OMB to reinforce agencies' cookie diet

GAO report: "Internet Privacy: Federal Agency Use of Cookies"

The Office of Management and Budget will take action to reinforce the administration's

Web privacy policies after a congressional report found several federal

agencies in violation.

A General Accounting Office review requested by Sen. Fred Thompson (R-Tenn.),

chairman of the Senate Governmental Affairs Committee, found that 12 agencies

still used "cookies" on their sites in September, contrary to administration


In a letter to GAO, Sally Katzen, deputy director for management at

OMB, said that OMB will contact the noncompliant agencies "promptly, to

reinforce administration policy."

Under a June 1999 memorandum from OMB, agencies cannot use cookies without

giving clear and conspicuous notice to visitors of their Web sites. Cookies

are small pieces of software placed on a user's hard drive by a Web server

that enable the server to track returning users.

OMB further defined this policy in a follow-up memo in June 2000 as

well as in September correspondence with the CIO Council's privacy subcommittee.

OMB stated that an agency must give notice if a Web site uses session cookies,

which are erased from a user's hard drive when a user leaves a particular


Additionally, OMB directed agencies not to use persistent cookies, which

stay on a user's hard drive for a specific amount of time, unless the agency

meets specific guidelines. The guidelines include clear notice that cookies

are being used; a compelling need by the agency to gather such data; safeguards

to handle any information collected; and personal approval from the agency


The GAO review found that 12 agencies still used cookies without giving

notice, and seven of those agencies used persistent cookies. When GAO checked

those sites again on Oct. 17, the cookies were still in place at 11 of the


In the June 2000 memo, OMB also required agencies to report to OMB on

the steps they have taken to comply with the administration privacy policy

as part of their fiscal 2002 budget requests. Those reports will be turned

in this December, and OMB will use them to make certain the policy is being

implemented, Katzen wrote.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.