18F · zachmargolis · Sep 11, 2020 · Sep 11, 2020 · Sep 11, 2020 · Sep 11, 2020
diff --git a/app/services/marketing_site.rb b/app/services/marketing_site.rb
@@ -10,12 +10,16 @@ def self.base_url
     URI.join(BASE_URL, locale_segment).to_s
   end
 
-  def self.privacy_url
+  def self.security_and_privacy_practices_url
     URI.join(BASE_URL, locale_segment, 'policy').to_s
   end
 
+  def self.privacy_act_statement_url
+    URI.join(BASE_URL, locale_segment, 'policy/our-privacy-act-statement/').to_s
+  end
+
   def self.messaging_practices_url
-    "#{privacy_url}/#our-messaging-practices"
+    URI.join(BASE_URL, locale_segment, 'policy/messaging-terms-and-conditions/').to_s
   end
 
   def self.contact_url

diff --git a/app/views/devise/sessions/new.html.erb b/app/views/devise/sessions/new.html.erb
@@ -61,9 +61,13 @@
   <%= render 'sign_up/registrations/required_pii_accordion' %>
 <% end %>
 
-<%= link_to(
-  t('notices.terms_of_service.link'),
-  MarketingSite.privacy_url,
-  target: '_blank',
-  class: 'mt3',
-) %>
+<p class="my1">
+  <%= link_to(
+    t('notices.privacy.security_and_privacy_practices'),
+    MarketingSite.security_and_privacy_practices_url,
+    target: '_blank',
+  ) %>
+</p>
+<p class="my1">
+  <%= link_to t('notices.privacy.privacy_act_statement'), MarketingSite.privacy_act_statement_url, target: '_blank' %>
+</p>
diff --git a/app/views/layouts/user_mailer.html.erb b/app/views/layouts/user_mailer.html.erb
@@ -149,7 +149,7 @@
                                             &nbsp;&nbsp;|&nbsp;&nbsp;
                                             <%= link_to(
                                               t('mailer.privacy_policy'),
-                                              MarketingSite.privacy_url,
+                                              MarketingSite.security_and_privacy_practices_url,
                                               style: 'text-decoration: underline;',
                                             ).html_safe %>
                                           </p>

diff --git a/app/views/shared/_footer_lite.html.erb b/app/views/shared/_footer_lite.html.erb
@@ -64,7 +64,7 @@
           class: 'caps h6 blue sm-white text-decoration-none mr3', target: '_blank' %>
         <%= link_to t('links.contact'), MarketingSite.contact_url,
           class: 'caps h6 blue sm-white text-decoration-none mr3', target: '_blank' %>
-        <%= link_to t('links.privacy_policy'), MarketingSite.privacy_url,
+        <%= link_to t('links.privacy_policy'), MarketingSite.security_and_privacy_practices_url,
           class: 'caps h6 blue sm-white text-decoration-none', target: '_blank' %>
       </div>
     </div>

diff --git a/app/views/sign_up/registrations/new.html.erb b/app/views/sign_up/registrations/new.html.erb
@@ -29,7 +29,11 @@
 <%= render 'shared/cancel', link: decorated_session.cancel_link_url %>
 
 <p class='mt2'>
-  <%= link_to t('notices.terms_of_service.link'), MarketingSite.privacy_url, target: '_blank' %>
+  <%= link_to t('notices.privacy.security_and_privacy_practices'), MarketingSite.security_and_privacy_practices_url, target: '_blank' %>
+</p>
+
+<p>
+  <%= link_to t('notices.privacy.privacy_act_statement'), MarketingSite.privacy_act_statement_url, target: '_blank' %>
 </p>
 
 <%= javascript_pack_tag 'email-validation' %>
diff --git a/app/views/users/authorization_confirmation/show.html.erb b/app/views/users/authorization_confirmation/show.html.erb
@@ -44,7 +44,3 @@
           method: :put) %>
   </div>
 </div>
-
-<div class='mt3'>
-  <%# link_to t('notices.terms_of_service.link'), MarketingSite.privacy_url, target: '_blank' %>
-</div>
diff --git a/app/views/users/emails/show.html.slim b/app/views/users/emails/show.html.slim
@@ -14,4 +14,10 @@ h1.h3.my0 = t('headings.add_email')
 = render 'shared/cancel', link: decorated_session.cancel_link_url
 
 p.mt2
-  = link_to t('notices.terms_of_service.link'), MarketingSite.privacy_url, target: '_blank'
+  = link_to t('notices.privacy.security_and_privacy_practices'),
+            MarketingSite.security_and_privacy_practices_url,
+            target: '_blank'
+p
+  = link_to t('notices.privacy.privacy_act_statement'),
+            MarketingSite.privacy_act_statement_url,
+            target: '_blank'
diff --git a/config/locales/notices/en.yml b/config/locales/notices/en.yml
@@ -19,6 +19,9 @@ en:
     phone_confirmed: Phone confirmed successfully.
     piv_cac_configured: PIV/CAC card linked successfully.
     piv_cac_disabled: PIV/CAC card unlinked successfully.
+    privacy:
+      privacy_act_statement: Privacy Act Statement
+      security_and_privacy_practices: Security and Privacy Practices
     resend_confirmation_email:
       success: We sent another confirmation email.
     session_cleared: For your security, we clear what you entered if you don't move
@@ -35,8 +38,6 @@ en:
         to continue creating your account.
       first_paragraph_start: We sent an email to
       no_email_sent_explanation_start: Didn’t receive an email?
-    terms_of_service:
-      link: Security Practices and Privacy Act Statement
     timeout_warning:
       partially_signed_in:
         continue: Continue sign in

diff --git a/config/locales/notices/es.yml b/config/locales/notices/es.yml
@@ -19,6 +19,9 @@ es:
     phone_confirmed: Teléfono confirmado con éxito.
     piv_cac_configured: Tarjeta PIV/CAC vinculada con éxito.
     piv_cac_disabled: Tarjeta PIV/CAC desvinculada con éxito.
+    privacy:
+      privacy_act_statement: Declaración de la ley de privacidad
+      security_and_privacy_practices: Prácticas de seguridad y privacidad
     resend_confirmation_email:
       success: Enviamos otro email de confirmación.
     session_cleared: Para su seguridad, borramos lo que ingresó si no pasa a una página
@@ -35,8 +38,6 @@ es:
         continuar creando su cuenta.
       first_paragraph_start: Enviamos un email a
       no_email_sent_explanation_start: "¿No recibió un email?"
-    terms_of_service:
-      link: Prácticas de Seguridad y Declaración de Privacidad
     timeout_warning:
       partially_signed_in:
         continue: Continuar el inicio de sesión

diff --git a/config/locales/notices/fr.yml b/config/locales/notices/fr.yml
@@ -20,6 +20,9 @@ fr:
     phone_confirmed: Téléphone confirmé avec succès.
     piv_cac_configured: Carte PIV/CAC liée avec succès.
     piv_cac_disabled: Carte PIV/CAC dissociée avec succès.
+    privacy:
+      privacy_act_statement: Déclaration de confidentialité
+      security_and_privacy_practices: Pratiques de sécurité et de confidentialité
     resend_confirmation_email:
       success: Nous avons envoyé un autre courriel de confirmation.
     session_cleared: Pour votre sécurité, nous effacerons l'information que vous avez
@@ -38,9 +41,6 @@ fr:
         le lien pour continuer à créer votre compte.
       first_paragraph_start: Nous avons envoyé un courriel à
       no_email_sent_explanation_start: Vous n'avez pas reçu d'e-mail?
-    terms_of_service:
-      link: Pratiques en matière de sécurité et énoncé concernant la Loi sur la protection
-        des renseignements personnels
     timeout_warning:
       partially_signed_in:
         continue: Continuer la connexion

diff --git a/spec/features/two_factor_authentication/sign_in_spec.rb b/spec/features/two_factor_authentication/sign_in_spec.rb
@@ -386,7 +386,7 @@ def attempt_to_bypass_2fa
       visit login_two_factor_path(otp_delivery_preference: 'sms')
       click_link t('links.privacy_policy')
 
-      expect(current_url).to eq MarketingSite.privacy_url
+      expect(current_url).to eq MarketingSite.security_and_privacy_practices_url
     end
   end
 end
diff --git a/spec/services/marketing_site_spec.rb b/spec/services/marketing_site_spec.rb
@@ -15,32 +15,34 @@
     end
   end
 
-  describe '.privacy_url' do
+  describe '.security_and_privacy_practices_url' do
     it 'points to the privacy page' do
-      expect(MarketingSite.privacy_url).to eq('https://www.login.gov/policy')
+      expect(MarketingSite.security_and_privacy_practices_url).
+        to eq('https://www.login.gov/policy')
     end
 
     context 'when the user has set their locale to :es' do
       before { I18n.locale = :es }
 
       it 'points to the privacy page with the locale appended' do
-        expect(MarketingSite.privacy_url).to eq('https://www.login.gov/es/policy')
+        expect(MarketingSite.security_and_privacy_practices_url).
+          to eq('https://www.login.gov/es/policy')
       end
     end
   end
 
   describe '.messaging_practices_url' do
     it 'points to messaging practices section of the privacy page' do
       expect(MarketingSite.messaging_practices_url).
-        to eq('https://www.login.gov/policy/#our-messaging-practices')
+        to eq('https://www.login.gov/policy/messaging-terms-and-conditions/')
     end
 
     context 'when the user has set their locale to :es' do
       before { I18n.locale = :es }
 
       it 'points to the privacy page section with the locale appended' do
         expect(MarketingSite.messaging_practices_url).
-          to eq('https://www.login.gov/es/policy/#our-messaging-practices')
+          to eq('https://www.login.gov/es/policy/messaging-terms-and-conditions/')
       end
     end
   end

diff --git a/spec/views/devise/sessions/new.html.erb_spec.rb b/spec/views/devise/sessions/new.html.erb_spec.rb
@@ -39,13 +39,20 @@
       )
   end
 
-  it 'includes a link to security / privacy page' do
+  it 'includes a link to security / privacy page and privacy statement act' do
     render
 
     expect(rendered).
-      to have_link(t('notices.terms_of_service.link'), href: MarketingSite.privacy_url)
+      to have_link(t('notices.privacy.security_and_privacy_practices'),
+                   href: MarketingSite.security_and_privacy_practices_url)
+    expect(rendered).
+      to have_selector("a[href='#{MarketingSite.security_and_privacy_practices_url}']\
+[target='_blank'][rel='noopener noreferrer']")
 
-    expect(rendered).to have_selector("a[href='#{MarketingSite.privacy_url}']\
+    expect(rendered).
+      to have_link(t('notices.privacy.privacy_act_statement'),
+                   href: MarketingSite.privacy_act_statement_url)
+    expect(rendered).to have_selector("a[href='#{MarketingSite.privacy_act_statement_url}']\
 [target='_blank'][rel='noopener noreferrer']")
   end
 

diff --git a/spec/views/layouts/user_mailer.html.erb_spec.rb b/spec/views/layouts/user_mailer.html.erb_spec.rb
@@ -38,6 +38,7 @@
   end
 
   it 'includes link to the privacy policy' do
-    expect(rendered).to have_link(t('mailer.privacy_policy'), href: MarketingSite.privacy_url)
+    expect(rendered).to have_link(t('mailer.privacy_policy'),
+                                  href: MarketingSite.security_and_privacy_practices_url)
   end
 end
diff --git a/spec/views/shared/_footer_lite.html.erb_spec.rb b/spec/views/shared/_footer_lite.html.erb_spec.rb
@@ -24,8 +24,11 @@
     it 'contains link to privacy page' do
       render
 
-      expect(rendered).to have_link(t('links.privacy_policy'), href: MarketingSite.privacy_url)
-      expect(rendered).to have_selector("a[href='#{MarketingSite.privacy_url}'][target='_blank']")
+      expect(rendered).to have_link(t('links.privacy_policy'),
+                                    href: MarketingSite.security_and_privacy_practices_url)
+      expect(rendered).
+        to have_selector("a[href='#{MarketingSite.security_and_privacy_practices_url}']\
+[target='_blank']")
     end
 
     it 'contains GSA text' do