ARIZONA STATE SENATE
Phoenix, Arizona
state web sites;
privacy statement
(NOW:
state web sites; privacy)
Requires state boards, commissions, departments and other units and the Legislature, the Courts and the Governor to place a clear and conspicuous privacy policy statement on their website. Establishes restrictions on the state’s use of information and the ability of an agency to request social security number (SSN) information.
This legislation requires the establishment of a privacy policy that reveals what information a state agency or any other entity or person obtains from people through an agency website both directly and indirectly. According to the Government Information Technology Agency (GITA), five agencies have privacy policy disclaimers. When online, personally identifying information may be gathered through a variety of means without the user’s knowledge. H.B. 2043 prohibits the sale or disclosure of such information, essentially exempting it from the state’s public record law. According the Attorney General’s Office, concerns relating to the illegal use of SSN’s have prompted elements of this legislation so that consumers would feel safe that information provided to the state through online interactions is lawfully required and are aware of what protections are in place.
The Children’s Online Privacy Protection Act of 1998 generally prohibits for operators of websites or online services directed at children to collect personal information from a child. In addition, the Act requires operators to provide notice online of what information is collected from children, how such information is used and disclosed; to obtain parental consent prior to any collection, use or disclosure of a child’s personal information; provide means for a parent to review information collected from their child and to refuse to permit the further use of the information; and to establish and maintain procedures to protect such information.
While the exact fiscal impact of this legislation is unknown, GITA is statutorily required to provide policies, standards and procedures and has a privacy policy statement in development. Privacy policy statements will then be coordinated on the state’s web portal and the links to the various agency home pages and the policy will be coordinated through GITA. No additional costs should develop relating to the establishment of privacy policy statements.
1. Requires agencies to provide a clear and conspicuous privacy policy statement on the agency’s web site and on each web page on which the agency request or requires an individual to provide information.
2. Requires agencies to place a clear and conspicuous link to the agency’s privacy policy statement on both its home page and key public entry points.
3. Requires agencies to provide security for personally identifying information collected from a person online and to provide individuals with reasonable access to such data.
4. Prohibits agencies from selling, sharing or otherwise disclosing any information obtained by an indirect means through a data collection device to any entity or person.
5. Stipulates that an agency may provide information obtained online by indirect means on the request of a law enforcement agency to conduct a lawful investigation.
6. Requires agencies that request a SSN to disclose the federal legal authority under which it is collecting the SSN, the uses that will be made of the SSN and that failure to provide the SSN may result in the denial of an application, benefit or service. If no federal legal authority exists for the agency to request the SSN, agencies are required to inform individuals that providing the SSN is voluntary and that no adverse action will result from failure to provide the SSN.
7. Requires agencies to comply with the Children’s Online Privacy Protection Act of 1998 and other federal regulations.
8. Prescribes definitions.
9. Provides for a general effective date.
EUT 2/7/01 DPA/SE 10-0-0-0-0
3rd Read 2/19/01 58-0-2-0
Prepared by Senate Staff
March 15, 2001