If you know me, you know I like the Internet. I recall saying that I’d rather have my water cut off than lose access to the Internet. It’s just so convenient. The Internet, I mean.

With tax time coming, my mother’s been gathering all her paperwork. There’s some information regarding her property taxes that she couldn’t find so I went online and asked how I might get this information. The City of Niagara Falls web site offers the usual web forms that allow you to send questions to various city departments.

As I arrived at the form, I noticed that the city web site redirected me to a different top-level domain. I had left niagarafalls.ca and found myself at cityofniagarafalls.wufoo.com. This concerned me. The privacy policy states,

The City of Niagara Falls takes every precaution to protect your personal information on the internet. This privacy statement applies to interactions with the City of Niagara Falls web server. It does not apply to any other web site.

This is certainly fair. They can’t control how other sites use any information, but when the city redirects me to a different site without telling me, for the purpose of my writing to them, washing their hands of responsibility is recklessly irresponsible. I consider myself fairly Internet-savvy but how many others who wrote to the city noted the redirection to Wufoo? How many understand the privacy implications? Goodness, how many realize that they shouldn’t send any personal information via an unencrypted web site?

Further on in the privacy policy, they touch upon this without going nearly far enough.

Communications through this web site to the City are not deemed private and may be routed throughout the corporation.

It’s true that most internet communications should be treated as less than private, but Wufoo is a web form service located in Ireland. Telling me that what I write “may be routed through the corporation” gives me no indication that my information will leave the city, much less the country.

Canada has privacy laws, and I expect the city to safeguard my personal information pursuant to those laws. Sending me to a foreign site to communicate with them tosses those laws out the window, and they somehow fail to think it is important to mention any of this on the comment page itself.

The city’s IT staff should know that most people who will use the site may not have an understanding of all the issues involved in sending their information using the web. At an absolute minimum, the comments pages should be hosted locally. I feel strongly that those same pages should be SSL encrypted as well. Anything else is the equivalent, in this case, of sending your question to city hall on a postcard, via Europe and the United States.