Government agencies have been quick to move public information and transactions to the Internet, but theyve been slow to post privacy policies that tell citizens how theyll protect personal data collected and distributed online. Research from several sources indicates that public agency Web sites -- particularly those operated by local jurisdictions -- rarely spell out the circumstances under which data collected from constituents will be shared with other organizations, made public, sold to third parties or otherwise used.
"It was very surprising to see the lack of privacy policies for cities and counties, as well as to see that over time they had done almost nothing [to improve]," said Danielle Germain, program manager for the Information Technology Association of Americas enterprise solutions division and a member of the NECCC workgroup that conducted the survey.
Results were more encouraging for states. NECCCs December survey found that 24 states posted privacy policies on their primary home pages. Whats more, those findings showed a 140 percent increase over the groups initial March survey, which located privacy policies on just 10 state home pages.
However, a Brown University study of 1,800 state and federal agency Web sites paints a bleaker picture. Only 7 percent of those sites included even the most rudimentary of privacy statements, said Darrell West, the political science professor who conducted the study last year.
Governments struggle with privacy policies for any number of reasons, according to observers.
West said creating these policies forces agencies to confront sensitive legal and political issues. "A big problem is really deciding what kind of commitment you want to make to the people using your Web sites. Virtually no one -- either in the public or private sector -- is offering an iron-clad privacy statement," he said. "Many of them are basically collecting information and promising not to disclose it or sell it outside of the site. But there are a lot of loopholes built in."
Privacy policies also may disclose contentious practices, such as the marketing of citizen information to third parties. "In the bricks-and-mortar part of government, the public sector is already reselling data. When people apply for a drivers license, many of them dont realize that state governments often sell that information," he said. "So consumers might be surprised to learn how information that they provide might be used."
Lack of leadership, particularly at the local government level, may contribute to the problem, added Germain. "Maybe the county board of supervisors is not very technology savvy, or there could be no CIO to drive these things forward," she said.
Finally, these policies must be carefully crafted to minimize legal risks, particularly in the cases of large agencies with complex business dealings. "That slows down the process because their lawyers get involved," said Jerry Johnson, a senior policy analyst at the Texas Department of Information Resources. "Lawyers are going to be very careful about what they say [in the policy] because if you say one thing and yet that information can be disclosed, you could be liable."
From a broader perspective, Johnson said the Internets ability to instantly deliver information on nearly any subject forces government agencies to rethink the ground rules for releasing public information.
Thanks to the Web, its now easy to assemble combinations of data that may have serious security implications, he said. For example, cities and counties have begun posting property tax information. Some local Web sites also list permits issued for various home improvements, including the installation of security systems. Theres even talk among localities about posting construction diagrams online.
"If they do all of that, I can search for the most expensive homes, see the building diagrams, check if they have a security system and figure out the best way to break in," Johnson said. "[Agencies] may not think of any of that data as being sensitive when viewed by that single application. But now I can start creating a more definitive picture of an individual based on what I was able to access at the local level, state level and federal level."
Although this information traditionally has been available to the public, getting your hands on it generally meant going to a government office and waiting in line for a paper copy. The Web eliminates those physical barriers, delivering the data to users in a matter of minutes.
"Theres always been a move in America to make government as open as possible for accountability, but how do we balance the public good and the right to know with the privacy of the individual?" Johnson asked.
Government also must reconsider whether it needs all of the citizen data it collects, he said. Johnson and others recommend that agencies eliminate requests for unneeded information when they redesign paper forms for e-government applications.
"The interesting thing is now a lot of the forms are being modified not to eliminate information but to add information, such as e-mail addresses," he said. "We have to start rethinking what is the minimum essential information necessary to conduct a transaction and not collect more than is absolutely necessary."
The public sectors ability to construct effective privacy policies may factor greatly in the widespread acceptance of electronic government. Privacy and the closely related issue of data security have sparked growing public concern.
A study released last year by the Pew Internet & American Life Project found that 46 percent of Internet users lacked confidence that their online activities are private. Only 10 percent of respondents were "very confident" that the things they do online are private and will not be used by others without permission.
Addressing these concerns will be vital to electronic governments success, said Germain. "E-government cannot move forward unless people are convinced that their transactions will be secure and confidential. We want e-government to go forward, but we have to make sure that people feel confident enough to use it."