites of their Offices of Inspectors General; and
• (2) a mechanism on the Offices of Inspectors General website by which individuals may anonymously report cases of waste, fraud, or abuse with respect to those Departments, agencies, and commissions.