IT Web Privacy Policy

The E-Government Act requires that agencies develop and post on agency websites privacy notices consistent with those required for systems of records under the Privacy Act. The Web Privacy Policy is a general notice on an agency website explaining agency information handling practices. OMB Memorandum M-03-22identifies the content that must be included in the notice. The Office of the Chief Information Officer (OCIO) conducts regular and systematic reviews of operating unit websites to ensure that the Department of Commerce (DOC) Web Privacy Policy is appropriately addressed.

Information Technology (IT) Website Privacy is the protection of personally identifiable or business identifiable information that is collected from respondents through information collection activities or from other sources and that is maintained by the DOC in its IT systems. For purposes of this policy, this information is termed "identifiable information." Office of Management and Budget (OMB) guidance, consistent with the E-Government Act of 2002, protects personally identifiable information (PII). Commerce, through this policy, is extending the same protection to business identifiable information (BII).

Rapid advancements in computer technology make it possible to store and retrieve vast amounts of data of all kinds quickly and efficiently. These advancements have raised concerns about the impact of IT systems on the privacy of individuals and businesses. The Department of Commerce is committed to protecting identifiable information collected from individuals and businesses to the extent permitted by law. Commerce will treat all identifiable information with fairness and respect, and ensure its integrity reflective of the stewardship responsibility for the information entrusted to it. To address these concerns, DOC has adopted the following privacy principles:

• Data Minimization: DOC will collect the minimal amount of information necessary from individuals and businesses consistent with the Department's mission and legal requirements.
• Transparency: Notice covering the purpose of the collection and use of identifiable information will be provided in a clear manner. Information collected will not be used for any other purpose unless authorized or mandated by law.
• Accuracy: Information collected will be maintained in a sufficiently accurate, timely, and complete manner to ensure that the interests of the individuals and businesses are protected.
• Security: Adequate physical and IT security measures will be implemented to ensure that the collection, use, and maintenance of identifiable information is properly safeguarded and the information is promptly destroyed in accordance with approved records control schedules.

Machine Readable Web Privacy Policy

The E-Government Act also requires that agencies adopt machine readable technology that alerts users automatically about whether the site privacy practices match their personal privacy preferences so they can make an informed choice about whether to conduct business with that site. Privacy policy in standardized machine-readable format means a statement about site privacy practices written in a standard computer language (not English text) that can be read automatically by a Web browser.

In addition to having the Web Privacy Policy in machine-readable format, OMB encourages agencies to adopt other privacy protection tools that become available as the technology advances.

Information that is Collected when You Visit Our Site

When you send us personal information (e.g., in an electronic mail message containing a question or comment) or by filling out a form that emails us this information, we only use this information to respond to your request. Such application information is carefully protected by the agency and not available in or retained by web tracking software. We may forward your email to the government employee who can best answer your questions. We do not disclose, give, sell, or transfer any personal information about our visitors, unless required for law enforcement or statute.

We may also collect non-personal information for the purposes of operating and improving our website. For example, we collect technical and usage information, such as your Internet Protocol (IP) address, date and time you accessed our website, browser type and referring URL. This information will be used to create summary statistics, which are used for such purposes as assessing what information is of most and least interest, determining technical design specifications and identifying system performance or problem areas.

The Department's websites may use cookies and other web technologies to enable certain features and protect unauthorized users (such as children under the age of 13) from accessing certain features of our websites. Web measurement and customization technologies (WMCT) used as cookies may be used on the Department's websites to remember your online interactions, recognize you when you log in from different devices, to conduct measurement and analysis of usage or to customize your experience. For example, we may use cookies to tailor your experience on our website to your interests and customize your experience based on how you navigate our website. We may also ask your questions about your interests and hobbies to customize your web experience. Cookies are enabled by default to optimize website functionality and customize user experience.

We want to make it clear that we will not obtain personally identifying information about you when you visit our site, unless you choose to provide that information to us. Except for authorized law enforcement investigations, or as otherwise required by law, we do not share any information we receive with anyone else.

Use of Information we Collect

The only information that is automatically collected and stored is:

• The name of the domain from which you access the Department's websites (for example, ED.gov if you are connecting from a Department of Education account, or UMD.edu if you are connecting from the University of Maryland's domain).
• The date and time of your visit.
• The pages you visit on the Department's websites;.
• The type of browser and operating system used to access our site.
• The Internet address of the website you came from if it linked you directly to the Department's websites.
• Search terms that you entered into the Department's website search tool.

If your browser accepts cookies, we may use a session cookie to learn how many different visitors come to the Department's websites. We use this information for statistical purposes and to help us make our sites more useful to you.

Information we Share

DOC will not disclose, give, sell, or transfer any PII about our visitors unless it is required. We may share your information with third parties, including the following situations:

• Legal Purposes. We may provide your information to third parties as required by law or to cooperate with regulators or law enforcement authority.
• Health or Safety. We may share your information when we have a good faith belief that there is an emergency that poses a threat to the health or safety of you, another person or the public generally.

Other possible uses of your information:

• We may use PII to respond to you, in which case various people may need to see the information you provide in order to provide a response to you. If enough questions or comments come in that are the same, your question (but not your name) may be added to our Questions and Answers section. We use this information to help us improve our site.
• We may enter information you send into an electronic database to share with attorneys or investigators involved in law enforcement or policy-making.
• We may share information with other government agencies that have public health or consumer protection duties, in which case DOC or any of those agencies may contact you.
• In other limited circumstances, including requests from Congress or private individuals, we may be required by law to disclose information you submit.

Third-Party Social Networking

You may be able to access third-party social networks, such as Facebook, Twitter and Google+, from the Department's websites. For example, when you Like or Share one of our posts, that post may appear on your Facebook page. Please note that these websites have their own set of information practices and privacy policies and DOC is not responsible for the information you choose to submit in these forums.

Children's Online Privacy Protection Act

The Department is committed to complying with the Children's Online Privacy Act (COPPA) and does not use its websites to collect personal information from children under the age of 13 years old. DOC's websites are not directed to children under the age of 13, and we do not knowingly collect personal information from children. If you are under the age of 13, please stop using this website. It is our policy not to knowingly solicit or permit children under the age of 13 to provide their personal information for any purpose. In the event that we learn that we have inadvertently collected personal information from children under the age of 13, we will take reasonable measures to promptly delete the information.

For more information regarding COPPA please visit the Federal Trade Commission's Privacy website and select the Children's Privacy link.

Data Retention

Questions and comments are only retained if required by law, or for a specific program need, as specified by the National Archives and Records Administration's General Records Schedule (GRS) 20, Electronic Records or other approved records schedule as applicable.

Opt Out

Users can choose not to accept the use of these cookies by changing the settings on their local computer's web browser. The USA.gov website, http://www.usa.gov/optout_instructions.shtml, provides general instructions on how to opt out of cookies and other commonly used web measurement and customization technologies. Opting out of cookies still permits users to access comparable information and services; however, it may take longer to navigate or interact with the Department's websites if a user is required to fill out certain information repeatedly.

Links to External Sites

The Department's websites may contain links to websites created and maintained by other public and/or private organizations. We provide these links as a service to visitors to our site. When you follow a link to an external site, you are leaving DOC and are subject to the privacy and security policies of the external site.

The inclusion of links and pointers to websites is not intended to assign importance to those sites or to the information contained on those sites. It is also not intended to endorse or recommend any views expressed or products or services offered on these sites.

The Department does not control or guarantee the accuracy, relevance, timeliness or completeness of information contained on a linked website.

DOC does not endorse the organizations sponsoring the linked websites, and does not endorse the views they express or the products/services they offer.

DOC cannot authorize the use of copyrighted materials contained in linked websites. Visitors must request such authorization from the sponsor of the linked website.

DOC is not responsible for transmissions visitors receive from linked websites.

DOC does not guarantee that outside websites comply with Section 508 (Accessibility Requirements) of the Rehabilitation Act.

DOC will not link to any website that exhibits hate, bias, or discrimination. Furthermore, DOC reserves the right to deny or remove any link that contains misleading information or unsubstantiated claims, or is determined to be in conflict with DOC's mission or policies.

Security

For site security purposes and to ensure that this service remains available to all users, this Government computer system employs software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals evidence of possible abuse or criminal activity, such evidence may be provided to appropriate law enforcement officials. Unauthorized attempts to upload or change information on this server are strictly prohibited and may be punishable by law, including the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act of 1996.

Changes to this Policy

We reserve the right to change this Privacy Policy. We recommend that you check this website from time to time, as we may revise this Privacy Policy. We will provide you with notice of a material change to the Privacy Policy by posting it on our website. The most current version of the policy will govern our use of your information. By continuing to use this website after those changes become effective, you agree to be bound by the revised Privacy Policy.

Consent to Your Information Being Collected

All the information users submit to DOC is done on a voluntary basis. When a user clicks the "Submit" button on any of the Web forms found on DOC's sites, they are indicating they are aware of the DOC Privacy Policy provisions and voluntarily consent to the conditions outlined therein.

Your Rights

You have rights under the Privacy Act and the Freedom of Information Act:

• Privacy Act
• Freedom of Information Act
• Request your records under FOIA and Privacy Act

Questions concerning our privacy policy may be addressed to [email protected]. If you believe this site has not adhered to these principles, please notify us by e-mail at [email protected].

BOU Website Policies

• BEA Website Policy
• BIS Website Policy
• Census Bureau Website Policy
• EDA Website Policy
• ESA Website Policy
• ITA Website Policy
• MBDA Website Policy
• NTIS Website Policy
• NIST Website Policy
• NOAA Website Policy
• NTIA Website Policy
• OIG Website Policy
• OMB Privacy Guidance Website
• O/S Website Policy
• USPTO Website Policy

Questions and Comments

Send Questions and Comments to [email protected].