Government agencies have been quick to move public information and transactions to the Internet, but theyve been slow to post privacy policies that tell citizens how theyll protect personal data collected and distributed online. Research from several sources indicates that public agency Web sites -- particularly those operated by local jurisdictions -- rarely spell out the circumstances under which data collected from constituents will be shared with other organizations, made public, sold to third parties or otherwise used.
"It was very surprising to see the lack of privacy policies for cities and counties, as well as to see that over time they had done almost nothing [to improve]," said Danielle Germain, program manager for the Information Technology Association of Americas enterprise solutions division and a member of the NECCC workgroup that conducted the survey.
Results were more encouraging for states. NECCCs December survey found that 24 states posted privacy policies on their primary home pages. Whats more, those findings showed a 140 percent increase over the groups initial March survey, which located privacy policies on just 10 state home pages.
However, a Brown University study of 1,800 state and federal agency Web sites paints a bleaker picture. Only 7 percent of those sites included even the most rudimentary of privacy statements, said Darrell West, the political science professor who conducted the study last year.
Governments struggle with privacy policies for any number of reasons, according to observers.
West said creating these policies forces agencies to confront sensitive legal and political issues. "A big problem is really deciding what kind of commitment you want to make to the people using your Web sites. Virtually no one -- either in the public or private sector -- is offering an iron-clad privacy statement," he said. "Many of them are basically collecting information and promising not to disclose it or sell it outside of the site. But there are a lot of loopholes built in."
Privacy policies also may disclose contentious practices, such as the marketing of citizen information to third parties. "In the bricks-and-mortar part of government, the public sector is already reselling data. When people apply for a drivers license, many of them dont realize that state governments often sell that information," he said. "So consumers might be surprised to learn how information that they provide might be used."
Lack of leadership, particularly at the local government level, may contribute to the problem, added Germain. "Maybe the county board of supervisors is not very technology savvy, or there could be no CIO to drive these things forward," she said.
Finally, these policies must be carefully crafted to minimize legal risks, particularly in the cases of large agencies with complex business dealings. "That slows down the process because their lawyers