An ideal seal for privacy in the federal government?

Privacy is a major concern of Internet users visiting commercial and government World Wide Web sites. In the private sector, one response has been the development of "seal" programs, such as the Good Housekeeping Seal, certifying that a site meets the minimum privacy standards. Is this an approach that government Web sites should adopt?

The Center for Democracy and Technology recently reviewed the three major seal programs: TrustE, BBBOnLine and CPA WebTrust. While the seals are no substitute for a baseline legal framework and have been adopted by only a small number of Web sites, they have begun to incorporate the idea of basic fair information practices into their programs, fostering at least some of the protection consumers deserve.

However, unlike the private sector, the federal government is bound by the Privacy Act of 1974. The Privacy Act codifies fair information practices and is stronger than the protection provided by the seal programs. The act prohibits the sharing of personal information among agencies, with few exceptions. It also allows individuals to find out what information agencies have collected about them and forces agencies to publicly describe their collections of personally identifiable information.

Earlier his month, the Office of Management and Budget took this one step further, requiring all agency Web sites to have privacy policies by Sept. 1 and all government points of entry on the Web to have a privacy policy by Dec. 1. Government Web sites do not need a private entity to verify that they are respecting the public's privacy, but they should educate users on their rights to privacy under the law.

Federal agency Web sites could take a number of steps to aid the public in identifying their privacy rights. A common Privacy Act logo on all government privacy policies would help achieve this goal. This logo or seal could link to a page - housed at either the Justice Department or the new privacy office within OMB - with a set of resources. These resources could include:

* Frequently asked questions about the Privacy Act.

* The text of the law.

* A direct way to submit Freedom of Information Act and Privacy Act requests online.

* General security and privacy tips for users of federal Web sites.

This does not mean that all agencies would have to adopt the same privacy policy. Each agency has different information practices, including policies on collecting and storing data, both of which should be noted in a privacy policy. For now, the Privacy Act seal would appear with the privacy policy linked from each agency's home page.

There is a move afoot to automate privacy policies so that Web browsers would be able to assess Web sites' privacy protection. The goal is to create an Internet-friendly method that enables users to understand what happens to their information without having to read the legalese of a privacy policy.

A standard, called the Platform for Privacy Preferences Project (P3P), is being developed for this purpose at the World Wide Web Consortium. Once P3P is completed, the logo could help agencies in implementing the standard. P3P will offer agencies an automated means of stating their privacy practices online. Agencies can use the seal and resource to verify that they are, indeed, covered by the Privacy Act without users having to find the privacy policy at all.

Taken together, the Privacy Act, implementation of P3P and the institution of a logo program geared to federal needs will represent a major step toward improving the online practices of the federal government.

-- Schwartz is a policy analyst at the Center for Democracy and Technology, Washington, D.C.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.