OMB to reinforce agencies' cookie diet
- By Diane Frank
- Oct 24, 2000
The Office of Management and Budget will take action to reinforce the administration's
Web privacy policies after a congressional report found several federal
agencies in violation.
A General Accounting Office review requested by Sen. Fred Thompson (R-Tenn.),
chairman of the Senate Governmental Affairs Committee, found that 12 agencies
still used "cookies" on their sites in September, contrary to administration
In a letter to GAO, Sally Katzen, deputy director for management at
OMB, said that OMB will contact the noncompliant agencies "promptly, to
reinforce administration policy."
giving clear and conspicuous notice to visitors of their Web sites. Cookies
are small pieces of software placed on a user's hard drive by a Web server
that enable the server to track returning users.
OMB further defined this policy in a follow-up memo in June 2000 as
well as in September correspondence with the CIO Council's privacy subcommittee.
OMB stated that an agency must give notice if a Web site uses session cookies,
which are erased from a user's hard drive when a user leaves a particular
Additionally, OMB directed agencies not to use persistent cookies, which
stay on a user's hard drive for a specific amount of time, unless the agency
meets specific guidelines. The guidelines include clear notice that cookies
are being used; a compelling need by the agency to gather such data; safeguards
to handle any information collected; and personal approval from the agency
The GAO review found that 12 agencies still used cookies without giving
notice, and seven of those agencies used persistent cookies. When GAO checked
those sites again on Oct. 17, the cookies were still in place at 11 of the
In the June 2000 memo, OMB also required agencies to report to OMB on
as part of their fiscal 2002 budget requests. Those reports will be turned
in this December, and OMB will use them to make certain the policy is being
implemented, Katzen wrote.