Story: 97% of Government Web Sites Fail the FTC's Online Privacy Test, 9/13/00.

Tech Law Journal
News, records, and analysis of legislation, litigation, and regulation affecting the computer, internet, communications and information technology sectors
TLJ Links: Home \| Calendar \| Subscribe \| Back Issues \| Reference Other: Thomas \| USC \| CFR \| FR \| FCC \| USPTO \| CO \| NTIA \| EDGAR

97% of Government Web Sites Fail the FTC's Online Privacy Test

(September 13, 2000) The GAO released a report on the privacy practices of federal government web sites. It conducted a survey of 65 web sites, and found that only 3% complied with all four of the "fair information practices" that the FTC applies to commercial web sites.

Related Documents

GAO Report titled Internet Privacy: Comparison of Federal Agency Practices with FTC's Fair Information Principles, [GAO/AIMD-00-296R], 9/11/00.

Transcript of Press Conference of Rep. Armey and Rep. Tauzin, 9/12/00.

The General Accounting Office (GAO), which is the research arm of the U.S. Congress, modeled its study of government web sites on the Federal Trade Commission's (FTC) study of commercial web sites. In May the FTC released the results of a survey of commercial web sites' compliance with four "Fair Information Practices" announced by the FTC.

The GAO applied these same four standards -- notice, choice, access, and security -- to 65 government web sites, including that of the FTC. As with the FTC study, two sets of sites were selected: high impact sites, and a group of randomly selected sites.

The GAO found that only 3% of federal government web sites complied with all four of the FTC's fair information practices. 100% collected personal information. 85% posted a privacy policy; but, only 69% met the FTC's criteria for notice. 45% met the choice requirement. 17% met the access requirement. 23% met the security requirement. The FTC's web site failed to satisfy all four of its own privacy principles.

The FTC's Four Fair Information Practices

Notice. Data collectors must disclose their information practices before collecting personal information from consumers.

Choice. Consumers must be given options with respect to whether and how personal information collected from them may be used for purposes beyond those for which the information was provided.

Access. Consumers should be able to view and contest the accuracy and completeness of data collected about them.

Security. Data collectors must take reasonable steps to ensure that information collected from consumers is accurate and secure from unauthorized use.

The GAO also examined one topic not addressed by the FTC study: cookies. It found that 14% of government web sites surveyed allowed the placement of third party cookies.

The report was prepared at the request of House Majority Leader Dick Armey (R-TX) and Rep. Billy Tauzin (R-LA), the Chairman of the House Telecommunications, Trade and Consumer Protection Subcommittee. The two held a press conference in the Capitol Building on Tuesday morning, September 12, to release the report.

Both criticized government agencies for failing to protect the privacy of citizens, and the FTC in particular, for applying a set of standards to the private sector, which the government does not follow itself.

"The GAO study is a devastating assessment of the Clinton-Gore administration's failure to live by its own privacy standards," said Rep. Armey.

"We cannot let a government that has this kind of a performance presume to police the private sector on privacy," he added.

He also criticized the FTC for creating its four fair information practices "out of whole cloth."


Rep. Dick Armey (R-TX)

Rep. Armey said that he had a message for businesses. "Observe good privacy habits, do so, we will protect you as best we can against government intrusion. But nobody can protect you from your own failure to perform well on the privacy side."

He also delivered a message for government. "Clean up your own house, before you start tending to somebody else's."

Both Rep. Armey and Rep. Tauzin made two points repeatedly. First, the GAO study shows that the private sector has performed better on online privacy than the federal government. And second, since the government compels individuals to divulge information to it, but consumers have the choice not to visit any commercial web site, the government ought to be held to a higher standard.


	Rep. Billy Tauzin (R-LA)

Rep. Tauzin delved into more of the details of the report. He then concluded his opening statement with four recommendations. "We have got some work to do with federal agencies, first, in protecting the information that Americans must involuntarily share with federal agencies."

"Secondly, we need to make sure that consumers have the right, indeed, to correct that information obtained by the government about them."

"And third, we have got to have a lot more security about the information. American citizens must give the government, and the government ought to protect, both for the consumers and the citizens of our country, and for the sanctity of those collecting systems."

"And finally, we ought to be seriously questioning whether federal web sites ought to be allowing cookies to be placed on web sites that you and I must travel to in order to comply with federal law."

The GAO study was conducted by Linda Koontz, Associate Director, Governmentwide and Defense Information Systems.