E-mail List Archives

Re: question


From: Darian Glover
Date: Nov 23, 2007 9:20AM

I've worked within the U.S. federal government on web projects for
over five years here in Washington, DC. The policy on cookies is one
of the most misunderstood issues I have encounterd. Mostly this is
due to a lack of understanding and an obsession people have with
"cookies." There has been so much confusion that a clarification memo
was issued.

There is *no* such ban on cookies. The web is a stateless environment
and without cookies it would be next to impossible to conduct any type
of business process or transaction.

1. Note the cited memorandum,
http://www.whitehouse.gov/omb/memoranda/m00-13.html, is titled Privacy
Policies and Data Collection on Federal Web Sites. ** This is privacy
issue, not a technical issue. **

2. Federal agencies are required to establish privacy policies and to
publish these policies for and on their web sites. It is strongly
recommended (if not required in some areas) to follow P3P, the
Platform for Privacy Preferences. http://www.w3.org/P3P/

3. When cookies are used on federal government web sites the requirements are:
A. Clear and conspicuous notice that cookies are used. (Terms and conditions)
B. There is a compelling need to gather the data on the site. (Business need)
C. Appropriate and publicly disclosed privacy safeguards for
handling of information (The public sector equivalent of "we will not
sell/trade/share your information")
D. Personal approval by the head of the agency (This is often
delegated down and interpreted as appropriate management approval.)

This policy only applies to U.S. federal government web sites.

On the original issue of asking for and storing information on a
visitor's accessibility needs; this type of information could be
considered medical information. I hate to add such a complication. I
suggest you research health privacy issues, if not speak to your
organization's lawyers to see if your current policies and processes
are sufficient to meet privacy concerns.

I think the use is a good idea. On some projects I have worked on we
have discussed adding to the user's profile a "Provide enhancements to
the user interface for accessibility." This would avoid most of the
medical information management issues.


On Nov 21, 2007 12:39 PM, Karl Groves < <EMAIL REMOVED> > wrote:
> OMB once published a notice essentially banning cookies on government sites:
> http://www.whitehouse.gov/omb/memoranda/m00-13.html
> I am unaware, however, whether this has been rescinded. As you can see, it
> is dated 2000.
> There is a few more materials on privacy & cookies located at
> http://www.usa.gov/webcontent/reqs_bestpractices/laws_regs/privacy.shtml
> which also contains a 2002 OMB document, but I'm unfamiliar with its
> contents. It may also answer your question.
> Karl Groves
> AIM/YIM: karlcore
> Skype: eight.pistons
> www.WebAccessStrategies.com
> > -----Original Message-----
> > From: <EMAIL REMOVED> [mailto:webaim-forum-
> > <EMAIL REMOVED> ] On Behalf Of Harrington, Karen
> > Sent: Wednesday, November 21, 2007 12:29 PM
> > Subject: [WebAIM] question
> >
> >
> >
> > Here's a scenario that I need help with:
> >
> > A company supplies on-line tutoring services. A user must have the
> > ability to type in their question and read the tutor's responses. If a
> > user cannot do this (for whatever reason), they may call a toll-free
> > number in order to communicate with a tutor.
> >
> > The company wants users with accessibility needs to be aware of the
> > toll-free number; however, they do not want the number mis-used. The
> > system could ask a user when registering to indicate that they have
> > accessibility needs. If so, then the toll-free number would be supplied
> > to them only.
> >
> > Is it against 508 or other federal policy to store accessibility needs
> > on a user?
> >