Feds flunk Web privacy, GAO says

The federal government could do a better job of practicing the privacy habits that the Federal Trade Commission preaches for commercial Web sites, according to a General Accounting Office report released Tuesday.

The report, which three Republican lawmakers commissioned in June, applied the FTC's "fair information practices" recommendations to 65 federal government Web sites, including the FTC's own site. According to the report, only 3 percent of the sites contained "elements" of all four of the fair-information practices decreed by the FTC.

The FTC wants a law requiring e-commerce companies to give consumers "conspicuous" notice when personal information is collected, options on how their personal information can be used, a chance to see what the company has collected on them and assurances that their information will be kept secure.

The FTC's May report said that while commercial sites had made some progress, the four criteria were far from standard practice and needed to be codified by Congress.

"People with glass Web sites should not throw stones," said Rep. Richard Armey (R-Texas), the House majority leader, in a statement. In June, Armey and Reps. Billy Tauzin (R-La.) and Bob Goodlatte (R-Va.) wrote a letter to President Clinton and Vice President Al Gore charging that it would be "hypocritical for the federal government to mandate a standard on the private sector that it cannot itself meet."

The Clinton administration is dismissing the report as an invalid comparison of government and commercial Web sites. The administration says that use of personal information by federal Web sites is governed by the Privacy Act of 1974, a much tougher legal standard than the voluntary self-regulation employed by commercial sites.

"We believe that the statistics in this report are seriously misleading," said Peter Swire, the administration's chief privacy counselor.

Swire pointed to another GAO report released last week that found that 69 of 70 federal Web sites surveyed posted privacy notices. Swire said that the Privacy Act mandates that, with some exceptions, the federal government can't share personal data without the explicit consent of the individual, a stronger standard than that recommended by the FTC. Furthermore, Swire said, citizens have unfettered access to their data in government files.

For more Internet economy news, visit TheStandard.com. Story copyright 2000 The Industry Standard. All rights reserved. Distributed by IDG News Service.