OMB to reinforce agencies' cookie diet

GAO report: "Internet Privacy: Federal Agency Use of Cookies"

The Office of Management and Budget will take action to reinforce the administration's

Web privacy policies after a congressional report found several federal

agencies in violation.

A General Accounting Office review requested by Sen. Fred Thompson (R-Tenn.),

chairman of the Senate Governmental Affairs Committee, found that 12 agencies

still used "cookies" on their sites in September, contrary to administration


In a letter to GAO, Sally Katzen, deputy director for management at

OMB, said that OMB will contact the noncompliant agencies "promptly, to

reinforce administration policy."

Under a June 1999 memorandum from OMB, agencies cannot use cookies without

giving clear and conspicuous notice to visitors of their Web sites. Cookies

are small pieces of software placed on a user's hard drive by a Web server

that enable the server to track returning users.

OMB further defined this policy in a follow-up memo in June 2000 as

well as in September correspondence with the CIO Council's privacy subcommittee.

OMB stated that an agency must give notice if a Web site uses session cookies,

which are erased from a user's hard drive when a user leaves a particular


Additionally, OMB directed agencies not to use persistent cookies, which

stay on a user's hard drive for a specific amount of time, unless the agency

meets specific guidelines. The guidelines include clear notice that cookies

are being used; a compelling need by the agency to gather such data; safeguards

to handle any information collected; and personal approval from the agency


The GAO review found that 12 agencies still used cookies without giving

notice, and seven of those agencies used persistent cookies. When GAO checked

those sites again on Oct. 17, the cookies were still in place at 11 of the


In the June 2000 memo, OMB also required agencies to report to OMB on

the steps they have taken to comply with the administration privacy policy

as part of their fiscal 2002 budget requests. Those reports will be turned

in this December, and OMB will use them to make certain the policy is being

implemented, Katzen wrote.


  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected