By Lucy L. Thomson, CIPP/G

With the 2008 presidential campaigns in full swing, it's time to look at the privacy positions of the remaining candidates as well as the privacy policies on the campaign Web sites. Each of the candidates has a privacy policy on their Web site, but only three — Hillary Clinton, Barack Obama and Ron Paul — have policy positions that specifically address privacy.

Web Site Privacy Policies
All of the candidates' privacy policies discuss what personal information is collected through their Web sites, how the information is used, and how it is secured. Generally, the candidates urge supporters to provide identifying information and email addresses to facilitate campaign-related communications. Of concern are the use of cookies, IP address logs, and the sharing of personal information with third parties hosting advertising on some of the candidates' Web sites.

The privacy policies detail the collection of personal information in connection with online donations in order to comply with federal election law and regulations of the Federal Election Commission. They assert that they protect the security of credit card information when transmitted using SSL software.

All of the privacy policies describe how they comply with the Children's Online Privacy Protection Act of 1998 (COPPA), reserve the right to change their privacy policies at any time, indicate how to opt-out or discontinue association with the Web site, and how to contact the campaign about privacy. All provide links to other Web sites of interest, emphasizing that they are not responsible for the content or privacy policies of those third party Web sites or social networks. Unique aspects of each candidate's privacy policy highlight the differences among them (discussed in alphabetical order).

The privacy policy for Hillary Clinton for President is accompanied by a lengthy Terms of Service. The privacy policy focuses on how information on the Web site is protected and used, including when an individual contributes money online, signs a petition or schedules online events. The Web site says it uses cookies to "tailor your experience to the preferences you have specified." The privacy policy says the campaign cannot and does not access any information stored in a cookie by other Web sites. The Web site logs IP addresses "for system administration purposes." Photos and videos of campaign events can be used without an individual's permission, because your "attendance or participation is considered a release to use them for that purpose."

The privacy policy was created by the Huckabee for President Exploratory Committee, Inc., and contains a Terms of Use as well as a list of standard notices for what, how and why personally identifiable information is collected.

The privacy policy states "we do not request or store sensitive information from our visitors except for credit card information requested on a donation page." The vendor handling their contribution system does not retain the full credit card numbers once transactions are complete.

While the Web site collects IP addresses for administration, to gather demographic information, and to deliver customized, personalized content, "IP addresses are not linked to personally identifiable information." The Web site uses cookies to save passwords and personal preferences, and to make sure visitors "do not see the same ad repeatedly." However, users are told they can set their browser to refuse cookies. The privacy policy outlines some of the steps taken to protect account information, such as SSL encryption, access control and placing information on a secure portion of the site. The Huckabee campaign manages its "Tell-A-Friend" program by only using the friend's name and email address to send a one-time email inviting them to visit the site.

The privacy policy for Senator McCain's campaign Web site declares that the "basic privacy policy for our Web site is simple: JohnMcCain 2008 does not collect any personally identifiable information about you when you visit the Web site unless you choose to provide information through email, a request to join our team, filling out a form or other method."
The privacy policy addresses personal information that is collected to provide information about campaign policies and events, and to enhance participants' experiences on the Web site. Log files are used to gauge Web site traffic and for administration. The log files contain IP addresses identifying the geography but not the identity of individuals.

Personal information may be used to personalize Web site and email communications. The McCain Web site will not sell individual's personal information, though information may be shared with Republican and other like-minded groups.

The privacy policy states that strict measures are in place to protect against the loss, misuse and alteration of information collected through the Web site. The Web site uses cookies to customize interactions with JohnMcCain.com.

Personal information can be edited. The Web site provides the opportunity to opt-in and opt-out of email communications, and the privacy policy may be updated at any time.

The privacy policy for Obama's campaign Web site begins: "We at BarackObama.com are committed to protecting the privacy and security of your visits to this Web site." With respect to information sharing, the privacy policy specifies that, "We may make personal information available to organizations with similar political viewpoints and objectives, in furtherance of our own political objectives."

This privacy policy addresses the what, why and how personally identifiable and browser/IP address information may be collected through the Web site.

Advertising on Obama'08 — The Privacy Policy states that the Web site uses "pixel tags (also known as Web beacons or clear GIF files) or other tracking technology to help us manage our online advertising campaigns." It reveals that "Such technologies may also be used by third party advertising service providers who serve or assist us in managing ads on our site, such as DoubleClick, Yahoo Tremor and 24/7 RealMedia." While the privacy policy states that the "information that is collected and shared using these pixel tags and similar technology is anonymous and not personally identifiable," the campaign says it is "not responsible for the actions or policies of third party advertising technology service providers." The privacy policy directs visitors to the Web sites of DoubleClick, 24/7 and Yahoo for information about how to opt-out of the use of these technologies.

Privacy of our email lists — Individuals must affirmatively request to join an email list. The Privacy Policy says it attempts to protect its email lists and has configured its list server software to refuse to divulge the email addresses of their list subscribers to anyone other than whom they authorize.

A related Terms of Service provides further information related to Privacy Policy, Accuracy of Information, Links to Other Web sites, Campaign Finance Laws, Your Use of Information Contained on Web site, Limitations on Use, User-Contributed Content, Disclaimer of Warranties and Limitation of Liability, Modifications and Copyright Policy.

Ron Paul's privacy policy is a succinct one-page statement that commits to "providing the highest level of protection for your online privacy and security." Paul emphasizes: "Privacy is one of the main issues of our campaign, and therefore it is likewise a critical concern for our online campaign presence as well." The Privacy Policy addresses several issues: Individuals may decide how much personal information to provide on the Web site, and they can unsubscribe from their email database quickly and easily.

Ron Paul is using his Web site to organize an online grassroots movement. He urges supporters to connect with "friends, family, neighbors and co-workers." His Privacy Policy states that "we reserve the right to store any information about the people you contact through our Web site."

Privacy Policy Positions
Three candidates, Hillary Clinton, Barack Obama and Ron Paul, have unveiled policies on privacy and technology that reflect serious efforts to address complex privacy issues.

In a major policy speech in June 2006, Hillary Clinton presented a "Privacy Bill of Rights" that she envisions as part of legislation entitled the PROTECT Act—Privacy Rights and Oversight for Electronic and Commercial Transactions (http://clinton.senate.gov/ news/statements/detail.cfm?id=257288&&). She has concluded that "at all levels, the privacy protections for ordinary citizens are broken, inadequate and out of date." Senator Clinton observed that, "Today our privacy comes into uncertain conflict with security cameras, data mining, computer hackers and identity theft. ... So therefore we need legal protections that are up to date with the technological and national security needs of our time."

She advocates for "a new set of consumer protections" consisting of three basic rights:

   1. "People have the right to know, and to correct, information which is being kept about them."
   2. "People have the right to know what is happening to their information when they are cooperating with a business and to make decisions about how their information is used."
   3. "In a democracy, people have the right and the obligation to hold their government and the privacy sector to the highest standards of care with the information they gather."
      Senator Clinton asserts that her legislation provides "clear privacy rules, and clear protections for individual's most private information," including:

          o Right to sue when privacy rules have been violated. The legislation would create a tiered system of damages, exempting the smallest businesses with set minimums of $1,000 for breaches and $3,000 for actual
            misuse of information. "The burden of prevention belongs on the companies that handle our data." She believes the FTC must issue a single, clear set of rules that provides
            comprehensive protection against unauthorized access or security breaches.
          o Right to protect phone records. Senator Clinton says her legislation will try to get ahead of the curve of technology, making sure that consumers' cell phone numbers and call records remain private.
          o Right to freeze credit when someone's identity has been stolen. This will strengthen the right to know provisions. If a person's credit or identity is compromised, he or she should be notified immediately, not days, weeks or months later.
          o Right to know what businesses are doing with individuals' credit and credit reports.
          o Right to expect the government to use the best privacy practices with individuals' information. To oversee and enforce the government's handling of sensitive data, a privacy czar should be appointed.

Senator Barack Obama's views on privacy are revealed through his technology policy plan, unveiled in November 2007, which provides safeguards for privacy rights (www.barackobama.com/ isssues/technology).

Emphasizing the risks inherent in the "open information platforms of the 21st century," he proposed "sensible safeguards that protect privacy in this dynamic new world," and "harness the power of technology to hold government and business accountable for violations of personal privacy." Senator Obama's privacy positions are based on these principles:

  • Ensuring that powerful databases containing information on Americans that are necessary tools in the fight against terrorism are not misused for other purposes. He supports information use restrictions and technology safeguards to verify how the information has actually been used.
  • Updating surveillance laws and ensuring that law enforcement investigations and intelligence-gathering relating to U.S. citizens are done only under the rule of law.
  • Providing robust protection against misuses of particularly sensitive kinds of information, such as e-health records and location data that do not fit comfortably within sector-specific privacy laws.
  • Increasing the FTC's enforcement budget, and greater international cooperation to track down cyber-criminals so that U.S. law enforcement can better prevent and punish spam, spyware, telemarketing and phishing intrusions into the privacy of American homes and computers.

Senator Obama says he would "invest $10 billion a year over the next five years to move the U.S. healthcare system to broad adoption of standards-based electronic health information systems, including electronic health records." Part of this initiative will be to ensure that patients' privacy is protected.

Ron Paul highlights privacy and personal liberty on his Web site by stating that the "biggest threat to your privacy is the government. We must drastically limit the ability of government to collect and store data regarding citizens' personal matters." Paul emphasizes three areas of particular concern:

  • We must stop the move toward a national ID card system.
  • We must protect medical privacy.
  • The Patriot Act must be overturned.

The aspects of the Patriot Act Paul opposes are the federal government's expanded ability to use wiretaps without judicial oversight; search warrants that are not specific to any given location nor subject to any local judicial oversight; the governmentability to monitor Internet usage; authorized "sneak and peak" warrants enabling federal agents to search a person's home, office or personal property without that person's knowledge; and requirements that libraries and bookstores turn over records of books read by their patrons.

As the field narrows going into the November elections, The Privacy Advisor will take a closer look at the privacy positions of the major party candidates.

Attorney Lucy Thomson, CIPP/G, is senior principal engineer and privacy advocate at Computer Sciences Corporation, a global IT company. She works on teams building modernized information systems for very large organizations. Thomson earned an M.S. degree from Rensselaer Polytechnic Institute in 2001, and received her J.D. degree from the Georgetown University Law Center.


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

The Privacy Core™ Library Has Evolved

Privacy Core™ e-learning essentials just expanded to include seven new units for marketers. Keep your data safe and your staff in the know!

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

Upcoming Web Conferences

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Team

Get your team up to speed on privacy by bringing IAPP training to your organization.

Let’s Get You DPO Ready

There’s no better time to train than right now! We have all the resources you need to meet the challenges of the GDPR.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.


The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for DPO readiness. Learn more today.

Learn more about IAPP certification »

Are You Ready for the GDPR?

Check out the IAPP's EU Data Protection Reform page for all the tools and resources you need.

IAPP-OneTrust PIA Platform

New U.S. Government Agency privacy impact assessments - free to IAPP members!

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

Privacy Vendor List

Find a privacy vendor to meet your needs with our filterable list of global service providers.

More Resources »

Europe Data Protection Intensive 2017

The Intensive is sold out! But cancellations do happen—so hurry and get on the wait list in case more seats become available.

Global Privacy Summit 2017

The world’s premier privacy conference returns with the sharpest minds, unparalleled programs and preeminent networking opportunities.

Canada Privacy Symposium 2017

The Symposium returns to Toronto this spring and registration has opened! Take advantage of Early Bird rates and join your fellow privacy pros for another stellar program.

The Privacy Bar Section Forum 2017

The Privacy Bar Section Forum is sold out! But you can still add your name to the wait list, and we'll keep in touch about your status. Good luck!

Asia Privacy Forum 2017

Call for Speakers open! Join the Forum in Singapore for exclusive networking and intensive education on data protection trends and challenges in the Asia Pacific region.

Privacy. Security. Risk. 2017

Call for Speakers open! This year, we're bringing P.S.R. to San Diego. Submit today and be a part of something big! Submission deadline: February 26.

Europe Data Protection Congress 2017

Call for Speakers open! The Congress is your source for European policy debate, multi-level strategic thinking and thought-provoking discussion. Submit a proposal by March 19.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»