Federal agencies are not doing enough to protect the privacy of visitors to their World Wide Web sites, argues a report released Wednesday by OMB Watch, a nonprofit advocacy group.
The report, entitled "A Delicate Balance: The Privacy and Access Practices of Federal Government World Wide Web Sites," analyzes current agency privacy practices on the Web and offers a series of recommendations to address privacy concerns.
"We found that there is no governmentwide policy regarding privacy concerns on federal Web sites," said Ari Schwartz, the report's primary author. "This has led to a situation in which agencies collect personal information about visitors, but fail to tell them why that information is being collected and what it is being used for."
Schwartz surveyed the 70 federal web sites listed in the Interactive Citizen's Handbook section of the White House site.
Of the sites surveyed, 31 collect personally identifiable information (name, e-mail address or Social Security number) in some form. However, only 11 of these 31 agencies provide notices about what they will do with the information. Only four agencies -- the Commodity Futures Trading Commission, the Federal Deposit Insurance Corporation, the Social Security Administration and the Postal Service -- give full notification in every location where personally identifiable information is collected.
Franklin S. Reeder, who has worked on privacy and information issues for more than 20 years at OMB and the White House, said people have a right to be informed about what agencies intend to do with the data they ask for. "The public ought not to be surprised. The public ought to know what the government is doing with their information," he said.
The report found that 13 of the agencies surveyed collect information that can be characterized as personal records under the Privacy Act of 1974. Such records contain individually identifiable information, such as a person's educational background or financial, medical, criminal or employment history. Of the agencies collecting personal records, nine have detailed Privacy Act notices on their sites.
The report also found that three agencies were using "cookies," a sophisticated tool for collecting information about people who come to a Web site. Those agencies -- the Department of Veterans Affairs, the Federal Emergency Management Agency and the National Science Foundation -- ceased this practice after reading a draft copy of the report.
The report suggests that OMB develop a governmentwide policy on balancing access and privacy online and conduct workshops for federal employees involved in technology and privacy work.
Schwartz noted that OMB is currently in the process of developing federal Internet privacy guidelines.
For a copy of the report, contact OMB Watch at ombwatch@rtknet.org or call 202-234-8494.
NEXT STORY: Year 2000 Clock Ticking