FTC to Audit Banks' Web-Site Privacy Policies(Federal Trade Commission)

Article excerpt

The Web sites of 100 financial institutions will come under scrutiny this month as the Federal Trade Commission scours the Internet for corporate privacy policies.

The audit, which the FTC is calling a "sweep," aims to gauge how well American industry is policing itself in maintaining privacy standards on the Internet. The Clinton administration has urged all companies doing business on the Web to post statements about how they use information gathered from customers.

Throughout March, FTC workers will view 1,200 Web sites-belonging to financial institutions and other types of companies-to see how many comply. On June 1, the agency will deliver a report card to Congress, which will determine whether legislation is needed to protect consumer privacy.

FTC officials are calling the survey a test of self-regulation on the Internet.

"If we wait a year or two for self-regulation and it doesn't happen, I'm prepared to predict in the strongest terms right now that legislation will happen, and it will happen very promptly," said Robert Pitofsky, chairman of the Federal Trade Commission.

Mr. Pitofsky spoke Wednesday at an Internet privacy conference sponsored by the McGraw-Hill Companies. At the same event, Ira C. Magaziner, senior adviser to the President for policy development, advocated a "seal of approval" for Web sites that comply with certain privacy standards.

Mr. Magaziner said the administration wanted industry to set up and oversee such a system. "There are tens of thousands of Web sites that form every week around the world," he said. "We couldn't enforce all the regulations, even if we made them."

In July 1997, the administration announced its goals for privacy on the Internet. One was that "a substantial majority" of Web sites post privacy policies by March 1, 1998, said David Medine, associate director for credit practices at the FTC's Bureau of Consumer Protection.

With that deadline passed, FTC workers are now "slaving over computers" to judge compliance, Mr. Medine said.

Among the nonfinancial Web sites being scrutinized, 200 are targeted to children; 100 belong to companies in the health care industry; 100 are from retail companies; and 100 are "top sites on the Net generally," Mr. Medine said. Other sites will be chosen randomly from names listed in a Dun & Bradstreet directory.

"We're looking throughout the site to see if there's a description of the company's information practices," Mr. Medine said. "It doesn't have to be called a privacy policy-just something that explains how any information you input would be used."

No company will be penalized for the absence of a privacy policy. …