You will need Adobe Acrobat Reader to view PDF files. See EPA's PDF page for more information about getting and using the free Acrobat Reader.
Many links on the Web Guide are available to EPA Intranet users only. If you are an outside contractor working for EPA, please contact your EPA representative for more information. If you are another federal agency or other party interested in EPA's web policies and procedures, please contact EPA through the "Contact Us" page on this site.
Web or WebCMS Questions?
Email the EPA Call Center
Protecting Personal Privacy on EPA's Public Access Web Site : "Cookies Policy"
October 25, 2000
SUBJECT: Protecting Personal Privacy on EPA's Public Access Web Site : "Cookies Policy"
FROM: Margaret N. Schneider
Principal Deputy Assistant Administrator
TO: Assistant Administrators
Chief Financial Officer
Staff Office Directors
The purpose of this memorandum is to bring to your attention recent Office of Management and Budget (OMB) policies on the use of "cookies" on Federal Web sites. I am also providing guidance on how to ensure that your office is protecting the privacy of citizens using your Web sites.
The rapid growth of the Internet has created a growing demand for government to use information technology to increase access to information and to provide opportunities for citizens to interact with government. EPA's Web site and the numerous "e-gov" projects being carried out throughout the Agency are success stories of how EPA is using information technology to improve public access, to enable decision-making, and to empower citizens to take action.
With this success, however, comes the responsibility to stay current with Federal laws that protect personal privacy, the identity of children, copyright, intellectual property rights, and confidential business information. Our challenge is to keep pace by developing public access policies that achieve an appropriate balance between access, privacy and security. This memo is one of a number of OEI policy updates you will receive on matters related to privacy, as Federal technology and public information policy evolves with the transformation to an "e-government."
What are "cookies?" "Cookies" are small bits of software that are placed on a web user's hard drive by a server. Cookies provide more efficient navigation through Web pages and speed the delivery of information to the user. However, cookies can also be used to gather personal information and to track the Web sites accessed by individuals, raising a privacy concern. OMB's June 22, 2000 memo (attached) states that cookies should not be used at Federal Web sites, unless there is a "compelling" need to gather the data on the site, privacy safeguards are in place for handling of the information derived from "cookies", and there is personal approval by the head of the agency. EPA fully supports the privacy goals in OMB's memo.
OMB clarified its policy in a letter (attached) of September 5, 2000, from John T. Spotila, administrator of OMB's Office of Information and Regulatory Affairs, to Roger Baker, Chief Information Officer at the Commerce Department. In this letter OMB recognized the value of using "temporary" or "session" cookies, which enhance specific interactions, do not collect personal information, and disappear from the user's computer when the user logs off the Web site. OMB reiterated that the use of "persistent" cookies to collect personal information and remain in the user's machine can threaten personal privacy unless the agency gives clear notice of the activity.
- At EPA, persistent cookies shall not be used unless you have received approval from the Administrator, there is a compelling need to gather data on the Web site, there are privacy safeguards for handling information derived from the cookies, and there is clear and conspicuous notice on your Web sites. Procedures for applying for this approval are being developed; in the meantime, if approval is necessary, contact Emma McNamara, (202) 260-3209 [updated number for Emma McNamara is 202-566-0655], in the Office of Information Analysis and Access in OEI.
- Please ensure you have processes and procedures in place to review and approve all Web sites maintained by your office, as stated in EPA's December 1998 policy on the Approval of Internet Content. These approval procedures, which generally should reside at the Office Director level, must include an evaluation of all Web site cookies that your office maintains.
- If use of a cookie is approved, its function and purpose should be clearly described to the public on the page where the cookie is placed on the user's computer. It is the Office Director's responsibility to ensure compliance with OMB guidance for cookies that currently reside on your office's Web pages. Compliance with EPA and OMB guidance is also required for any cookies that are added to your Web sites or the addition of new sites that already contain cookies. To assist Office Directors, we will be contacting those offices which our research to date has identified as having any persistent cookies.
OEI will continue to use the QIC to provide updates on our activities or to discuss policy issues on privacy, as well as using written Agency-wide updates. Please feel free to contact me or Elaine Stanley, Director, Office of Information Analysis and Access (202-260-6670), with any concerns or issues.
You will need Adobe Reader to view some of the files on this page. See EPA's PDF page to learn more.