Internet Privacy and Security
Department of Administration State Information Technology Services Division
Effective beginning February 1, 2002
Last Revised: February 18, 2015
The Montana Information Technology Act (MITA) assigns the responsibility of establishing and enforcing statewide IT policies and standards to the Department of Administration (DOA). The purpose of this Policy is to implement the Internet Privacy and Security Policy for defining actions to fulfill the responsibility.
III. Policy Statement
This policy has been developed for the state’s enterprise information systems maintained by DOA based on the Montana Information Technology Act (MITA). This policy is in cooperation with the federal and local governments with the objective of providing seamless access to information and services to the greatest degree possible 2-17-505 (3).
IV. Roles And Responsibilities
Roles and responsibilities are required by this policy and in accordance with POL-Information Security Policy - Appendix B (Security Roles and Responsibilities).
The State of Montana respects each individual website user's right to privacy. Any personal information that is collected will not be disclosed to any third party except as required by applicable law, unless the website user has expressly permitted the disclosure or "opted in" to allow the disclosure. The purpose of this statement is to inform website users of the use of information that may be collected while they are visiting this or any State of Montana website.
Citizens and businesses are not routinely asked to provide personal information to visit State of Montana websites or to download information. This includes mt.gov as well as agency websites. Government agencies may request personally identifiable information from you in order to provide requested specialized services, but such information is handled as it would during an in-person visit to a government office.
Montana law controls the level of access to personally identifiable information maintained in public records at state and local levels of government. Information that is generally available under Montana law may be posted for electronic access through mt.gov and associated agency websites.
Use of Constituent Email Addresses
Email addresses obtained as a result of a request to the state website will not be sold or given to other private companies for marketing purposes unless it is specifically stated when the email address is requested and the user "opts in" to having their email used in the stated fashion. The information collected is subject to the access and confidentiality provisions of Montana Code and Federal law. Email or other information requests sent to a state website may be maintained in order to respond to the request, forward that request to the appropriate agency, communicate updates to the state web page that may be of interest to citizens, or to provide the website designers with valuable customer feedback to assist in improving the site. Individuals will be provided with the ability to "opt in" at any time to receive communication regarding new service updates.
The state uses secured servers for conducting online transactions. All credit card and other payment information that is transmitted is protected by encryption technology, provided the website user's browser is properly configured and the user's computer is operating properly.
Data Security and Quality
The State of Montana is committed to data security and the data quality of personally identifiable information that is either available from or collected by governmental web sites, and has taken reasonable precautions to protect personally identifiable information from loss, misuse or alteration. Any third parties responsible for this information are committed to the same principles, and also are required by contract to follow the same policies and guidelines as the State of Montana in protecting this information. Unless otherwise prohibited by state or federal law, rule or regulation, the individual is granted the ability to access and correct personally identifiable information whether or not the information inaccuracy was accidental or created by unauthorized access.
Various non-state websites may be linked through mt.gov and other state maintained websites. Since the state has no control over these non- state websites, visitors to those sites are advised to check their privacy statements and be cautious about providing personally identifiable information without a clear understanding of how the information will be used. The state accepts no liability for other entities that are linked to the state's websites. Visitors may also wish to consult privacy guidelines such as those recommended by the Online Privacy Alliance.
For information security purposes, the computer systems that host mt.gov and other state websites employ software programs to monitor network traffic to identify unauthorized attempts to compromise its devices. These attempts to cause damage could be subject to legal action.
- All government websites that collect personally identifiable information from a website user will apply the following criteria:
- The website must identify who operates it.
- The website must provide the address and telephone number, as well as an email address, where a contact can be made.
- The website must give a general description of the types of third parties that may obtain the information that is being collected.
- The website must provide the website user the ability to "opt-in" for allowing their information to be used in other ways than for the purpose of the website.
The Montana Department of Transportation uses Google Analytics to analyze web traffic. Google uses a cookie to collect anonymous traffic data.
Government: The state which includes the State of Montana or any office, department, agency, authority, commission, board, institution, hospital, college, university, or other instrumentality of the state and political subdivisions of the state which includes any county, city, municipal corporation, school district, or other political subdivision or public corporation.
Personally Identifiable Information: Individually identifiable information about an individual collected online, including:
- A first and last name
- A residence or other physical address, including a street name and name of a city or town
- An email address
- A telephone number
- A social security number
- Unique identifying information that an Internet service provider or a government website operator collects and combines with any information described above.
Compliance shall be evidenced by implementing the Policy as described above.
Policy changes or exceptions are governed by the Procedure for Establishing and Implementing Statewide Information Technology Policies and Standards. Requests for a review or change to this instrument are made by submitting an Action Request form. Requests for exceptions are made by submitting an Exception Request form. Changes to policies and standards will be prioritized and acted upon based on impact and need.
Policies and standards not developed in accordance with this policy will not be approved as statewide IT policies or standards.
Enforcement for statewide polices and standards developed in accordance with this policy will be defined in each policy, standard or procedure.
If warranted, management shall take appropriate disciplinary action to enforce this Policy, up to and including termination of employment, consistent with current State Policy. The discipline policy can be found in the MOM Policy System (search for: 261). When considering formal disciplinary action, management will consult with their assigned Human Resource Specialist before taking action.
- 2-15-112 MCA Powers and Duties of Department
- 2-15-114 MCA Security Responsibilities of Departments for Data
- 2-17-505 MCA Policy
- 2-17-512 MCA Duties and Powers of Department Heads
- 2-17-514(1) MCA Enforcement
- Montana Information Technology Act (MITA)
B. Policies, Directives, Regulations, Rules, Procedures, Memoranda
- ARM 2.13.101 - 2.13.107 – Regulation of Communication Facilities
- ARM 2.12.206 - Establishing Policies, Standards, Procedures and Guidelines
- Statewide Policy: POL-Establishing and Implementing Statewide Information Technology Policies and Standards
- SITSD Procedure: IT Policies, Standards, Procedures and White Papers (search for: 180)
C. Standards, Guidelines