Federal Websites Fail on Privacy Standards

September 16, 2000 12:00 am

Media Contact
125 Broad Street
18th Floor
New York, NY 10004
United States

WASHINGTON, DC — Most federal websites do not meet the commercial standards for Internet privacy set by the Federal Trade Commission, including the commission’s own site, The New York Times reported today. The findings are in a new report by the General Accounting Office.

According to the Times, the GAO had been asked by Republican lawmakers, led by Representative Dick Armey of Texas, the House majority leader, to assess the privacy standards of government websites.

The study released last week by the GAO, the investigative agency of Congress, found that virtually all of the federal sites, including those of the Internal Revenue Service and every cabinet-level agency, failed to meet the government’s four main privacy standards. Only three percent of the sites met those standards.

The Clinton Administration rejected the study’s findings. Sally Katzen, the deputy director for management at the White House Office of Management and Budget, called the report “seriously misleading.”

She said that federal agencies had been directed to follow the Privacy Act of 1974 and internal rules on website policies rather than the commission’s standards.

She added that it was commonplace for federal agencies “to tailor privacy laws and policies to the needs of the particular sector.

Barry Steinhardt, the Associate Director of the American Civil Liberties Union and director of the ACLU’s Internet Privacy Project, called the results “disturbing but not surprising.”

“The public’s privacy is constantly violated on the Internet, and most people are simply unaware of how much of their personal information is available to anyone and any organization that wants it,” Steinhardt said. “It is certainly reprehensible that the government, which should be protecting the public’s interests, is participating in this mass invasion of privacy.”

The four federal standards for Internet privacy are that a site must disclose its information practices before personal data is collected from consumers; sites must allow consumers to decide whether their personal information may be used for secondary purposes, such as their names and addresses being placed on mailing lists; consumers must have access to their personal data, with the option to change it if it is incorrect or incomplete; and the site must protect data against unauthorized access.

Mr. Armey said that agencies like the IRS and the Department of Health and Human Services, which have “access to many of your personal medical records,” should be held to clear and strict standards.

“You are required to give this information to the government — you have no choice,” Mr. Armey noted. “You don’t have to use a commercial website if you feel it has a bad privacy policy.”

Every month, you'll receive regular roundups of the most important civil rights and civil liberties developments. Remember: a well-informed citizenry is the best defense against tyranny.

Learn More About the Issues in This Press Release