The Office of Management and Budget Memorandum 10-23 requires that agencies assess their uses of third-party Websites and applications to ensure that the uses protect privacy.
The mechanism by which agencies perform this assessment is a privacy impact assessment (PIA):
- External Links: If an agency posts a link that leads to a third-party website or any other location that is not part of an official government domain, the agency should provide an alert to the visitor
- Embedded Applications: If an agency incorporates or embeds a third-party application on its website or any other official government domain, the agency should disclose the third party’s involvement
- Agency Branding: In general, when an agency uses a third- party website or application that is not part of an official government domain, the agency should apply appropriate branding to distinguish the agency’s activities from those of nongovernment actors(OPM page on Facebook)