I was overseas when the guidelines on the use of web analytics and measurement on Federal government web site was published on June 25 and then spent a few days tromping in the woods with my son, so I haven’t had a lot of time to digest the OMB’s final memos. Yet after reading through the memos pertaining to web site measurement (M-10-22) and use of third party websites and applications (M-10-23), like Facebook and
YouTube, I feel optimistic about options and opportunities if you’re running a Federal agency web site or using web analytics on a Federal web site. When I last wrote about this on May 4, I expressed doubts as to how friendly the policy would be for Federal agency web managers and web analysts.
Here are the biggest wins for conducting web analytics and measurement on Federal agency web sites:
- You’ll be fine as long as you don’t collect PII.The guidelines are relatively easy to accommodate as long as you don’t want to collect PII, such as names, email addresses, postal addresses. This is classified as Tier3 – multi-session with PII data. Most of you will be concentrating only on Tier 2 data – multi-session without PII. What you need to do: If it is only Tier 1 and Tier 2 data you are collecting, you need to be in compliance with what is outlined in M-10-22. If you do want to collect Tier 3 data, you’ll need to work with your Senior Agency Official for Privacy (SAOP)and then put out for public comment as to why you need to collect such data and then a review by the CIO. This will likely to be a long process.The only exception is getting written permission from your agency CIO to this process if you can make a case for a delay causing serious public harm…which in most cases is not going to happen.
- You need to evaluate the data collection practice of third party sites, such as YouTube and Facebook.This is one of the most interesting aspects of the guidance…as long as a third party site does not share the PII that they collect with your agency there appears to be no issue, and as long as the third party site does not use their data on behalf of a Federal site, there also appears to be no issue. It also appears that you can use baked in analytics tools, such as YouTube Insight, or blog packages such as WordPress, as these collect Tier2 data. What you need to do:If you are using third party social media sites, you’ll need to consider risks as outlined in OMB’s memorandum providing Guidance for Agency Use of Third-Party Websites and Applications that can be found in M-10-23 and prepare a Privacy Impact Assessment (PIA). You will need to work with your agency Senior Agency Official for Privacy (SAOP) for approval of the PIA, so find out the process and expectations of documentation you will be required to provide.
- Data retention is flexible.There are guidelines for retention of web data, but it is not an explicit mandate. According to the policy, agencies should limit the retention of data to one year or less. However, it would seem that there can be reasonable arguments made for keeping data for longer, such as wanting to understand year over year trends.What you need to do: Consider your current data retention time. Is it necessary to keep analytics data beyond a year? While many agencies keep data for years, it may not have business value. I’d suggest that you start planning your data archiving and expiration strategy, if you don’t already have one.
- Use web analytics software that enables visitors to opt out, such as Google Analytics, Omniture, Yahoo! Web Analytics and Webtrends. The caution here is that if you allow the GA or YWA opt-out, you’ll be providing visitors with the option to opt-out of Web wide measurement for these solutions. Read my post on CMSWatch for a more detailed description of this issue.
- Provide clear instructions to visitors on how they can opt out of web site measurement on your site. From my perspective, this is clearly the better option to take. USA.gov provides a nice central location with instructions on opting out of measurement on popular desktop and mobile browsers. This is a great reference, although there needs to be a bit more added to be a complete reference.
Post reprinted from Web Analytics Management
Great analysis, Phillip – we initial tried to seed a conversation on the topic and not sure if it ever really took off…disinterest?
Thanks, Andrew. Perhaps the lack of response to your initial attempt to create a dialogue about this memo is that folks are trying to figure out what the memos mean and how to implement it. In subsequent talks I’ve had with those involved with the Web, privacy and legal aspects surrounding this memo, there’s still a lot of sorting out that needs to occur until it is really clear on how to proceed.