Corporate Operating Policy on Internet Tracking Technologies

Download this document: [PDF] [Word]

This document was last updated: August 3, 2004

Table of Contents

BACKGROUND
PURPOSE
APPLICATION AND SCOPE
PRINCIPLES
MANDATORY REQUIREMENTS

Privacy Law Compliance
Informed Consent
Privacy Impact Assessments
Privacy Statements
Access to Information
Safeguards
Contracts and Agreements

INTERNET TRACKING TECHNOLOGY SCENARIOS

Background

User pull Server Access Logs IP Addresses Cookies Invisible Hyperlinks
Program push Electronic Mail
Transactional activities Electronic Transactions Personal Identification
Forums Forums
Inegrated Services Integrated Services

RESPONSIBILITIES

Deputy Heads
Corporate Chief Information Officer
Corporate and Cluster Chief Information Officers
Assistant Deputy Ministers
Program Managers
Manager, Access and Privacy Office, MGS
Management Board of Cabinet

DEFINITIONS

BACKGROUND

Privacy is a serious concern for Internet users. This operating policy provides ministries and agencies with policy direction on mandatory requirements concerning tracking technologies and the collection of personal information from users of government web sites and web services. "Internet Tracking Technologies" is a broad category that includes new tools that have become available in the online environment, such as 'cookies', that can be used without raising privacy concerns if designed in certain ways, but could also be used to invade people's privacy if designed another way.

The same requirements will continue to apply as government increasingly uses portal technology to manage its on-line presence. Building public trust in government Internet sites is critical to increasing the use of government online services and products.

PURPOSE

The purpose of this corporate operating policy on internet tracking technologies is to define mandatory requirements, provide operational guidance and define responsibilities concerning tracking technologies on government web sites and web applications.

This policy supports the Government's legal obligations to protect privacy under the Freedom of Information and Protection of Privacy Act (FIPPA).

APPLICATION AND SCOPE

This operating policy applies to:

• All web (Internet) sites, web services and portals of government organizations, namely ministries and other institutions of the Government of Ontario, which are subject to the Freedom of Information and Protection of Privacy Act;
• Third parties under contract or agreement with ministries and scheduled agencies delivering internet-accessible services to the public on behalf of the Government of Ontario (service providers).

This operating policy does not apply to:

• Other sites of service providers that are not government-related;
• Internet Service or telecommunications providers with whom the government has contracts for Internet access or communication services.
• Intranet sites that are restricted to government staff;
• Internal e-mail.

PRINCIPLES

Informed Consent - Web sites, web services and portals must be designed to enable visitors to find out how the institution plans to use information in tracking technologies, such as permanent cookies, and to choose whether or not to accept the mechanism.

Openness - Visitors must be able to know what information about them is being collected and how the information will be used, stored and discarded.

Transparency - Passive and/or hidden forms of information collection are prohibited except for authorized law enforcement activities.

Accountability - Proposals that include using internet tracking technologies to collect personal information or the aggregation of personal information associated with a tracking technology require due diligence to be done on the business need and legal authorization for that activity.

MANDATORY REQUIREMENTS

Privacy Law Compliance

Government organizations must require in contracts with third party service providers and their sub-contractors that they operate in accordance with this policy.

To ensure consistency between the handling of electronic information and paper equivalents, all information collected electronically will be treated the same as the equivalent information collected and stored by traditional means (eg. in person, facsimile or mail).

Web sites, web services and portals that collect personal information must show that they have legal authority for that collection as required by section 38(2) and 39(1) of the Freedom of Information and Protection of Privacy Act (FIPPA).

Informed Consent

The user must be given the opportunity to decide whether to agree with the service's request to use internet tracking technologies and agree to supply personal information on a per-service basis.

Privacy Impact Assessments

New web site, web service or portal: Government organizations proposing to establish a new web site, web service or portal that collects or publishes personal information must conduct a Privacy Impact Assessment to demonstrate compliance with FIPPA and program statutes using MBS PIA Guidelines before launching the site or service.

The PIA must be submitted to the program owner for review of the privacy implications prior to launching the site or service. The PIA should, at the discretion of the program owner, be reviewed with the Ontario Information and Privacy Commissioner (IPC) prior to launching the site or service.

If the legal authority for the collection of personal information via the web site is not clear, this must be highlighted in the Privacy Impact Assessment to alert senior executives to the need for a course of action that clearly establishes the legality of the proposed collection and manner of collection.

Existing web sites: Government organizations that propose substantive changes in the collection, use or disclosure of personal information on an existing web site (such as aggregation of information previously held in separate databases or the creation of common directory services) must complete a Privacy Impact Assessment. The PIA must be submitted to the program owner for review. The PIA should, at the discretion of the program owner, be reviewed with the Ontario Information and Privacy Commissioner.

Privacy Statements

Government organizations must include a privacy link on the main page of the institution to the corporate online Privacy Statement . Ministries and agencies must also include the privacy link on every page where personal information is collected.

The corporate Privacy Statement can be found at: www.gov.on.ca/mbs/english/common/privacy.html

In addition, they may provide a customised privacy statement. A ministry or program Privacy Statement may complement the corporate Privacy Statement by adopting the corporate policy and listing specific types of data collected by the agency for which exceptions apply.

Privacy policies and practices and Notices of Collection must be fully disclosed prior to asking individuals to give their personal information. The Privacy Statement must provide a complete and accurate description of how personal information will be used.

Access to Information

As government organizations design web sites, web services and portals, they must ensure that personal information that is collected by programs can be easily retrieved to be able to respond to an individual's request to access his or her personal information as permitted by FIPPA.

Safeguards

Electronic transactions via government web sites shall be protected by security safeguards appropriate to the sensitivity of the information involved in the transaction and the risks to both the client and the government.

Government web sites, web services and portals must not leave behind personal information on the user's computer, eg. in a cache or cookie, upon termination of a session. Similarly, the site or service must not leave behind information that could be used to triangulate with other information that may be available thus revealing personal information about the user. In web developer terms, this means personal information must not be stored on the client side. Both the client side and server side must be cleaned up when the user leaves.

Contracts and Agreements

The deployment of internet services typically involves interlocking agreements between the government and software vendors, system providers and/or third party service providers. In such out-sourced arrangements there is a risk that unauthorized access to personal information could occur or the data could be used for secondary (commercial) purposes or be disclosed inappropriately to another party. As noted in the section above on privacy law compliance, government organizations must require in contracts that third party service providers and their sub-contractors operate in accordance with the requirements of this policy.

These contracts and agreements shall address at a minimum:

• geographical restrictions on where and how data may be stored and processed, in accordance with government policies and practices;
• reserve the government's right to audit third-party operations, facilities and systems to assess and verify compliance;
• custody and control of Personal Information in the hands of the service provider and sub-contractors,
• limiting the use and disclosure of personal information by the service provider and sub-contractors to that which is prescribed in the contract or agreement;
• reporting of security and privacy breaches to the government service manager;
• destruction and disposal of equipment and databases that contain personal information records;
• transfer of records to the government service manager in the event of termination of the contract or agreement.

INTERNET TRACKING TECHNOLOGY SCENARIOS

Background

When an individual visits a web site, information called "traffic data" is automatically exchanged between their computer and the web server to enable the communication to occur, but the traffic data does not in itself identify the individual.

Traffic data typically contains:

• the Internet Protocol (IP) address of the user's computer;
• type of browser and operating system on the user's computer;
• name of the Internet Service Provider for the computer;
• date and time of access;
• web pages on the site visited;
• if the user linked to the GO site from another web site, the Internet web address of that site.

Identity may become evident, however, if the web site host uses an internet tracking technology to establish a mechanism for gathering information about the user over several sessions, or if the host associates the traffic data to other information in its custody, or if the user provides identifying information for example by filling out a form.

In the near future, the information in traffic data may expand to include location data that reveals the latitude, longitude and altitude of the user's terminal equipment, to their direction of travel, and the level of accuracy of the location information. In addition, as the world migrates to the next generation Internet Protocol IPv6, the potential to strongly associate the IP address to an identifiable individual is expected to increase. The European Commission has, in fact, already adopted the position that IP addresses attributed to Internet users are personal data and must be protected1.

This section identifies five typical scenarios where individuals may interact with a government web site, web service or portal for different purposes. After a description of the scenario, requirements to prevent unwarranted tracking of individuals are presented. The requirements are not meant to be exclusive to a particular scenario because a given web site may involve one or more features that could be perceived by users to be excessively intrusive. The general requirements noted above also continue to apply in these scenarios.

Typical Scenarios

1. User pull - A web site visitor downloads content off the site and supplies no personal information. There is no program or service delivery need for the government to identify users or track user choices over multiple sessions. Some users may choose to have the web site remember their preferences for subsequent visits to the web site, others may not.

Requirements:

Traffic Data

Where there is no program or service delivery need to identify individuals, traffic data may only be used to enable real-time web site management, development, performance management and measurement of traffic information. Government organizations must not use or compare traffic data with other databases to identify an individual unless permitted by FIPPA.

Traffic data may be processed for security and intrusion detection purposes. These activities must be restricted to designated persons performing security functions under the authority of the Corporate or Cluster CIO or Deputy Minister.

Server Access Logs

The access logs that record individuals' interactions with government web sites in the form of traffic data shall be classified as medium sensitivity or higher as defined in the GO Information Classification Operating Policy and be protected accordingly.

Information in Server Access Logs must not be used or compared with other databases to identify an individual, unless an attempt to upload or change information at government web sites, disrupt service or otherwise cause damage, has been detected. In these cases, Server Access Logs specific to the incident may be disclosed to a law enforcement agency to aid an investigation undertaken with a view to a law enforcement proceeding or from which a law enforcement proceeding is likely to result.

Server Access Logs must be retained no longer than the remainder of the calendar year plus 3 years, except those used in a security investigation, which shall be retained for at least one year after last use. Note that this policy only applies to Server Access Logs for public-facing web sites, web services and portals, not server logs for internal networks.

IP Addresses

Government organizations shall protect and manage IP addresses of individuals according to the same criteria as applies to personal information under section 38 of FIPPA (collection of personal information), s. 39 (manner of collection), s. 40 (retention), s. 41 (use), s. 42 (disclosure) and sections 1,2,3,4 of O.reg 460(safeguards). Records that contain IP addresses of individuals shall be classified as medium sensitivity information or higher and be protected accordingly.

Cookies

The term "cookie" refers to the small file created by an organization's web server that is stored on the user's computer to facilitate the exchange of information on a temporary or permanent basis. Cookies are both useful and controversial. The government has, as part of its mandatory technical standards, adopted the international standards called RFC 2965 - HTTP State Management Mechanism2 , and Best Current Practice - RFC 2964. Government web sites, web services and portals must be designed to comply with the Technical Standards Environment (located at http://intra.itsc.gov.on.ca)

The two international standards highlighted above provide guidance to the Internet community on how to design systems to avoid public criticism where the use of cookies in certain ways would violate the privacy of web users.

The Standards require, for example, that the user be given control over cookies by mechanisms :

• to notify the user when the browser is about to send a cookie to the organization's web server, to offer the option not to begin a session;
• to display a visual indication that a stateful session is in progress;
• to let the user decide which cookies, if any, should be saved when the user concludes a window or browser session;
• to let the user examine and delete the contents of a cookie at any time.

General requirements - Cookies:

• Follow IETF RFC 2964 and RFC 2965 in designing cookie mechanisms;
• Cookies must not be matched or associated with other personal information in the custody of government programs, which would result in extensive profiles of individuals' activities. This requirement applies to cookies that are issued to members of the public, not to business clients, and is intended to build trust with users and to avoid the passive collection of personal information;
• Web sites, web services and portals must be designed so users are not required to set their browser's privacy settings to the lowest level to use the site or service;

Specific requirements for each type of cookie:

When permanent cookies are used, the user must be notified and provide consent to accept the cookie before it is placed on the user's computer. The web site and web server design must assist informed consent.

In Ontario Government organizations, permanent cookies may be used for web site optimization, statistical purposes and personalization, but this must be done without associating the cookie with personal information of identifiable individuals, except on sites that are clearly targeted to people using the site in the course of a business or professional activity.

Government programs must not store personal information in cookies placed permanently on a user's computer. Permanent cookies are not secure repositories for personal information.

Permanent cookies must not be used as a customer identification and authentication mechanism for government service delivery, given the lack of control and weak security with cookies. Sessional cookies used for machine-to-machine authentication and security are not affected by this requirement. However, the best available encryption must still be used to provide confidentiality and integrity of personal information exchanged during a session.

Invisible Hyperlinks

On the principle that the government's collection practices must be transparent and users must be informed about those practices, the use of passive and/or hidden methods of information collection, such as web bugs and web beacons, is prohibited.

Similarly, arrangements with third parties to enable tracking or data collection on users of government web sites, web services and portals through passive or hidden methods, eg. with banners or java script, are prohibited.

2. Program push - The web site owner sends messages to the user via e-mail notice or by other mechanisms after gathering contact information from the individual.

Requirements:

Electronic Mail

Government organizations shall consider e-mail addresses for private individuals to be the personal information of the individual.

Government organizations must observe the following privacy principles when sending electronic mail:

• Only those individuals who have given their consent to be contacted via e-mail (opted in) shall receive e-mail from the government;
• Message subject lines must be clear and accurately reflect the nature of the message;
• For periodic messages, the e-mail message must contain instructions for removing consent and discontinuing future mailings;
• In periodic e-mails, the message must contain the title, organization, work address, telephone number and e-mail address of an individual that the client can contact to unsubscribe from the e-mail list and to enquire about privacy;
• When sending an e-mail message to more than one recipient on a distribution list, unless the identities and email addresses of all the recipients are public or otherwise known to the members of the list, use the blind copy (BCC) field to conceal the identities and e-mail addresses of the other recipients;
• Make it clear in the message whether a message is a private communication or not, especially when BCC is used to conceal the e-mail addresses of other recipients, to avoid misleading a recipient into thinking that the message is a private communication when it is not;
• Unless encryption hardware or software is used, e-mail messages are assumed to be insecure and therefore must not contain sensitive information. Discretion must be used in the disclosure of other personal information, such as the identity of the primary recipient of a message sent to multiple individuals;
• E-mail subscriber lists must not be posted in the public domain;
  
  E-mail messages sent and received by the government are records subject to FIPPA and its regulations and other statutes of the Government of Ontario, such as the Archives Act. Government organizations must apply the same standards of protection and confidentiality to e-mail as they do to other kinds of correspondence. For example, FIPPA must be followed when forwarding and responding to e-mails to ensure individuals' privacy rights are respected. E-mail must not be used to implicitly or explicitly disclose personal information without authority.

3. Transactional activities - Users provide information via the web site or web service to receive a product or service from the government organization. The transaction may or may not involve a fee or payment. Electronic transactions present the greatest risks for tracking of individuals or creating customer profiles because they typically require the creation and use of reference numbers, aggregating Personal Information and transactional data at a portal level, linking transactional data to information in server access logs, and collecting personal information for authentication purposes.

Requirements:

Electronic Transactions

Government organizations that propose to aggregate Personal Information and electronic transaction data in a portal must do a Privacy Impact Assessment and comply with this Operating Policy.

User Access Logs, meaning the access logs for ESD applications and web services where personal information such as an individual's name and credit card number is exchanged between the user and the service provider, shall be classified as medium sensitivity or higher under the GO Information Classification Operating Policy and be protected accordingly.

Personal Identification

Requiring individuals to identify themselves before they can use a web site, web service or portal is a complex issue, which may warrant addressing the business requirements for personal identification in a Privacy Impact Assessment.

If a government organization proposes to create and issue a new program identifier or universal identifier to serve as an authentication mechanism for government service delivery, or use an existing program identifier for additional programs, this must be highlighted in the PIA to alert senior executives to the privacy and legal implications from the use of the technology.

New program identifiers and/or universal identifiers must not be issued to individuals using government web sites, web services and/or portals unless the ministry or government agency has demonstrated that the practice complies with FIPPA.

Government organizations must seek to design their web sites, web services and portals to permit individuals to use them anonymously or pseudonymously and avoid the re-use of program identifiers where appropriate.

4. Forums - A government organization may establish an online open forum for engaging citizens and government officials in discussions on a proposed new policy or to solicit comments. Participants in the forum may be registered or un-registered. Other names for forums include: discussions, chat rooms, messaging windows, bulletin boards and electronic town halls.

Requirements:

Forums

When individuals log into a government Internet site or bulletin board, they must be provided with descriptions of potential uses of any personal information. Whenever possible, the site must give the individual the choice as to whether or not to agree to this use of personal information.

Whenever possible, participants in online forums set up to chat or comment on government policies or proposals must be able to do so without necessarily revealing their identity. At the same time, the government must not allow individuals to libel/defame another individual or group. Collection of information from anonymous forum participants about their age, sex, income range or other socio-economic indicator is permitted on a voluntary basis, but must not be combined with traffic data or other information to identify the individual.

An approach that achieves both goals of privacy protection and protection against libel/defamation is an "asynchronous" forum where individuals can submit comments anonymously but publication of the submissions is delayed until any personal information or potentially libelous or defamatory remarks have been removed from the record.

Another approach involving the registration of individuals who will be allowed to participate on the forum using their real name or a pseudonym according to their preference may only be used in exceptional circumstances. The problem with real-time forums (or chat rooms) is that comments are posted almost immediately and anyone online will see the statement in question before it can be removed, which risks damaging the reputation of the government as the host of the forum. If this risk is deemed to be acceptable, participants must still be notified in a customized Privacy Statement what the government will do with the registration information and the forum must be moderated. If government organizations follow this approach, the ministry or agency must inform clients about prohibited actions and enforcement activities using an Acceptable Use Policy developed by the ministry or agency for the site. Comments that violate the Acceptable Use Policy must be removed as soon as possible.

5. Integrated Services - "Integrated Services" refers to government initiatives that propose to implement one or more electronic service channels for single window access to multiple government programs. The integrated service may require the personal information previously collected for distinct legislative programs to be collected through a single Service Provider on behalf of several ministries. There is a wide range of possible approaches to integrating services for multiple government programs.

There is an aspect of tracking and collecting information about individuals in integrated services that could raise privacy concerns, especially if the service provider employs components and mechanisms that aggregate or widen potential uses of personal information, such as: single sign-on, shared directories, data warehousing, data matching and data mining. The MBS Privacy Impact Assessment Guidelines identify the following potential privacy risks from integrated services:

• creation of data profiles or the monitoring of individual transactions across unrelated Government programs;
• privacy intrusion for customers who may be required to interact with a single web site or portal for a range of previously separate Government services;
• an increased perception of privacy loss for customers receiving Government services through non-Government service providers.

Requirements:

Integrated Services

Government organizations that propose to implement integrated services must do a Privacy Impact Assessment and comply with FIPPA, provisions in program statutes which address the collection, use, disclosure and disposition of personal information in and the requirements of this Operating Policy. The ESD Privacy Standard 3 provides additional policy and operational direction required to address potential privacy risks which could arise from the bundling of service delivery channels.

RESPONSIBILITIES

Deputy Heads

Deputy heads are responsible for:

• adhering to the principles and mandatory requirements contained in this operating policy and ensuring that this policy is adhered to by ministry employees;
• ensuring that formal service agreements and contracts with third parties delivering internet-accessible services on behalf of the Government of Ontario addresses the requirements of this policy;
• obtaining prior Management Board approval for exemptions from any part of this policy;
• approving Privacy Impact Assessments that accompany submissions to MBC.

Corporate Chief Information Officer

The Corporate Chief Information Officer is responsible for:

• making recommendations on changes to this operating policy for approval by the Management Board of Cabinet;
• providing advice to Management Board of Cabinet with respect to the privacy implications of projects brought forward to MBC for approval.

Corporate Chief and Cluster Chief Information Officers

Corporate Chief and Cluster Chief Information Officers are responsible for:

• ensuring that all internet-accessible Information Technology Resources under their control comply with the principles and mandatory requirements of this operating policy.
• ensuring that the collection, use and disclosure of personal information on government web sites, web services and portals complies with FIPPA and relevant statutes and regulations, and complies with this operating policy.
• signing-off Privacy Impact Assessments on IT systems that are used to implement web sites, web services and portals of government organizations.

Assistant Deputy Ministers

Assistant Deputy Ministers are responsible for:

• signing-off Privacy Impact Assessments conducted on programs under their control as required by this policy when the PIA's are not being attached to an MBC submission.

Program Managers

Program Managers are responsible for:

• managing contractual arrangements for web sites, web services and portals and ensuring appropriate controls and accountability for the protection of personal information;
• ensuring that online notices and Privacy Statements are accurate and accessible in compliance with FIPPA and this operating policy;
• managing the completion of Privacy Impact Assessments as required by this operating policy;
• identifying proposals that should be reviewed by the IPC prior to launching to launching the site or service and ensuring that the IPC is consulted.

Manager, Access and Privacy Office, MBS

The Manager is responsible for:

• advising ministries on compliance with FIPPA and this operating policy;
• advising the OCCIO on the development and implementation of web site, web service and portal practices by ministries;
• reviewing and making recommendations to the OCCIO on changes to this operating policy for approval by the Management Board of Cabinet.

Management Board of Cabinet

The Management Board of Cabinet is responsible for:

• ensuring sound information and information technology management practices exist across the government;
• ensuring that the government's information and information technology management practices build public trust in the use of internet-accessible IT resources;
• reviewing ministry requests for exemptions from any part of this operating policy.

DEFINITIONS

Acceptable Use Policy - An Acceptable Use Policy (AUP) sets forth the principles that govern the client's use of the Web-based service provided by the government. The AUP may be designed to, for example, encourage polite and civil communication, encourage respect for others, and/or protect clients from irresponsible, abusive or illegal activities. The AUP identifies the actions that the government considers to be Prohibited Actions, meaning those actions that will lead to denial of access or impediment of service, and enforcement activities.

Access Logs - An access log is a list of all the requests for individual files that people have requested from a Web site. These files will include the HTML files and their imbedded graphic images and any other associated files that get transmitted. The access log (sometimes referred to as the "raw data") can be analyzed and summarized by another program.

Anonymous Identifier - an identifier that lacks individuality or distinction or recognizability; a unique identifier that cannot be traced back to an identifiable individual.

Banner - A banner is either a graphic image that announces the name or identity of a site (and often is spread across the width of the Web page) or is an advertising image. Advertisers sometimes count banner "views", or the number of times a banner graphic image was downloaded over a period of time.

Browser (User Agent)- A software program for viewing web pages. Popular browsers include Internet Explorer and Netscape.

Cookie (HTTP State Management Mechanism) - A small file containing state information that passes between an origin server and the user agent (browser) and that gets stored by the user agent on the computer. Cookies provide a mechanism that allows users and servers that wish to exchange state information to place HTTP requests and responses within a larger context called a "session". Cookies come in two types: session or permanent. Session cookies only exist temporarily in the user's computer memory and expire upon the termination of the connection with the server. Session cookies might be used to create, for example, a "shopping cart", in which users selections can be aggregated before purchase. Permanent cookies are placed on the user's computer on the hard drive and expire at a time selected by the server manager. Permanent cookies might be used to store the user's preferences for the display of information on the web site that created the cookie.

Data Matching - A computerized comparison of 2 or more databases of personal information that were originally collected for different purposes. The computer (data) matching program creates or merges files on identifiable individuals to identify matters of interest. Data matching is facilitated by storing personal information in centralized databases (see Data Warehousing) or by linking unrelated databases.

Data Mining - Sorting through data to identify patterns and establish relationships.

Data Warehousing - A data warehouse is a central repository for all or significant parts of the data that an enterprise's various business systems collect.

Electronic Mail - means any text, voice, sound or image message sent over a public electronic communications network which can be stored in the network or in the recipient's terminal equipment until it is collected by the recipient and includes messages sent using a short message service.

ESD Privacy Standard - The Electronic Service Delivery Privacy Standard (ESD PS) was developed by Ministry of Government Services in consultation with ministries and the Ontario Information and Privacy Commissioner. The Standard provides additional policy and operational direction required to address potential privacy risks which could arise from the bundling of service delivery channels. Adherence to the ESD PS is mandatory for all Ontario Government ministries and agencies which participate in any manner in the design and operation of the government's new service delivery model known as Electronic Service Delivery.

Hyperlink - Synonymous with "Hypertext Link". Hypertext is the organization of information units into connected associations that a user can choose to make. An instance of such an association is called a link or hypertext link. Hypertext was the main concept that led to the invention of the World Wide Web, which is, after all, nothing more (or less) than an enormous amount of information content connected by an enormous number of hypertext links.

Internet Service Provider - An ISP (Internet service provider) is a company that provides individuals and other companies access to the Internet and other related services such as Web site building and virtual hosting. An ISP has the equipment and the telecommunication line access required to have a point-of-presence on the Internet for the geographic area served.

Intranet Site - An intranet is a private network that is contained within an enterprise. It may consist of many interlinked local area networks and also use leased lines in the Wide Area Network. The main purpose of an intranet is to share company information and computing resources among employees. An intranet can also be used to facilitate working in groups and for teleconferences.

IP Address - Internet Protocol address. A number that uniquely identifies a computer connected to the Internet. Each packet of information transmitted on the Internet contains information about where it was sent from (source IP address) and the address to which it is to be delivered (destination IP address).

Java Script - JavaScript is an interpreted programming or script language from Netscape. It is somewhat similar in capability to Microsoft's Visual Basic, Sun's Tcl, the UNIX-derived Perl, and IBM's Rexx. JavaScript is used in Web site development to do such things as: Automatically change a formatted date on a Web page; Cause a linked-to page to appear in a popup window; Cause text or a graphic image to change during a mouse rollover.

Location Data - Location data may refer to the latitude, longitude and altitude of the user's terminal equipment, to the direction of travel, to the level of accuracy of the location information, to the identification of the network cell in which the terminal equipment is located at a certain point in time and to the time the location information was recorded.

Notice of Collection - Section 39(2) of FIPPA requires notices to be given to individuals where personal information is collected, eg. on forms, unless notice is waived by the responsible minister. The notice must inform the individual to whom the information relates all of the following: a) the legal authority for the collection; b) the principal purpose or purposes for which the personal information is intended to be used; and c) the title, business address and business telephone number of a public official who can answer the individual's questions about the collection.

Portal - A web site featuring a suite of commonly used services, serving as an anchor, starting point, or gateway to a collection of web sites or services. Variations include general portals and niche portals.

Privacy Statement - A Privacy Statement (also known as Privacy Policy) is a public document explaining the organization's policies and practices pertaining to the collection, use and disclosure of personal information. Unlike Notices of Collection, Privacy Statements are not legally required to be presented whenever personal information is collected, but it has become an industry best practice. Privacy Statements provide clients with more information than is necessary in the Notice of Collection, such as how the organization uses cookies and how information is protected.

Program Identifier - A unique identifier issued by an Ontario government organization, eg. Ontario Health Insurance Plan number, Ontario Education Number.

Program Owner - In provincial ministries, an Assistant Deputy Minister (ADM), or in agencies an equivalent ranking senior official, who is responsible for making major decisions on a program.

Pseudonymous Identifier - a fictitious name or number that does not obviously relate to an identifiable individual, but the linkage to the personal information of an individual can be made if necessary by an authorized individual.

Sensitive Information - medical or financial information, information that may be injurious to the reputation of the individual or the government if it was seen by the wrong individual.

Single Sign-On - In any client/server relationship, single sign-on is a session/user authentication process that permits a user to enter one name and password in order to access multiple applications. The single sign-on eliminates future authentication prompts when the user switches applications during that particular session. Single sign-on is also a term used in electronic commerce transactions where consumer financial information is centralised on one server to limit the number of times the consumer needs to enter credit card numbers or other sensitive information used in billing.

Substantive Change - having substance, involving matters of major or practical importance to all concerned. In the MBS PIA Guidelines, examples of proposals deemed to be "substantive changes" from existing practices (and hence require a PIA) include proposals that involve significant collection, use or disclosure of personal information, multi-program front-end program integration, broadening of target populations, a significant shift toward indirect collection of personal information, additional system linkages, and proposals that involve enhanced accessibility.

Traffic Data - Traffic data (also called "Clickstream Data") means any data processed for the purpose of conveyance of a communication on an electronic communications network.

Unique Identifier - A unique identifier is any identifying number, symbol or other particular assigned to the individual.

Universal Identifier - An unique identifier that can be used for authentication purposes by multiple entities or to develop profiles on individuals, eg. Social Insurance Numbers.

User - "User" means any natural person using a publicly avsailable electronic communications service, for private or business purposes, without necessarily having subscribed to this service. Web site "visitor" is synonymous with user.

Web Beacon - A Web beacon, also known as a web bug, is a file object (usually a graphic image such as a transparent GIF) that is placed on a Web page or in an e-mail message to monitor user behaviour or protect copyrighted material, functioning as a kind of "spyware". Unlike a cookie, which can be accepted or declined by the user via their browser settings, a Web beacon arrives as just another GIF on the Web page. A Web beacon is typically made invisible to the user when its colour is matched to the page background it and by making it very small, eg. 1 pixel.

Web Bug - see "Web Beacon"

Web Domain - On the Internet, a domain consists of a set of network addresses. This domain is organized in levels. The top level identifies geographic or purpose commonality (for example, the nation that the domain covers or a category such as "government"). The second level identifies a unique place within the top level domain and is, in fact, equivalent to a unique address on the Internet (an IP address). Lower levels of domain may also be used. Strictly speaking, in the Internet's domain name system (DNS), a domain is a name with which name server records are associated that describe sub-domains or host. For example, "whatis.com" could be a domain with records for "www.whatis.com" and "www1.whatis.com," and so forth.

Web Services - Automated resources accessed via the Internet. Web services are software-powered resources or functional components whose capabilities can be accessed at an internet URL. Standards-based web services use XML to interact with each other, which allows them to link up on demand.

Web Site - A Web site is a related collection of World Wide Web (WWW) files that includes a beginning file called a home page. A company or an individual tells you how to get to their Web site by giving you the address of their home page. From the home page, you can get to all the other pages on their site.

Endnotes

1. Article 29 Data Protection Working Party "Opinion 2/2002 on the use of unique identifiers in telecommunication terminal equipments: the example of IPv6", 10750/02/EN/Final WP 58, adopted May 30, 2002. http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2002/wp58_en.pdf
2. "HTTP (Hypertext Transfer Protocol) State Management" is the technical term for cookies. RFC-2965 and RFC-2964 standards were issued by the International Engineering Task Force (IETF).
3. The ESD PS is located at http://www.accessandprivacy.gov.on.ca/english/pub/esd-intro.html

MGCS home | central site | feedback | search | site map | français
About the Ministry | Services for Business | Services for Individuals
Employment in the OPS | Information Technology | Archives of Ontario | Related Sites

Telephone Service: For general ministry information, call (416) 326-8555 or Toll free 1-800-268-1142 (in Ontario).
For consumer information and advice: (416) 326-8800 or Toll free1-800-889-9768.
TTY/Teletypewriter users only: (416) 325-3408 or Toll free 1-800-268-7095.

Please send your comments, feedback and inquiries to: Info.MGCS@ontario.ca

© Copyright 2008 Queen's Printer for Ontario

Privacy | External Links Disclaimer.