The majority of municipal web sites in Illinois lack clear privacy policy statements, according to a recent report by the Gryphon Foundation, a non-profit public interest group supported by a state grant. The report is based on findings from a survey that examined web sites hosted by counties and cities with populations over 50,000 to determine whether they protected the citizen’s right to privacy. According to Roland Calia, executive director of the Foundation, only four of the 46 Illinois city and county jurisdictions that maintain a web site posted privacy policies.

While several jurisdictions contained elements of privacy policies in disclaimer statements, the Foundation urges municipalities to develop and post clear privacy policy statements.

Although this particular report focuses on Illinois municipalities, its findings and suggestions have implications for web sites hosted by counties and cities across the country. In the following interview, MuniNet Guide & Review learns more about the issue of privacy policies in the online local government arena. MuniNet: What exactly is the purpose of a privacy policy? Calia: A privacy policy provides notice to citizens whether their visits are being tracked. A privacy policy enables Web site visitors to choose whether to release personal information or to continue their visit through all pages on the site.

Many cities and counties across the country do include privacy policy statements on their web sites. Examples include ?
Austin, TX

Boise, ID

Chicago, IL

Evanston, IL

Indianapolis, IN

Los Angeles County, CA

Ocean City, MD

Prince Edward County, VA
San Diego, CA

Seattle, WA

Washington, DC

MuniNet: What could municipalities do with personal information that would be objectionable to citizens who provide that info online? In other words, what does a privacy policy assure protection from? Calia: Cities and local governments could develop “profiles” of their citizens. With current online technology, the viewing habits of online users can be compiled, stored in databases, and made available for analysis. There is a risk of misjudging the person, reducing him or her to a stereotype, and interpreting viewing habits out of context. Ironically, the organization can become misinformed about the very person being tracked and monitored. Also, unless otherwise expressly prohibited, governments can and have sold personal data collected over the Internet to companies or contractors. MuniNet: Why do you think the policy is missing from most Illinois city web sites? Do you think it’s left out intentionally? Calia: I don’t think it is intentional. The issue of Internet privacy is relatively new. At the state level, the National Governor’s Association [] only formulated guidelines in 2000. The state of Illinois did not create a privacy policy until 2001. Local governments in Illinois often lag behind the private sector and innovative governments in other regions of the country in formulating and implementing new policies. MuniNet: What elements would an ideal privacy policy include? Calia: In order to guarantee Illinoisans’ privacy rights when they visit local government web sites, the Gryphon Foundation recommends that counties, municipalities and special districts post an official privacy statement containing the following information at a minimum:

  • What personal or computer-related information is collected and how it is used;
  • How long information is kept;
  • Whether notice is provided to citizens;
  • What information is subject to public disclosure under current federal and state law and/or local ordinance;
  • What the rules are for transfer of data to other agencies, governments, or private entities; and
  • Who can be contacted for further information regarding the privacy policy.