COMDTINST 5200.1
security monitoring, thus they should not have an expectation of privacy. Coast Guard Web sites,
including those maintained by contractors on behalf of Coast Guard, shall comply with standards set
forth in the Children's Online Privacy Protection Act of 1998 (http://www.ftc.gov/privacy/) with
respect to collecting personal information online at Web sites directed to children. All Coast Guard
staff, in particular Webmasters and Primary Content Approval Authorities (PCAOs), shall comply
with the following with regard to the Internet:
(1) "Persistent cookies" are only authorized under the following circumstances:
(a) There is a compelling need to collect such information.
(b) Appropriate publicized technical procedures are established to safeguard the information.
(c) The collection has been personally approved by the Secretary of Transportation.
(2) "Session cookies" are authorized only if users are advised of what information is collected or
stored, why it is being done, and how it is to be used.
(3) Web sites shall be periodically "scrubbed" for privacy and other sensitive information as
defined in reference (b).
b. Releasability. The Internet Configuration Control Board (ICCB) has further established clear policy
regarding content and format of information posted on the Web (reference (c)). It is incumbent on
Coast Guard commands/directorates to ensure that information posted/released, including personal
identifiers, falls within the scope of releasable data per the provisions of reference (b). See
Program.
c. Information Assurance. Information Systems Security requires our attention such that potential harm
is mitigated through cost effective controls to ensure that as we become more of an E-GOV
organization our information is protected for confidentiality, integrity, authentication, availability,
and non-repudiation. Citizen trust in on-line services is essential. Not only must personal
information be secure, but also on-line information backed up by systems that are reliable. More
information on electronic signatures and data encryption standards is available at
d. Electronic Records (E-Records). As programs consider eliminating the paper "source" document,
the management of electronic records imposes additional requirements to ensure that data/documents
are available throughout their Information life cycle. When converting a paper-based system to an E-
system, program managers must ensure the following actions are taken: the National Archives and
Records Administration (NARA) www.nara.gov must approve the conversion of a paper-based
system to an electronic system. The legally required retention periods for electronic records are the
same as those for paper outlined in reference (a). Further, long term funding must be allocated to
upgrade/migrate the E-data/documents to ensure data integrity and readability. Other issues to
consider are the stability of the E-media and the location of E-storage (i.e. on the hard drive or off-
4
Previous Page
