Privacy Policy Statements on Municipal Websites

Article excerpt

As governments expand their use of the Internet to communicate and transact business with their constituencies, concern for the privacy of personally identifiable information (PII) collected on governmental websites has come to the fore. In a 2000 guidebook on Internet privacy, the National Electronic Commerce Coordinating Council (NECCC) stated that, "in the rush to adopt e-commerce applications on the state and local government level, the privacy debate has received minimal attention despite citizen concerns to the contrary."1 Further, the Council for Excellence in Government has concluded that governmental agencies needed to address the issue of privacy to fully realize the potential benefits of e-government.2

The Federal Trade Commission (FTC) has been studying the issue of online privacy in the commercial sector since 1995 believing that "greater protection of personal privacy on the web will not only benefit consumers, but also benefit industry by increasing consumer confidence and ultimately their participation in the online marketplace."3 In its initial report on online privacy, issued in 1998, the FTC recommended that Internet privacy issues be addressed through industry self-regulation and identified the core principles of privacy protection common to domestic and international documents describing fair information practices: notice, choice, access and security (described in detail in the accompanying sidebar).4 The FTC recommended that commercial websites demonstrate a responsiveness to privacy concerns and a commitment to self-regulation by including a privacy statement, which addresses all of the core privacy principles. More recently, the FTC has also recommended participation in online privacy seal programs. These programs require licensees to implement certain fair information practices and submit to compliance testing in order to display a privacy seal on their websites. Displaying a web trust seal provides an efficient way for consumers to monitor the privacy practices of a site.

The FTC and several private organizations conducted a series of surveys of commercial websites to determine the degree to which these sites provide sufficient notice regarding the collection and use of PII.5 PII includes such data m as name, postal or e-mail address, telephone or fax number, and Social security or credit card number. A summary of the results of these studies is included on Figure 1. From 1998 to 2001, in a random sample of commercial websites, these studies found that for those sites that collected ?Π, the number displaying a privacy policy statement increased from 20 percent to 77 percent. Further, during the same period, the percentage of the most popular commercial websites (based on number of hits) displaying a privacy policy statement increased from 44 percent to nearly 100 percent.

This series of studies also examined the content of privacy notices and participation in privacy seal programs. In the initial study, virtually no site addressed all four core privacy principles in their privacy policy statements. By 2000,42 percent of the most popular sites and 20 percent of the random sample sites addressed all four principles. By 2001,80 percent of the most popular sites and 48 percent of the random sample sites posting privacy notices included provisions related to notice, choice and security (compared to 27 percent and 63 percent in the 2000 study).6

In the 2000 study, 45 percent of the most popular sites and 8 percent of the random sample sites displayed a privacy seal. By late 2001, these numbers had not changed dramatically, with 44 percent of the popular sites and 12 percent of the random sample sites displaying privacy seals.

Consumers have come to expect that privacy policies will be included on websites. In a survey conducted in early 2004, 78 percent of respondents indicated that they were uncomfortable or extremely uncomfortable providing PII on websites that did not display a privacy policy statement or privacy seal. …