OMB to reinforce agencies' cookie diet

Featured eBooks
Health Tech
Read Now

Next-Generation Computing

Read Now

Space Tech

Read Now
Insights & Reports
Stay Ahead of the Latest Threats with Intelligence-driven Security Operations
Presented By Google Cloud
Download Now
Strengthening cloud security for federal agencies
Presented By Wiz
Download Now
By Diane Frank

By Diane Frank

|

OMB will take action to reinforce the administration's Web privacy policies after a congressional report found several federal agencies in violation

GAO report: "Internet Privacy: Federal Agency Use of Cookies"

Related Links

OMB June 1999 privacy policy

OMB June 2000 privacy policy

OMB September 2000 correspondence on privacy policy

"Congress: Stay out of the cookie jar"

The Office of Management and Budget will take action to reinforce the administration's

Web privacy policies after a congressional report found several federal

agencies in violation.

A General Accounting Office review requested by Sen. Fred Thompson (R-Tenn.),

chairman of the Senate Governmental Affairs Committee, found that 12 agencies

still used "cookies" on their sites in September, contrary to administration

policy.

In a letter to GAO, Sally Katzen, deputy director for management at

OMB, said that OMB will contact the noncompliant agencies "promptly, to

reinforce administration policy."

Under a June 1999 memorandum from OMB, agencies cannot use cookies without

giving clear and conspicuous notice to visitors of their Web sites. Cookies

are small pieces of software placed on a user's hard drive by a Web server

that enable the server to track returning users.

OMB further defined this policy in a follow-up memo in June 2000 as

well as in September correspondence with the CIO Council's privacy subcommittee.

OMB stated that an agency must give notice if a Web site uses session cookies,

which are erased from a user's hard drive when a user leaves a particular

site.

Additionally, OMB directed agencies not to use persistent cookies, which

stay on a user's hard drive for a specific amount of time, unless the agency

meets specific guidelines. The guidelines include clear notice that cookies

are being used; a compelling need by the agency to gather such data; safeguards

to handle any information collected; and personal approval from the agency

head.

The GAO review found that 12 agencies still used cookies without giving

notice, and seven of those agencies used persistent cookies. When GAO checked

those sites again on Oct. 17, the cookies were still in place at 11 of the

agencies.

In the June 2000 memo, OMB also required agencies to report to OMB on

the steps they have taken to comply with the administration privacy policy

as part of their fiscal 2002 budget requests. Those reports will be turned

in this December, and OMB will use them to make certain the policy is being

implemented, Katzen wrote.

NEXT STORY: People can check out tech at libraries