Recently enacted appropriations law required agency Inspectors General to report within 60 days on the
collection of information about individuals accessing agency web sites. With limited exceptions, the
Department of Energy is prohibited from collecting personal information from individuals accessing its
public web sites, and must post conspicuous privacy notices containing clear and unambiguous explanations
of any permissible data collection activities and their purpose. The most prominent example of an
impermissible collection method is through the use of "persistent cookies." Persistent cookies are small
files containing unique identifiers that a web server places on a site visitor's computer that can be used to
retrieve information about the user. These files remain embedded in a user's hard drive and can facilitate
information collection until they expire or are removed.
The objective of our audit was to determine whether the Department's method of collecting data from its
public web site visitors was consistent with applicable Federal regulations.
