The PII you provide on a Department website will be used only for the purpose for which you provided it. We will protect your information consistent with the principles of the Privacy Act of 1974, the E-Government Act of 2002, and the Federal Records Act.
Personally Identifiable Information
As a general rule, the Department does not collect PII about you when you visit our website, unless you choose to provide such information to us. Submitting PII through our website is voluntary. By doing so, you are giving the Department your permission to use the information for a specific, stated purpose. However, not providing certain information may result in the Department’s inability to provide you with the service you desire.
If you choose to provide us with PII on a Department website, through such methods as completing a web form, we will use that information to help us provide you the information or service you have requested. The information we may receive from you varies based on what you do when visiting our site.
We only share the PII you give us with another government agency if your inquiry relates to that agency, or as otherwise required by law. We never create individual profiles or give your PII to any private organizations. The Department of Homeland Security never collects information for commercial marketing.
If we store your PII in a record system designed to retrieve information about you by personal identifier (name, personal email address, home mailing address, personal or mobile phone number, etc.), so that we may contact you, we will safeguard the information you provide to us in accordance with the Privacy Act of 1974, as amended (5 U.S.C. § 552a). The Act requires all public-facing sites or forms that request PII to prominently and conspicuously display a privacy notice.
The notice must address the following criteria:
- Legal authorization to collect information about you;
- Purpose for which the information will be used;
- Routine uses for disclosure of information outside of the Department of Homeland Security;
- Whether your providing the information is voluntary or mandatory under law; and
- Effects if you choose to not provide the requested information.
For the general contact information that may be submitted through www.dhs.gov, we have completed a Privacy Impact Assessment (PIA) and System of Records Notice (SORN) providing details about the privacy protections and redress options available for the contact information we collect from the public. This information may be used to distribute information to you and to perform various administrative tasks. For further information, please reference the privacy compliance documentation below:
- DHS/ALL/PIA-006 Department of Homeland Security General Contact Lists Privacy Impact Assessment (June 15, 2007)
- DHS/ALL-002 Department of Homeland Security (DHS) Mailing and Other Lists System of Records Notice (November 25, 2008, 73 FR 71659)
Many of our programs and websites allow you to send us email messages. We will use the information you provide to respond to your inquiry. We will only send you general information via email. You should be reminded that email may not necessarily be secure against interception. Therefore, we suggest that you do not send sensitive PII (such as your Social Security number) to us via email. If your intended email communication is sensitive, e.g., it includes information such as your bank account, charge card, or Social Security number, you should instead send it by U.S. mail. Another alternative may be submission of data through a secure program website, if available.
Electronic mail messages that meet the definition of records in the Federal Records Act (44 U.S.C. § 3101) are covered under the same disposition schedule as all other Federal records. This means that emails you send us will be preserved and maintained for varying periods of time if those emails meet the definition of Federal records. Electronic messages that are not records are deleted when no longer needed.
Information Collected and Stored Automatically
When you browse through any website, certain information about your visit can be collected. We automatically collect the following types of information about your visit:
- Domain from which you access the Internet;
- IP address (an IP address is a number that is automatically assigned to a computer when surfing the Internet);
- Operating system and information about the device or browser used when visiting the site;
- Date and time of your visit;
- Content you visited or downloaded; and,
- website (such as google.com or bing.com) or referral source (email notice or social media site) that connected you to the website.
The Department uses a variety of different Web measurement software tools.
DHS uses Google Analytics measurement software to collect the information listed above. The data are automatically sent to Google’s system and the system immediately aggregates the data. Neither the Department nor Google ever have access to the specifics of your particular site visits. The staff can only see the aggregate data from all users for a particular time period.
The Department gathers this information to improve our websites and has chosen to not share the aggregate data with Google. We may use the aggregated data to share with our partners and contractors to help improve visitor experiences.
The Department also uses online surveys to collect opinions and feedback from a random sample of visitors. DHS uses the Foresee Results American Customer Satisfaction Index (ACSI) online survey to obtain feedback and data on visitors’ satisfaction with DHS websites. This survey does not collect PII. Participation in the survey is voluntary. If you decline the survey, you will still have access to the identical information and resources on the website as those who take the survey. Answers to the survey help the Department improve its website to make it easier to use and more responsive to the needs of our visitors.
The Department’s staff conducts, analyses and reports on the aggregated data from the ACSI survey. The reports are only available to website managers, members of their communications and web teams, and other designated staff who require this information to perform their duties.
The Department retains the data from Google Analytics, and ACSI survey results only as long as required by law or needed to support the mission of the DHS websites.
The Office of Management and Budget Memo M-10-22, Guidance for Online Use of Web Measurement and Customization Technologies allows Federal agencies to use session and persistent cookies.
When you visit any website, its server may generate a piece of text known as a "cookie" to place on your computer. Placing cookie text allows websites to “remember” visitors’ preferences, surfing patterns and behavior while they are connected.
The cookie makes it easier for you to use the dynamic features of webpages. Cookies from DHS.gov webpages only collect information about your browser’s visit to the site; they do not collect any personal information about you.
There are two types of cookies, single session (temporary), and multi-session (persistent). Session cookies last only as long as your Web browser is open. Once you close your browser, the cookie disappears. Persistent cookies are stored on your computer for longer periods.
Session Cookies: We use session cookies for technical purposes such as to enable better navigation through our site. These cookies let our server know that you are continuing a visit to our site. The OMB Memo 10-22 Guidance defines our use of session cookies as "Usage Tier 1-Single Session.” The policy says, "This tier encompasses any use of single session Web measurement and customization technologies."
Persistent Cookies: We use persistent cookies to differentiate between new and returning visitors to our site. Persistent cookies remain on your computer between visits to DHS.gov for six months. We also use persistent cookies to block repeated invitations to take our customer satisfaction survey. The persistent cookies that block repeated survey invitations expire in 90 days. The OMB Memo 10-22 Guidance defines our use of persistent cookies as "Usage Tier 2-Multi-session without Personally Identifiable Information (PII).” The policy says, "This tier encompasses any use of multi-session Web measurement and customization technologies when no PII is collected."
3rd party software, modules, or add-ins being leveraged on DHS websites may or may not use persistent cookies or similar technology; however, no data collected in this manner is accessible, viewable, or retained by the federal government.
If you do not wish to have session or persistent cookies stored on your machine, you can opt out or disable cookies in your browser. You will still have access to all information and resources at Department websites. However, turning off cookies may affect the functioning of some Department websites. Be aware that disabling cookies in your browser will affect cookie usage at all other websites you visit as well.
For additional information about the Department’s use of Google Analytics, please see our privacy impact assessment, DHS/ALL/PIA-033 Google Analytics (June 9, 2011).
Third-Party Websites and Applications
- DHS/ALL/PIA-031 Use of Social Networking Interactions and Applications Communications/Outreach/Public Dialogue (September 16, 2010)
- DHS/ALL/PIA-036 Use of Unidirectional Social Media Applications (March 8, 2011)
The Department does not use third-party websites to solicit and collect PII from individuals. Any PII collected by the third-party website will not be transmitted or stored by the Department; no PII will be disclosed, sold or transferred to any other entity outside the Department, unless required for law enforcement purposes or by statute consistent with the Privacy Act.
The Department takes the security of all PII very seriously. We take precautions to maintain the security, confidentiality, and integrity of the information we collect at this site. Such measures include access controls designed to limit access to the information to the extent necessary to accomplish our mission. We also employ various security technologies to protect the information stored on our systems. We routinely test our security measures to ensure that they remain operational and effective.
- For site security purposes and to ensure that this service remains available to all users, this government computer system employs commercial software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage.
- Except for authorized law enforcement investigations, no other attempts are made to identify individual users or their usage habits. Raw data logs are used for no other purposes and are scheduled for regular destruction in accordance with National Archives and Records Administration guidelines.
- Unauthorized attempts to upload information or change information on this service are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act.
Interaction with Children Online
The Department is committed to the protection of children’s online privacy. The Children’s Online Privacy Protection Act (COPPA) governs information gathered online from or about children under the age of 13. Verifiable consent from a child’s parent or guardian is required before collecting, using, or disclosing personal information from a child under age 13. If a Department website intends to collect information from children under 13 years old, COPPA-required information and instructions will be provided by the specific Web page that collects information about the child. The Web page will specify exactly what the information will be used for, who will see it, and how long it will be kept.
Visiting Other Websites
Our website contains links to international agencies, private organizations, and some commercial entities. These websites are not within our control and may not follow the same privacy, security, or accessibility polices. Once you link to another site, you are subject to the policies of that site. All Federal websites, however, are subject to the same Federal policy, security, and accessibility mandates.
Department of Homeland Security
Washington, D.C. 20528
Attn: Privacy Office