Internet Privacy and Security Policy

I. Purpose

The purpose of this Policy is to implement the POL-Internet Privacy andSecurity Policy for defining actions to fulfill the responsibility.

II. Scope

This policy applies to all state agencies. 2-17-505 et seq., MCA, with the exceptions as defined in 2-17-516, MCA and 2-17-546, MCA.

III. Roles and Responsibilities

Roles and responsibilities are required by this policy and in accordance with POL-Information Security Policy - Appendix B (Security Roles and Responsibilities).

IV. Requirements

The State of Montana respects each individual website user's right to privacy. Any personal information that is collected will not be disclosed to any third party except as required by applicable law unless the website user has expressly permitted the disclosure or "opted in" to allow the disclosure. The purpose of this statement is to inform website users of the use of information that may be collected while they are visiting this or any State of Montana website. Citizens and businesses are not routinely asked to provide personal information to visit State of Montana websites or to download information. This includes mt.gov as well as agency websites. Government agencies may request personally identifiable information from you in order to provide requested specialized services, but such information is handled as it would during an in-person visit to a government office. Montana law controls the level of access to personally identifiable information maintained in public records at state and local levels of government. Information that is generally available under Montana law may be posted for electronic access through mt.gov and associated agency websites.

A. Use of Constituent Email Addresses

Email addresses obtained as a result of a request to the state website will not be sold or given to other private companies for marketing purposes unless. It is specifically stated when the email address is requested and the user "opts in" to having their email used in the stated fashion. The information collected is subject to the access and confidentiality provisions of the Montana Code and Federal law. Email or other information

MOM-SITSD-POL-Internet Privacy and Security Policy

requests sent to a state website may be maintained in order to respond to the request, forward that request to the appropriate agency, communicate updates to the state web page that may be of interest to citizens, or provide the website designers with valuable customer feedback to assist in improving the site. Individuals will be provided with the ability to "opt-in" at any time to receive communication regarding news service updates.

B. Transaction Information

The state uses secured servers for conducting online transactions. All credit card and other payment information that is transmitted is protected by encryption technology, provided the website user's browser is properly configured and the user's computer is operating properly.

C. Data Security and Quality

The State of Montana is committed to data security and the data quality of personally identifiable information that is either available from or collected by governmental websites and has taken reasonable precautions to protect personally identifiable information from loss, misuse, or alteration. Any third parties responsible for this information are committed to the same principles and also are required by contract to follow the same policies and guidelines as the State of Montana in protecting this information. Unless otherwise prohibited by state or federal law, rule, or regulation, the individual is granted the ability to access and correct personally identifiable information whether or not the information inaccuracy was accidental or created by unauthorized access.

D. Non-State Websites

Various non-state websites may be linked through mt.gov and other state-maintained websites. Since the state has no control over these non-state websites, visitors to those sites are advised to check their privacy statements and be cautious about providing personally identifiable information without a clear understanding of how the information will be used. The state accepts no liability for other entities that are linked to the state's websites. Visitors may also wish to consult privacy guidelines such as those recommended by the Online Privacy Alliance.

E. Website Security

For information security purposes, the computer systems that hostmt.gov and other state websites employ software programs to monitor network traffic to identify unauthorized attempts to compromise its devices. These attempts to cause damage could be subject to legal action.

MOM-SITSD-POL-Internet Privacy and Security Policy

F. Criteria

1. All government websites that

collect personally identifiable

information from a website user will

apply the following criteria:

2. The website must identify who

operates it.

3. The website must provide the

address and telephone number,

as well as an email address,

where a contact can made.

4. The website must give a general

description of the types of third

parties that may obtain the

information that is being collected.

5. The website must provide the

website user the ability to "opt-in"

for allowing their information to be

used in other ways than for the

purpose of the website.

V. Definitions

Refer to the National Institute of Standards and Technology (NIST)Glossary of Key Information Security Terms for common information systems security-related definitions.

Government: The state which includes the State of Montana or any office, department, agency, authority, commission, board, institution, hospital, college, university, or other instrumentality of the state and political subdivisions of the state which includes any county, city, municipal corporation, school district, or other political subdivision or public corporation.

Personally Identifiable Information: Individually identifiable information about an individual collected online, including:

1. A first and last name

2. A residence or other physical

address, including a street name

and name of a city or town

3. An email address

4. A telephone number

5. A social security number

6. Unique identifying information

that an Internet service provider

or a government website operator

collects and combines with any

information described above.

VI. Enforcement

A. MOM-SITSD-PRO-Establishing and

Implementing Statewide IT Policies,

Standards, and Procedures govern

policy changes or exceptions.

Submit an Action Request form to

request a review or change to this

instrument. Submit an Exception

Request form to request an

exception. Changes to policies,

standards, and procedures will be

prioritized and acted on based on

impact and need.

MOM-SITSD-POL-Internet Privacy and Security Policy

B. 2-17-514, MCA, addresses

agency-level enforcement

information.

C. Montana Operations Manual

-(MOM) Discipline Policy addresses

individual level enforcement

information.

VII. References

A. Legislation

1. Section 2-15-112 MCA

2. Section 2-15-114 MCA

3. Section 2-17-512 MCA

4. Section 2-17-516, MCA

5. Section 2-17-546, MCA

6. Montana Information Technology

Act (MITA), Sections 2-17-504

et seq., MCA

B. Policies, Directives, Regulations,

Rules, Procedures, Memoranda

1. Administrative Rules of Montana

(ARM): ARM 2.12

2. ARM 2.13.101 -Â 2.13.107

3. ARM 2.12.206

4. Statewide Procedure:

MOM-SITSD-PRO-Establishing and

Implementing Statewide IT Policies,

Standards, and Procedures

5. State of Montana Office of the

Governor Executive

Order No. 09-2016

6. MOM-SITSD-POL-Information

Security Policy - Appendix B

(Security Roles and Responsibilities)