Legislators on Capitol Hill continue to push for improved online privacy for consumers, but many federal agency Web sites are setting a bad example.

At least 23 agency sites still have more than 300 cookies, one year after the Office of Management and Budget restricted the use of tracking technologies on public government sites. Those are the findings of a study compiled from the reports of 51 inspectors general--part of a mandate from Congress that arose after the General Accounting Office reported last October that at least 13 agencies were using cookies.

The new report also found 42 Web bugs--graphic images (often invisible) that monitor users' activity--and 27 agencies in clear violation of their own privacy policies. Within the Department of Commerce's Web sites, 23 pages had Web bugs exchanging information with non-government computers. At the Department of Health and Human Services, 21 sites designed for children didn't have privacy statements, making them non-compliant with the Children's Online Privacy Protection Act.

Wayne Madsen, senior fellow at Electronic Privacy Information Center, says he isn't surprised that some agencies haven't complied with privacy policies yet. "The government sites that stand to make money from marketing goods and services have the same reason to run cookies as private sector E-commerce sites," he says.

One of the most notable government cookie controversies arose last year, when it was discovered that the Office of National Drug Control Policy had been using DoubleClick Inc. to track visitors to its Web site on drug information.