- The Washington Times - Wednesday, September 13, 2000

Just 3 percent of 65 federal Web sites meet on-line privacy standards proposed by the Federal Trade Commission, according to the investigative arm of Congress.

The report released yesterday by the General Accounting Office tested the sites of federal agencies against the proposed FTC guidelines for Web sites of private companies. The GAO declined to name the federal Web sites whose privacy standards passed muster and those that failed.

House Majority Leader Rep. Dick Armey, Texas Republican, said the results show the federal government is guilty of failing to protect consumer information, even while it considers new rules outlining how companies must treat data submitted to their Web sites.

"The government is less careful with information than the private sector," Mr. Armey said. "The federal government is not living up to the standards they impose on others."

A Federal Trade Commission spokesman said the report is misleading because federal Web sites are subject to separate regulations.

Mr. Armey and Rep. W.J. "Billy" Tauzin, Louisiana Republican, requested the study in June.

The FTC in May recommended that lawmakers pass legislation to bolster its ability to oversee on-line privacy because the industry had failed to protect privacy through self-regulation.

The agency backed its call for more authority by releasing its own survey that found only 20 percent of a random sample of Web sites with more than 39,000 visitors had implemented the four key components of widely accepted fair-information practices.

The legislation recommended by the FTC would require commercial Web sites to notify consumers what information is collected and how it will use the data; give consumers the option to choose whether information can be shared with third parties; give people access to information collected about them to verify its accuracy; and ensure security of that information by protecting it from unauthorized use.

In its new report, the GAO examined 65 government Web sites in July, including 32 it considered high-impact sites those handling 90 percent of the federal government's contact with people, including sites from the Department of Veterans Affairs and the Internal Revenue Service.

All the sites collected personal information, the report concluded.

Sixty-nine percent of the Web sites met the FTC standard for notifying consumers about information practices before collecting data. But only 45 percent of the sites met the standard for giving consumers a voice in how personal data would be used, 23 percent met the security standard ensuring protection of data, and 17 percent gave consumers access to their personal data.

Mr. Tauzin said the concern over how federal Web sites treat personal information stems from the fact consumers have little choice when it comes to providing agencies with data about themselves.

If the FTC is going to impose new standards on the private sector, he said, they should be applied to public-sector sites, too.

"These are agencies that collect information from Americans, and increasingly they do that on the Internet," Mr. Tauzin said.

FTC spokesman Eric London said criticism that the agency doesn't apply its on-line privacy proposals to federal sites is misguided, because federal sites are regulated under the Privacy Act, while commercial sites are unregulated.

The Privacy Act says consumers have a right whether or not to submit personal information and requires agencies to tell consumers how their information will be used.

The FTC privacy proposals were drafted because of concern over how commercial sites treat personal information.

Toysmart.com is one example. The company closed in May, filed for Chapter 11 bankruptcy protection in June and solicited bids for its assets, including about 250,000 customer names, addresses and credit-card numbers. The FTC filed suit against Toysmart.com, but settled with the company when it agreed it would sell the list only if the buyer abided by the terms of the Web site's privacy policy.

"You don't have that problem with government Web sites," Mr. London said.

The GAO report comes a day after another report stated that seven of 24 major federal agencies failed to pass a security review of their computer systems.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide