|Balance Freedom of Information Act and Privacy Act requirements.|
The General Services Administration is pushing for more privacy protection
on agency Web sites, according to a memo released last month.
Privacy concerns at federal Web sites will continue to grow as Web technology is
utilized increasingly by the federal agencies for the management of information, in
conducting electronic transactions, in communications and other areas, said Joan C.
Steyaert, deputy associate administrator of GSAs Office of Information Technology in
Privacy is a critical issue to the development of federal Web sites and an
underlying principle necessary for promoting electronic business with the public,
The document, posted on the Web at http://www.itpolicy.gsa.gov/mke/fedwebm/privacy.htm,
recommends agencies do three things:
The GSA document contends that privacy needs to be a common thread throughout
government, said Richard N. Kellett, director of GSAs Emerging IT Policies
The Privacy Act of 1974, which GSA is using to frame its policy, focuses on program
data, Kellett said.
Large-scale electronic commerce in government makes the protection of account numbers,
personal identification numbers and other transaction data of paramount importance,
Many agencies use the Federal Trade Commissions privacy statement as a policy
model, Kellett said.
Balancing privacy laws with Freedom of Information Act requests is also difficult, he
Carlynn Thompson, director of research, development and acquisition support for the
Defense Technical Information Center, said Defense Department has even received FOIA
requests for the departments Web logs.
Weve taken the stand that we will not release Web logs to anyone,
Thompson said. We do not want to risk revealing preference-type information.
The only exception would be in response to court orders or law-enforcement efforts to
track down hackers, she said.
Defenses home site, at http://www.defenselink.mil,
what we collect and how that information might be used, Thompson said.
The site informs users that DOD collects some information for statistical purposes.
The site identifies the host name or Internet protocol address of the visitor, the date
and time the person logged on to the site, the site viewed and the size of that site, the
browser the person is using and the last site the person visited.
DOD also notifies users that its sites use security software that monitors traffic to
identify unauthorized attempts to change information or damage the site.
The Office of Management and Budget has also been writing a Web policy.
Agencies must collect from the public only the information necessary for the
performance of official functions and must notify users when information is
collected, a draft of the OMB document said.