Policy Code: 
Effective Date: 
Sunday, March 14, 2004
Revision Number: 
Revision Date: 
Tuesday, November 2, 2004
Last Reviewed: 
Wednesday, March 11, 2020
Version Control: 
This standard supersedes EGT001-04.1.


Privacy issues are of concern for many people who are asked to provide personal information through e-services. Privacy standards may ease the concern of the customer and hopefully encourage the use of the services.


  1. All e-services accepting personally identifiable information shall provide privacy policy information.
  2. Privacy policies shall state:
    1. What and why personally identifiable information is collected.
    2. How the information will be used and under what circumstances it will be released, or if applicable the specific laws providing that the information is confidential.
    3. Choices available to the individual for reviewing and correcting customer submitted information.
    4. Contact information.
    5. If social security numbers are collected, notification as required in the Privacy Act of 1974 must be given.
    6. Reference to a security policy.
    7. The web pages/applications or specific type of information/service areas covered by this policy.
    8. If and how cookies are used.


Inform customers of the agencies’ intentions regarding the privacy of their personal information.


This standard applies to all executive branch state agencies including the University Systems Office but excluding other higher education institutions, i.e. campuses and agricultural and research centers.


Personally identifiable information
Any recorded information that uniquely identifies the person, such as, but not limited to, name, account number, social security number, user ID, PIN number, e-mail address, or biometric data.
Data that can be tied to a device or residence owned or used by an individual, such as, but not limited to, the individual's telephone number, mailing address or computer IP address.
Services provided electronically via interactive media. For example but not limited to:
  • Interactive Voice Response (IVR)
  • World Wide Web
Cookies are text files that are transmitted between your browser and the web server. There are two types of cookies:
  • In memory cookies – deleted on closing browser
  • Disk cookies are stored until they expire or are deleted.


  1. E-Services Privacy Policy Best Practices
  2. Sample Privacy Policy and Disclaimer
  3. Privacy Act of 1974
  4. Guidelines from the Online Privacy Alliance


Non-compliance with this standard shall be reported to the Office of the State Auditor.

Drafted By

IT Coordinators Council