Internet Privacy and Security
Issuing Authority: State of Montana Chief Information Officer
Effective beginning February 1, 2002
Last Revised: June 30, 2011
This Internet Privacy and Security Policy (Policy) is to describe the requirements of Internet privacy and security.
This Policy encompasses information and information systems for which agencies have administrative responsibility, including information and systems managed or hosted by third-parties on agencies' behalf.
This Policy may conflict with other information system policies currently in effect. Where conflicts exist, the more restrictive policy governs. The development of future policies or standards will specifically identify and retire any superseded portions of current policies or standards.
Pursuant to the Montana Information Technology Act (MITA) (Title 2, Chapter 17, Part 5 of the Montana Code Annotated (MCA), it is the policy of the state that information technology be used to improve the quality of life of Montana citizens, and that such improvement is to be realized by protecting individual privacy and the privacy of the information contained within the state’s information technology systems. §2-17-505(1) MCA.
It is also the policy of the state that the development of information technology resources be conducted in an organized, deliberative, and cost-effective manner, which necessitates the development of statewide information technology policies, standards, procedures, and guidelines applicable to all state agencies and others using the state network. It is also anticipated that State information technology systems will be developed in cooperation with the federal government and local governments with the objective of providing seamless access to information and services to the greatest degree possible. §2-17-505(1) MCA.
Roles And Responsibilities
Department of Administration
Under MITA, the Department of Administration (DOA) is responsible for carrying out the planning and program responsibilities for information technology for state government (except the national guard), including for establishing and enforcing a state strategic information technology plan and establishing and enforcing statewide information technology policies and standards. DOA is responsible for implementing MITA and all other laws for the use of information technology in state government. The director of DOA has appointed the chief information officer to assist in carrying out the department’s information technology duties. §2-17-512 MCA.
Each department head is responsible for ensuring an adequate level of security for all data within their department. §2-15-114 MCA.
This Policy is applicable to agencies, staff and all others, including outsourced third-parties (such as contractors, or other service providers), who have access to, or use or manage information assets subject to the policy and standard provisions of §2-17-534 MCA. This Policy shall be communicated to staff and others who have access to or manage information, and information systems and assets.
For the purposes of this policy, the following definitions apply:
- The state which includes the state of Montana or any office, department, agency, authority, commission, board, institution, hospital, college, university, or other instrumentality of the state and political subdivisions of the state which includes any county, city, municipal corporation, school district, or other political subdivision or public corporation.
- Personally identifiable information
Means individually identifiable information about an individual collected online, including:
- A first and last name
- A residence or other physical address, including a street name and name of a city or town
- An email address
- A telephone number
- A social security number
- Unique identifying information that an Internet service provider or a government website operator collects and combines with any information described above.
The State of Montana respects each individual website user's right to privacy. Any personal information that is collected will not be disclosed to any third party except as required by applicable law, unless the website user has expressly permitted the disclosure or "opted in" to allow the disclosure. The purpose of this statement is to inform website users of the use of information that may be collected while they are visiting this or any State of Montana website.
Citizens and businesses are not routinely asked to provide personal information to visit State of Montana websites or to download information. This includes DiscoveringMontana.com as well as agency websites. Government agencies may request personally identifiable information from you in order to provide requested specialized services, but such information is handled as it would during an in-person visit to a government office.
Montana law controls the level of access to personally identifiable information maintained in public records at state and local levels of government. Information that is generally available under Montana law may be posted for electronic access through Discovering Montana and associated agency websites.
Use Of Constituent Email Addresses
Email addresses obtained as a result of a request to the state website will not be sold or given to other private companies for marketing purposes unless it is specifically stated when the email address is requested and the user "opts in" to having their email used in the stated fashion. The information collected is subject to the access and confidentiality provisions of Montana Code and Federal law. Email or other information requests sent to a state website may be maintained in order to respond to the request, forward that request to the appropriate agency, communicate updates to the state web page that may be of interest to citizens, or to provide the website designers with valuable customer feedback to assist in improving the site. Individuals will be provided with the ability to "opt in" at any time to receive communication regarding new service updates.
The state uses secured servers for conducting online transactions. All credit card and other payment information that is transmitted is protected by 128-bit encryption technology, provided the website user's browser is properly configured and the user's computer is operating properly.
Data Security And Quality
The State of Montana is committed to data security and the data quality of personally identifiable information that is either available from or collected by governmental web sites, and has taken reasonable precautions to protect personally identifiable information from loss, misuse or alteration. Any third parties responsible for this information are committed to the same principles, and also are required by contract to follow the same policies and guidelines as the State of Montana in protecting this information. Unless otherwise prohibited by state or federal law, rule or regulation, the individual is granted the ability to access and correct personally identifiable information whether or not the information inaccuracy was accidental or created by unauthorized access.
Various non-state websites may be linked through Discovering Montana and other state maintained websites. Since the state has no control over these non-state websites, visitors to those sites are advised to check their privacy statements and be cautious about providing personally identifiable information without a clear understanding of how the information will be used. The state accepts no liability for other entities that are linked to the state's websites. Visitors may also wish to consult privacy guidelines such as those recommended by the Online Privacy Alliance.
For information security purposes, the computer systems that host Discovering Montana and other state websites employ software programs to monitor network traffic to identify unauthorized attempts to compromise its devices. These attempts to cause damage could be subject to legal action.
- All government websites that collect personally identifiable information from a website user, will apply the following criteria:
- The website must identify who operates it.
- The website must provide the address and telephone number, as well as an email address, where a contact can be made.
- The website must give a general description of the types of third parties that may obtain the information that is being collected.
- The website must provide the website user the ability to "opt-in" for allowing their information to be used in other ways than for the purpose of the website.
The Montana Department of Transportation uses Google Analytics to analyze web traffic. Google uses a cookie to collect anonymous traffic data.
Background - History On The Creation Of Or Changes To This Policy
This policy was created by ITSD after the enactment of HB 281 and presented for approval to the Electronic Government Advisory Council.
Guidelines - Recommendations, Not Requirements
There are no guidelines for this policy.
Change Control and Exceptions
Policy changes or exceptions are governed by the Procedure for Establishing and Implementing Statewide Information Technology Policies and Standards. Requests for a review or change to this instrument are made by submitting an Action Request form. Requests for exceptions are made by submitting an Exception Request form. Changes to policies and standards will be prioritized and acted upon based on impact and need.
Direct questions or comments about this instrument to the State of Montana Chief Information Officer at ITSD Service Desk or:PO Box 200113
Helena, MT 59620-0113