TECHNOLOGY/Local governments should consider privacy issues

A presence on the Net is critical for any institution – whether a business, a social service organization or a local government. But local governments may want to consider certain privacy issues in their rush to the Internet.

The main point cities and counties need to remember is that anything they put online is available worldwide. They should ensure that their sites do not allow access to information that is not already public.

A firewall can be used to separate information that should be made public from that which should not. Cities and counties may choose to make some information available to the general public and other data available only to selected groups. Encryption technology is available that provides checks and balances on who has access to the information.

It is important that the web site define for users how the information can be used. Local governments should post terms and conditions that users must follow in order to use their sites. A privacy statement can inform users how information collected will be used.

For instance, a terms and conditions statement might prohibit users from using the information to violate any laws. Many also note that use of the site subjects the user to the jurisdiction of the state or municipality for whom the site was set up. (The latter serves as a reminder that the Web is worldwide and that legal jurisdictions get quite murky without clarification.)

The terms and conditions statement must be placed in an obvious location on the site, and users should be required to click through it before entering the site. Courts are more likely to conclude that a click-through constitutes a binding agreement. In a recent case, the statement of use was determined to be so difficult to find on the site that it was not enforceable against a user.

Most cities and counties use vendors to create, host and manage their web sites. That presents different privacy issues, since whoever has access to a town’s information may have access to municipal records. Consequently, a local government that turns over data to a vendor should be assured that the vendor will safeguard it, and that the data will not be used for the benefit of the vendor or a third party.

Additionally, vendors should agree not to use the data after the site is up and running. A vendor hosting a web site has the ability to send “cookies” through the site that would collect information about users of the web site. The cookies establish a click trail of the sites a user has visited, information about the user’s computer system, and, possibly, other personal data.

Cities and counties should make sure that their agreements state that vendors will not use their data for any reason other than to provide contractual services to the government. That should be a requirement of doing business with the local government.

The use and distribution of information on the Web also presents issues that concern the relationship between a municipality and its workers. Employees should be told that it is their duty to safeguard the privacy of all municipal information and that management will be monitoring their activities to make sure that duty is respected. Clearly understandable employee policies that outline the restrictions on employees’ use of the site and the data it contains should be in place.

Those policies need to make it clear that there is no assumption of privacy with respect to employees’ use of the Web or the local government’s e-mail system. They should cover issues like restrictions against transmitting or receiving pornography, using e-mail to transmit materials that could be considered harassing or obscene, or using the site to transmit information from the city/county database to others.

Local governments should make it clear that they are monitoring employees’ e-mail and Internet usage. Some states now require that employees be told whether and how their use of the computer during work is being monitored.

The security issue will continue to dominate the Internet landscape for the next few years. Courts and legislatures will be wrestling with the issues for a long time. Local governments should be on the lookout for changes in the area to determine what new privacy requirement may be imposed.