OMB to reinforce agencies' cookie diet

GAO report: "Internet Privacy: Federal Agency Use of Cookies"

The Office of Management and Budget will take action to reinforce the administration's

Web privacy policies after a congressional report found several federal

agencies in violation.

A General Accounting Office review requested by Sen. Fred Thompson (R-Tenn.),

chairman of the Senate Governmental Affairs Committee, found that 12 agencies

still used "cookies" on their sites in September, contrary to administration


In a letter to GAO, Sally Katzen, deputy director for management at

OMB, said that OMB will contact the noncompliant agencies "promptly, to

reinforce administration policy."

Under a June 1999 memorandum from OMB, agencies cannot use cookies without

giving clear and conspicuous notice to visitors of their Web sites. Cookies

are small pieces of software placed on a user's hard drive by a Web server

that enable the server to track returning users.

OMB further defined this policy in a follow-up memo in June 2000 as

well as in September correspondence with the CIO Council's privacy subcommittee.

OMB stated that an agency must give notice if a Web site uses session cookies,

which are erased from a user's hard drive when a user leaves a particular


Additionally, OMB directed agencies not to use persistent cookies, which

stay on a user's hard drive for a specific amount of time, unless the agency

meets specific guidelines. The guidelines include clear notice that cookies

are being used; a compelling need by the agency to gather such data; safeguards

to handle any information collected; and personal approval from the agency


The GAO review found that 12 agencies still used cookies without giving

notice, and seven of those agencies used persistent cookies. When GAO checked

those sites again on Oct. 17, the cookies were still in place at 11 of the


In the June 2000 memo, OMB also required agencies to report to OMB on

the steps they have taken to comply with the administration privacy policy

as part of their fiscal 2002 budget requests. Those reports will be turned

in this December, and OMB will use them to make certain the policy is being

implemented, Katzen wrote.


  • FCW Perspectives
    zero trust network

    Can government get to zero trust?

    Today's hybrid infrastructures and highly mobile workforces need the protection zero trust security can provide. Too bad there are obstacles at almost every turn.

  • Cybersecurity
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    NDAA process is now loaded with Solarium cyber amendments

    Much of the Cyberspace Solarium Commission's agenda is being pushed into this year's defense authorization process, including its crown jewel idea of a national cyber director.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.