GSA: Protect Web users' privacy
- By Heather Harreld
- Jul 12, 1998
The General Services Administration last week signed off on a governmentwide memo urging agencies to place a high priority on protecting the public's privacy on federal World Wide Web sites.
The July 9 memo from Joan Steyaert, GSA's deputy associate administrator for information technology, outlines eight privacy principles that agency officials should apply to the operation of their Web sites. The memo urges agency officials to notify the public with a privacy notice whenever collecting data via the Internet and to use the information only for the purpose for which it was gathered as disclosed in the privacy notice.
GSA wrote the memo to alert agencies that while Web site security and privacy concerns are often lumped together, officials need to pay close attention to protecting privacy when designing Web sites, said Rich Kellett, division director of GSA's Emerging Information Technologies Policies Division.
Many federal agencies in the past two years have come to realize they should craft privacy policies and post privacy notices for Web sites to cover issues such as logs of people who visit the site, the e-mails users send to the Webmaster and other site-specific issues, Kellett said.
Few agencies, however, realize the need for privacy notices when collecting information directly from the public, Kellett said. The most common examples, he said, are when agencies collect information from the public via surveys posted on a site without also posting a privacy notice detailing how the agency will use the data or when officials use the data for some purpose other than that which is outlined in the privacy notice.
Robert Stephens, Webmaster at the National Cancer Institute, said privacy has been a principal concern for officials during the institute's ongoing redesign of its Web site. Officials plan to post a link to a privacy notice and to fully disclose what data they will gather about users and how they plan to use it. As part of the institute's Web site overhaul, officials will begin using software that will collect information about users via browser "cookies," which allow the Web site to identify the individual accessing their site, and will allow users to opt for automated updates when new information is posted.
However, while these functions provide advanced features that users may be interested in, privacy concerns must be balanced as well, Stephens said. For example, a person newly diagnosed with cancer wants to receive all the information the site can provide without necessarily revealing specifics about his medical status.
"More than most Web sites, we have to take the utmost [privacy] precautions," Stephens said. "The privacy issues are paramount here; on the other hand, people want personalized help. We're trying to balance the natural curiosity of the patients with their need for privacy."
OMB officials have been planning to release guidelines for federal use of the since late 1996, but none have been published.