Internet Privacy and Security Policy
I. Purpose
The purpose of this Policy is to implement the POL-Internet Privacy andSecurity Policy for defining actions to fulfill the responsibility.
II. Scope
This policy applies to all state agencies. 2-17-505 et seq., MCA, with the exceptions as defined in 2-17-516, MCA and 2-17-546, MCA.
III. Roles and Responsibilities
Roles and responsibilities are required by this policy and in accordance with POL-Information Security Policy - Appendix B (Security Roles and Responsibilities).
IV. Requirements
The State of Montana respects each individual website user's right to privacy. Any personal information that is collected will not be disclosed to any third party except as required by applicable law unless the website user has expressly permitted the disclosure or "opted in" to allow the disclosure. The purpose of this statement is to inform website users of the use of information that may be collected while they are visiting this or any State of Montana website. Citizens and businesses are not routinely asked to provide personal information to visit State of Montana websites or to download information. This includes mt.gov as well as agency websites. Government agencies may request personally identifiable information from you in order to provide requested specialized services, but such information is handled as it would during an in-person visit to a government office. Montana law controls the level of access to personally identifiable information maintained in public records at state and local levels of government. Information that is generally available under Montana law may be posted for electronic access through mt.gov and associated agency websites.
A. Use of Constituent Email Addresses
Email addresses obtained as a result of a request to the state website will not be sold or given to other private companies for marketing purposes unless. It is specifically stated when the email address is requested and the user "opts in" to having their email used in the stated fashion. The information collected is subject to the access and confidentiality provisions of the Montana Code and Federal law. Email or other information
MOM-SITSD-POL-Internet Privacy and Security Policy
requests sent to a state website may be maintained in order to respond to the request, forward that request to the appropriate agency, communicate updates to the state web page that may be of interest to citizens, or provide the website designers with valuable customer feedback to assist in improving the site. Individuals will be provided with the ability to "opt-in" at any time to receive communication regarding news service updates.
B. Transaction Information
The state uses secured servers for conducting online transactions. All credit card and other payment information that is transmitted is protected by encryption technology, provided the website user's browser is properly configured and the user's computer is operating properly.
C. Data Security and Quality
The State of Montana is committed to data security and the data quality of personally identifiable information that is either available from or collected by governmental websites and has taken reasonable precautions to protect personally identifiable information from loss, misuse, or alteration. Any third parties responsible for this information are committed to the same principles and also are required by contract to follow the same policies and guidelines as the State of Montana in protecting this information. Unless otherwise prohibited by state or federal law, rule, or regulation, the individual is granted the ability to access and correct personally identifiable information whether or not the information inaccuracy was accidental or created by unauthorized access.
D. Non-State Websites
Various non-state websites may be linked through mt.gov and other state-maintained websites. Since the state has no control over these non-state websites, visitors to those sites are advised to check their privacy statements and be cautious about providing personally identifiable information without a clear understanding of how the information will be used. The state accepts no liability for other entities that are linked to the state's websites. Visitors may also wish to consult privacy guidelines such as those recommended by the Online Privacy Alliance.
E. Website Security
For information security purposes, the computer systems that hostmt.gov and other state websites employ software programs to monitor network traffic to identify unauthorized attempts to compromise its devices. These attempts to cause damage could be subject to legal action.
MOM-SITSD-POL-Internet Privacy and Security Policy
F. Criteria
1. All government websites that
collect personally identifiable
information from a website user will
apply the following criteria:
2. The website must identify who
operates it.
3. The website must provide the
address and telephone number,
as well as an email address,
where a contact can made.
4. The website must give a general
description of the types of third
parties that may obtain the
information that is being collected.
5. The website must provide the
website user the ability to "opt-in"
for allowing their information to be
used in other ways than for the
purpose of the website.
V. Definitions
Refer to the National Institute of Standards and Technology (NIST)Glossary of Key Information Security Terms for common information systems security-related definitions.
Government: The state which includes the State of Montana or any office, department, agency, authority, commission, board, institution, hospital, college, university, or other instrumentality of the state and political subdivisions of the state which includes any county, city, municipal corporation, school district, or other political subdivision or public corporation.
Personally Identifiable Information: Individually identifiable information about an individual collected online, including:
1. A first and last name
2. A residence or other physical
address, including a street name
and name of a city or town
3. An email address
4. A telephone number
5. A social security number
6. Unique identifying information
that an Internet service provider
or a government website operator
collects and combines with any
information described above.
VI. Enforcement
A. MOM-SITSD-PRO-Establishing and
Implementing Statewide IT Policies,
Standards, and Procedures govern
policy changes or exceptions.
Submit an Action Request form to
request a review or change to this
instrument. Submit an Exception
Request form to request an
exception. Changes to policies,
standards, and procedures will be
prioritized and acted on based on
impact and need.
MOM-SITSD-POL-Internet Privacy and Security Policy
B. 2-17-514, MCA, addresses
agency-level enforcement
information.
C. Montana Operations Manual
-(MOM) Discipline Policy addresses
individual level enforcement
information.
VII. References
A. Legislation
1. Section 2-15-112 MCA
2. Section 2-15-114 MCA
3. Section 2-17-512 MCA
4. Section 2-17-516, MCA
5. Section 2-17-546, MCA
6. Montana Information Technology
Act (MITA), Sections 2-17-504
et seq., MCA
B. Policies, Directives, Regulations,
Rules, Procedures, Memoranda
1. Administrative Rules of Montana
(ARM): ARM 2.12
3. ARM 2.12.206
4. Statewide Procedure:
MOM-SITSD-PRO-Establishing and
Implementing Statewide IT Policies,
5. State of Montana Office of the
Governor Executive
Order No. 09-2016
(Security Roles and Responsibilities)
