Thompson / Inslee: Report Summarizes Agencies’ Lack of Compliance with Privacy Policies

WASHINGTON, DC – Senate Governmental Affairs Committee Ranking Member Fred Thompson (R-TN) and Congressman Jay Inslee (D-WA) today released a report summarizing the findings of federal agency Internet privacy reports. The report, which compiled data from 51 Inspectors General, concluded that agencies? compliance with privacy policies has been “inadequate.”

Findings of the report included:

            300 persistent cookies (information-collecting devices) found on the web sites of 23 different agencies;

            14 third-party agreements;

            42 web bugs, and;

            27 agencies in clear violation of their own privacy policies.

“The numerous violations uncovered by the Inspectors General represent just the tip of the iceberg,” Thompson said. “The Inspectors General could only include a tiny fraction of agency web sites in their limited reviews. Nevertheless, the IGs found hundreds of violations.” According to one report: “116 of 206 State Department web sites—well over half of the Department’s sites reviewed—had no privacy statements and therefore no means of advising users of any information collected on the sites.”

Inslee commented, “These reports document a real problem– the violation of Americans’ privacy by their own government on the Internet. Now that we are clear, the next obvious step is to determine the best solution, be it legislative or otherwise. I am working with fellow lawmakers to address this privacy concern.” Inslee added, “Solving the Internet privacy problem is not just a government issue; however, we must clean Uncle Sam’s house, in addition to demanding high industry standards.”

The Clinton Administration required that agencies develop privacy policies for their Internet sites and restricted the use of information-collecting devices known as “persistent cookies.” According to OMB, persistent cookies raise privacy concerns because they make it “technically easy” to track Internet users? browsing behavior even where that was not the original intent of the web site operator.

“Because of oversight performed by the IGs and GAO, we are already seeing improvements on agency web sites,” Thompson said. “I?m glad to see that there has been such a positive response to our oversight work. Due to poor web site management, these privacy violations have been piling up for years. I look forward to continuing to work with the Administration to ensure citizens? privacy and security on agency web sites.”

The Internet privacy reports were required by the Thompson-Inslee amendment to the Consolidated Appropriations Act of 2000, Section 646. The Thompson-Inslee amendment requires each agency Inspector General to report to Congress on how the agency collects, shares and reviews personal information on its Internet site. The amendment followed a GAO audit requested by Chairman Thompson in October of 2000, which found that 13 agencies were violating the OMB?s privacy policies by using cookies despite claiming they were not.

Highlights of Recent IG Reports on Internet Data Collection

Letter from the Department of Defense Inspector General