INTERNAUT

Agencies can get help posting all-important statements on privacy

By Shawn P. McCarthy

It has been more than a year since the Federal Trade Commission issued its scathing report about online privacy, posted at www.
ftc.gov/reports/privacy3/index.htm.

FTC blasted the way that many Web sites collect personal information without informing visitors of what will be done with it.

Although FTC is not recommending regulation, privacy policy has become the Net's leading buzz phrase. Many prominent sites have complied with FTC's call for easy-to-find privacy statements. Alliances have formed to standardize wording in privacy statements, and new tools are being developed to control the automatic gleaning of private information during site visits.

Many agencies have put visible privacy statement pointers on their front pages or, more effectively, in the footer of every page. To see good policy examples, visit www.cia.gov/cia/notices.html#priv, www.ftc.gov/ftc/privacy1.htm and www.whitehouse.gov/WH/html/privacy.html. But there are still plenty of government Web servers without privacy statements.

It's a must

A posted policy is vital when a site distributes public information via subscription or e-mail alerts because that requires collecting information about visitors.

Some agency officials might object that their sites collect far less private data than commercial sites do. But any agency that wants to establish a relationship of trust with citizens is going to have to adhere to basic privacy principles.

One of the clearest sets of privacy goals I have seen comes from the Online Privacy Alliance, a group of 80 corporations and associations, at www.privacyalliance.org/. One area tells how to establish a site policy and gives guidelines and frameworks.

Many commercial sites participate in one of the evolving privacy seal programs that verify participation in an auditing process. Usually a third party must confirm the policy posting and a site's adherence to privacy standards.

The most common seals come from BBBOnLine, a subsidiary of the Council of Better Business Bureaus, and from Truste, a privacy advocacy group in Palo Alto, Calif. See www.bbbonline.org/
database/Papp/papp.cfm and www.truste.org/.

The approval groups press members to present information in a certain format and not to dupe visitors into entering personal data under false pretenses.

Once the majority of Net sites adopt minimal standards, we can expect to see more specialized tools that control access to private information. For example, digitalme from Novell Inc. builds new tools on top of Novell Directory Services to manage users' digital identities and authentications. Check it out at www.digitalme.com/.

Jotter, from Jotter Technologies Inc. of New York, is a browser toolbar with several functions, including storage of security profiles. Downloadable for free at www.jotter.com/, jotter automatically locates privacy policies on Web sites.

The World Wide Web consortium has developed what it calls the Platform for Privacy Preferences, which lets a visitor's browser review any site's privacy policy electronically to see whether it fits chosen parameters. Details appear at www.w3.org/TR/NOTE-P3P-CACM/.

Federal webmasters should start familiarizing themselves with these new privacy systems, because some visitors might already have them enabled.

Shawn P. McCarthy designs products for a Web search engine provider. E-mail him at smccarthy@lycos.com.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.