Privacy Matters

Some say if government agencies dont develop and publish privacy policies, the public may lose confidence in e-government.

by / June 11, 2001 0
Government agencies have been quick to move public information and transactions to the Internet, but theyve been slow to post privacy policies that tell citizens how theyll protect personal data collected and distributed online. Research from several sources indicates that public agency Web sites -- particularly those operated by local jurisdictions -- rarely spell out the circumstances under which data collected from constituents will be shared with other organizations, made public, sold to third parties or otherwise used.

Of the nations 25 most populous cities, only San Diego had posted a privacy policy on its main Web page, according to an informal study released late last year by the National Electronic Commerce Coordinating Council (NECCC). Similarly, Maricopa County, Ariz., was the only jurisdiction among the nations top 25 counties to post such a policy on its primary Web site, the study said.

Even more troubling is the apparent lack of progress made by cities and counties over a nine-month period examined by NECCC. The groups initial study conducted in March 2000 turned up only Maricopa Countys privacy policy out of 50 city and county sites surveyed. A December follow-up study found just one addition: the city of San Diego.

"It was very surprising to see the lack of privacy policies for cities and counties, as well as to see that over time they had done almost nothing [to improve]," said Danielle Germain, program manager for the Information Technology Association of Americas enterprise solutions division and a member of the NECCC workgroup that conducted the survey.

Results were more encouraging for states. NECCCs December survey found that 24 states posted privacy policies on their primary home pages. Whats more, those findings showed a 140 percent increase over the groups initial March survey, which located privacy policies on just 10 state home pages.

However, a Brown University study of 1,800 state and federal agency Web sites paints a bleaker picture. Only 7 percent of those sites included even the most rudimentary of privacy statements, said Darrell West, the political science professor who conducted the study last year.

"Our standard was a fairly minimalist one, which was: Did they merely post a privacy policy?" said West. "We did not evaluate how good the policy was, how many loopholes were in it or what type of language it used. Even with that very low standard, most [sites] didnt take privacy very seriously."

Held Up

Governments struggle with privacy policies for any number of reasons, according to observers.

West said creating these policies forces agencies to confront sensitive legal and political issues. "A big problem is really deciding what kind of commitment you want to make to the people using your Web sites. Virtually no one -- either in the public or private sector -- is offering an iron-clad privacy statement," he said. "Many of them are basically collecting information and promising not to disclose it or sell it outside of the site. But there are a lot of loopholes built in."

Privacy policies also may disclose contentious practices, such as the marketing of citizen information to third parties. "In the bricks-and-mortar part of government, the public sector is already reselling data. When people apply for a drivers license, many of them dont realize that state governments often sell that information," he said. "So consumers might be surprised to learn how information that they provide might be used."

Lack of leadership, particularly at the local government level, may contribute to the problem, added Germain. "Maybe the county board of supervisors is not very technology savvy, or there could be no CIO to drive these things forward," she said.

Finally, these policies must be carefully crafted to minimize legal risks, particularly in the cases of large agencies with complex business dealings. "That slows down the process because their lawyers get involved," said Jerry Johnson, a senior policy analyst at the Texas Department of Information Resources. "Lawyers are going to be very careful about what they say [in the policy] because if you say one thing and yet that information can be disclosed, you could be liable."

Big Picture

From a broader perspective, Johnson said the Internets ability to instantly deliver information on nearly any subject forces government agencies to rethink the ground rules for releasing public information.

Thanks to the Web, its now easy to assemble combinations of data that may have serious security implications, he said. For example, cities and counties have begun posting property tax information. Some local Web sites also list permits issued for various home improvements, including the installation of security systems. Theres even talk among localities about posting construction diagrams online.

"If they do all of that, I can search for the most expensive homes, see the building diagrams, check if they have a security system and figure out the best way to break in," Johnson said. "[Agencies] may not think of any of that data as being sensitive when viewed by that single application. But now I can start creating a more definitive picture of an individual based on what I was able to access at the local level, state level and federal level."

Although this information traditionally has been available to the public, getting your hands on it generally meant going to a government office and waiting in line for a paper copy. The Web eliminates those physical barriers, delivering the data to users in a matter of minutes.

"Theres always been a move in America to make government as open as possible for accountability, but how do we balance the public good and the right to know with the privacy of the individual?" Johnson asked.

Government also must reconsider whether it needs all of the citizen data it collects, he said. Johnson and others recommend that agencies eliminate requests for unneeded information when they redesign paper forms for e-government applications.

"The interesting thing is now a lot of the forms are being modified not to eliminate information but to add information, such as e-mail addresses," he said. "We have to start rethinking what is the minimum essential information necessary to conduct a transaction and not collect more than is absolutely necessary."

Building Trust

The public sectors ability to construct effective privacy policies may factor greatly in the widespread acceptance of electronic government. Privacy and the closely related issue of data security have sparked growing public concern.

A study released last year by the Pew Internet & American Life Project found that 46 percent of Internet users lacked confidence that their online activities are private. Only 10 percent of respondents were "very confident" that the things they do online are private and will not be used by others without permission.

Addressing these concerns will be vital to electronic governments success, said Germain. "E-government cannot move forward unless people are convinced that their transactions will be secure and confidential. We want e-government to go forward, but we have to make sure that people feel confident enough to use it."
Steve Towns

Steve Towns is the former editor of Government Technology, and former executive editor for e.Republic Inc., publisher of GOVERNING, Government TechnologyPublic CIO and Emergency Management magazines. He has more than 20 years of writing and editing experience at newspapers and magazines, including more than 15 years of covering technology in the state and local government market. Steve now serves as the Deputy Chief Content Officer for e.Republic.