WASHINGTON -- Hundreds of companies are collecting personal information about consumers on Web sites and, without telling them, selling the data, according to a government survey to be released on Thursday that is likely to lead to new privacy protections.
But the report's dire assessment also prompted a dozen high-tech trade groups on Wednesday to issue a wide-ranging, voluntary privacy policy, the latest attempt by the industry to head off new government regulations.
The survey, conducted by the Federal Trade Commission, delivers a bleak assessment of the Clinton administration's policy of allowing Internet companies to police privacy themselves, people familiar with the report said.
"It's going to be a major indictment of the lack of privacy online," said Jeff Chester, executive director of the nonprofit Center for Media Education in Washington. "It puts the administration in a real dilemma because it appears that self-regulation is abysmally ineffective."
But the 12 industry groups promulgating new privacy standards pledged to give individuals the choice to "opt out" of data collection, the power to review information collected for accuracy, and a forum for redressing abuses. The group included the Business Software Alliance, the Consumer Electronics Manufacturers Association, and the Telecommunications Industry Association.
"Business and consumer privacy concerns must be addressed in order for electronic commerce to flourish," telecommunications association President Matthew Flanigan said.
America Online also introduced a new privacy policy on Wednesday. The world's largest online service said it would give its 14 million customers more options to limit the sale of their information. And the company said it would not permit collection of children's information without explicit permission from parents.
The Clinton administration, in a policy issued last July, asked industry leaders to respect privacy rights on the Internet by fully disclosing how personal data would be used and disseminated.
The FTC spent months surveying data collection and privacy practices at 1,400 sites on Web as part of an effort to assess the self-regulation policy.
The report also documents continued efforts by companies to collect information from children without getting permission from parents. That is likely to prompt an immediate response from the FTC, which last summer issued a warning to companies about such abuses.
An FTC spokeswoman declined to comment on the report until it is issued.
Privacy advocates said the FTC's results demonstrated that self-regulation alone was insufficient and new rules were needed.
"These statistics reveal that, due to the size, scope, and diversity of the Internet, we clearly -- even with some industry leaders -- need the help of the FTC and Congress to set some baseline standards," said Deirdre Mulligan, staff counsel at the Center for Democracy and Technology.
But deciding what policies to enact could take some time, warned Andrew Schwartzman, president of the Media Access Project, a nonprofit law firm dedicated to free speech.
"It appears that certain kinds of abuses are occurring and not being self-regulated," he said. "But no matter, it's going to take a while for policy-makers in government, business, and the public to get their hands around this."
Some Web sites ask users to register or fill out questionnaires but may not reveal that such information will be sold to third parties. Others sites collect data about Web surfers' movements using cookie technology.
Combining information from a questionnaire with information in cookies, a site could track and sell data about a person's exact movements, including every mouse click.
Real and imagined privacy violations are feeding public sentiment in favor of reform. Online research service Lexis-Nexis was deluged with protests in 1996 after word spread that it was selling personal information such as Social Security numbers. Some of the accusations were false, and the company quickly limited access to Social Security numbers.
In another brouhaha over Internet privacy, the Social Security Administration briefly made available personal employment information over the Net before the resulting uproar forced it to close down the service.
