Group says few fed sites protect privacy

While a growing number of agencies are collecting personal information such as Social Security numbers from visitors to federal World Wide Web sites few have policies or mechanisms to guard against the data falling into the wrong hands according to a report released last week by OMB Watch.

The nonprofit watchdog group OMB Watch surveyed the 70 federal Web sites listed by the White House on its home page and found that almost half or 31 of the agencies routinely collect online information such as name address e-mail address and Social Security number from the visitors to their Web sites. However only 11 of those agencies collecting this personal data tell users what the information is for according to the report "A Delicate Balance: The Privacy and Access Practices of Federal Government World Wide Web Sites."

In addition only 17 percent of the agencies surveyed are providing adequate Privacy Act statements which are required by law to inform individuals how the agency will use the collected data what agency authorized its collection what the agency will do with the information and the consequences of not providing the information. The survey also determined that agencies have no mechanisms that allow individuals to access their own records via the Web another requirement of the Privacy Act.

Ari Schwartz the primary author of the report and an information specialist at OMB Watch said the emergence of the Internet as a publishing medium has blurred the lines created by the Privacy Act and other legislation. "We feel that guidance clarifying the application of these laws to the Internet would ease the tensions of both the agencies that are reluctant to supply new information over the Web and [the] users who are concerned about their privacy " Schwartz said. "The public has a right to know what kind of information is being collected about them. I think the public expects some notice of use."

No Central Privacy Policy

Despite the increasing number of agencies that are collecting personal information about site visitors for internal agency use the report notes that they are not rushing to post this information on the Web. However the report - which was prompted by the Social Security Administration's failure to install adequate privacy safeguards when it allowed online access to tax and wage information - points to potential problems resulting from the lack of a central privacy policy.

OMB has been crafting a policy guiding agency Web use for many months but has not yet released a final version. A draft version of the OMB policy did not go far enough in defining mechanisms that agencies must use to comply with the Privacy Act such as posting a detailed privacy statement including notice of use Schwartz said.

An administration official who asked not to be named said privacy is not the only issue that will be taken under consideration when drafting Web policy for agencies. Security of information efficient use of Internet resources access for users with disabilities and the application of federal records laws to the new medium will be included the official said.

Rich Kellett division director for the Emerging IT Applications Division at the General Services Administration's Office of Governmentwide Policy said the results of the report show the need to educate agencies about privacy laws and their application to the Internet.

"Right now for the Web it's a lack of knowledge " said Kellett who leads the Federal Webmasters Forum. "We've got to get the word out about what's on the books. You want to put up [on the Web] as much information as possible but when it comes to personal information about people no one wants to do that."