U.K. lays out online privacy standard

U.K. Office of the e-Envoy

The United Kingdom is poised to release a standard for collecting, storing and using its citizens' information online at a time when U.S. guidance on governmentwide Internet privacy policies has come under criticism.

The E-Trust Charter, planned for release on the U.K. Office of the e-Envoy's Web site soon, addresses the issue of citizens' confidence in online government services.

And according to charter project director Paul Waller, great care has been taken to let citizens know exactly what the government is doing with their information. "At the point of access, they should be able to just "click here' and read."

Originally, U.K. officials had planned to develop a "grand statement" and leave the specifics up to individual agencies, Waller said.

That's essentially the arrangement between the U.S. Office of Management and Budget and federal agencies, and it's drawn fire from several General Accounting Office reports on Internet privacy. One report released in May on agencies' use of "cookies"—small files stored on users' computers by Web servers to identify the user on return visits to a site—termed OMB's guidance "helpful, but fragmented and unclear."

The United Kingdom's policy will take a different approach. The charter will outline a series of questions, Waller said, and agencies will develop privacy policies from the answers that result.

E-government "cannot be something stuck out on the side. It must be embedded," Ann Steward, director of the U.K. office's e-government division, said last week at the E-Gov 2001 conference in Washington, D.C. "We will really have done our job when e-government becomes good government."

The charter's questions come from the United Kingdom's Data Protection Act of 1998, which outlines the duties of information processors and the rights of individuals. The outline will ask agencies to explain who will see the information, what will be done with it, why the agencies are collecting it and so on.

Although the outline is simple, Waller said, putting it into practice is not. But if an agency used correct business processes to develop its online system, a clear privacy policy shouldn't be a problem.

Established in 1999, the Office of the e-Envoy provides leadership for U.K. efforts to move the government online by 2005. Steward said that leadership includes giving citizens a reason to trust what government does with information.

Lacking central information technology leadership, it is hard for the U.S. government to attempt a similar privacy policy on any cross-agency issues, said Roger Baker, former co-chairman of the CIO Council's privacy subcommittee.

The Bush administration has shown little interest in a Cabinet-level chief information officer. But last month, White House officials named Mark Forman associate director for IT and e-government, a new OMB position.

Baker said Forman, despite having just three full weeks on the job, is the one to implement U.S. governmentwide policies similar to e-Envoy's policies. "It has to be Forman at this point," he said.