GAO: Web privacy guidelines not clear
- By Diane Frank
- May 31, 2001
The failure of Office of Management and Budget officials to spell out privacy guidelines in clear and concise terms has created continued privacy concerns about agency Web sites, according to a new report by the General Accounting Office.
The report focuses on the use of "cookies," which are small pieces of software stored on users computers when they visit a Web site. OMB officials have given agencies do's and don'ts for cookies, but the guidelines are spread across several memoranda, as well as in a letter to the federal CIO Council that is not included on the OMB Web site, GAO found.
The guidance also has a confusing gap, according to GAO.
OMB told GAO that session cookies do not present a privacy concern, and therefore, no disclosure is required. But by following this position, agencies could state they are not using cookies while continuing to use session cookies.
All four using cookies without disclosure have since removed the cookies from their sites, according to GAO. Two of the others have also removed their cookies, while the final two are going through the process to meet the OMB conditions.
GAO conducted the review following a request from Sen. Fred Thompson (R-Tenn.), chairman of the Senate Governmental Affairs Committee, because of privacy concerns raised last year when it was discovered how many agencies were using persistent cookies.
OMB officials provided no written comment to GAO on the report.