Internaut: Government shouldn't break its privacy promises

Shawn P. McCarthy

Now is make or break time for federal online privacy policy.

Several parallel efforts are under way, some of which increase government commitment to privacy, while others openly break trust in the government's data collection integrity.

All Web sites, government and commercial, are supposed to have easy-to-find privacy policies stating what information is collected from visitors and how it's shared.

As of last month, federal privacy policies also must give specific details about what information is voluntary, what is not, how it will be used and whether consent must be given for its use.

Because visitors enter government sites in many different ways, they sometimes do not find the privacy policy links at the bottom of each page.

To make sure of covering all these bases, the Office of Management and Budget is pushing agencies to conduct privacy impact assessments of all new or significantly updated systems. The goal is compliance with the privacy mandates in the E-Government Act of 2002 and follow-on privacy regulations.

That's a worthy goal because the government sometimes drops the ball on privacy.

Last March, the Treasury Department's Alcohol and Tobacco Tax and Trade Bureau requested e-mail comments about proposed tax increases on flavored malt beverages. The original policy for data collection was that the text from the comments would be shared without e-mail or postal addresses or other personal information.

More than 14,000 comments came in. The bureau posted a Federal Register notice on Dec. 2 stating it could not remove all the private information in a timely manner. Instead, it modified the rules after the fact and gave participants about three weeks to formally request that their information be kept private. Otherwise, the bureau said, it would share all collected information when the comments are made public. To see the notice, go to and enter 183 in the box.

A privacy promise isn't a promise at all if it can be changed after the fact and published where most of the public won't see it. This sets a bad precedent for government privacy policies, at a time when people had started trusting those policies.

Meanwhile, the ghost of John Poindexter's Terrorism Information Awareness proposal, which lost its funding last fall, could still raise privacy worries in the months ahead.

TIA would have allowed secret collection of information from e-mail, Web sites and other sources. In theory, that could have included data collected by federal agencies even though their privacy policies prohibited formal sharing.

Although TIA was dropped from the Defense Department's appropriations bill, the bill still states that a similar system could be used to collect data on non-U.S. citizens or residents for counterterrorism and intelligence purposes. That seems to leave wiggle room for grabbing data from any source if it seems important enough.

Citizens grow to trust government when they can interact with it openly online and when they believe what they read on federal sites is true'especially what they read in a privacy policy. If trust is betrayed, even in a small way, it's more than a privacy issue. It's bad e-government.

Shawn P. McCarthy is president of an information services development company. E-mail him at

About the Author

Shawn McCarthy, a former writer for GCN, is senior analyst and program manager for government IT opportunities at IDC.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.