As a Federal agency, the Privacy Act of 1974 (5 U.S.C. § 552a) requires us to protect the information we collect from you. We respect your right to privacy and will protect it when you visit our website. We have always treated the privacy of our customers with utmost importance. In fact, we wrote our first regulation to ensure your privacy. You may have access to any of the information we collect about you at this site and we will correct any errors you may find. Our regulation subsection 401.40 provides information on how to get information about you and subsection 401.65 provides information on how to correct information about you.
In order to optimize your experience and provide statistically accurate data about how you use our web site, we use web measurement and customization technologies. These technologies are commonly known as “cookies,” but may include other technologies. We have no plans to implement any other such technology, but will continually review any potential future uses of cookies or other technologies and revise this policy as needed.
When we use such technologies, a small piece of text is sent to your computer along with the web page when you visit a site. No other web site can access the cookie we set; your computer will share the information in the cookie only with the computer that sent it.
There are three “tiers” of these web measurement and customization technologies, as established by the Office of Management and Budget:
- Tier 1 – Single session. This technology “remembers” the online interactions within a single session or visit to a single web site; they let our server know that a person is continuing a visit to our site and connect the person’s activities for analysis. Any information related to a particular visit to the web site is deleted from the person’s computer immediately after the session ends.
- Tier 2 – Multi-session without personally identifiable information (PII). This type of technology notices when a person returns to a web site and remembers his or her online interactions and preferences across multiple sessions, typically for the purpose of web analytics, but also for customizing people’s online experience.
- Tier 3 – Multi-session with PII. This type of cookie is the same as Tier 2, but back-end web site programming ties it to people’s PII. We do not, and have no plan to, use Tier 3 cookies.
1. The purpose of the web measurement and customization technology
We can provide a better experience for you if we understand how you use the site. To this end, we use Tier 1 technology when you transact business on line with us, such as applying for benefits or changing your address. We store this “session cookie” on your computer only during your visit. The session cookie keeps you and us from losing information you have entered during a business transaction with us. Once you exit our application, your computer deletes the cookie from your computer. When you partially complete one of our on-line applications, we provide you with a secure means of returning to your application that does not use any web measurement technology.
We use Tier 2 technology to help us analyze site use by identifying you as a new or returning visitor; this does nothing other than distinguish whether you have been to our site before. Our web measurement applications compare the behavior of new and returning visitors in the aggregate to help us identify work flows and trends and also resolve common problems on our site. We do not use this technology to identify you or any other person.
We use Tier 2 web measurement technology to improve our website and provide a better user experience for our customers. This technology anonymously tracks how visitors interact with socialsecurity.gov, including where they came from, what they did on the site, and whether they completed any pre-determined tasks while on the site.
This technology is provided by Google Analytics and the information collected is used to optimize our website; helping us determine top tasks, improve our user interface and diversify our content offerings to meet the needs of our customers. No personally identifiable information is collected, so the anonymity of the end user is protected. The measurement data that is collected is only retained for as long as is needed for proper analysis and optimization of the website and is accessible only to employees whose position necessitates it.
The Social Security Administration also uses Tier 2 technology to obtain feedback and data on visitors’ satisfaction with the SSA website. To accomplish this, SSA participates in a government-wide relationship with ForeSee Results, which provides an array of survey tools as part of its American Customer Satisfaction Index (ACSI). The ACSI survey is a mix of unique features and tools, including cxReplay (formerly Session Replay), which provides federal agencies with an assessment of the experiences of their web visitors. The ACSI survey does not collect PII. Participation in the AC SI survey is entirely voluntary. Visitors who decline the survey invitation enjoy full access to the identical information and resources on the SSA website as those who take the survey. Answers to the ACSI help SSA improve and evolve its website to make it easier to use and more responsive to the needs of SSA visitors.
The ACSI staff conducts analyses and reports on the aggregated data from the ACSI survey. The reports are only available to SSA website managers, members of the SSA communications and web teams, and others who require user feedback to perform their duties. The SSA retains the data only as long as required by law or needed to support the mission of the SSA website. SSA’s survey policies and practices conform to the Office of Management and Budget Memo-10-22, Guidance for Online Use of Web Measurement and Customization Technologies.
Since disabling this web measurement technology requires modifying individual browser settings it is enabled by default. If you wish to opt-out, you can find step-by-step instructions for changing your settings at http://www.usa.gov/optout_instructions.shtml. Google also provides a browser plug-in that will allow you to opt-out of all Google Analytics measurements, which you can find at http://tools.google.com/dlpage/gaoptout. Please note that opting-out in no way effects your access to content within socialsecurity.gov or how you see the site.
We also use Tier 2 technology on our Open Government page hosted by IdeaScale to make your login easier, prevent anonymous abuse of the service, and ensure fair voting. We also maintain pages on Facebook and YouTube, both of which use Tier 2 technology. We will update our policy as necessary should we extend our use of these technologies in other similar services.
In the future, we plan to make it possible for you to customize your online experience with us by saving your website preferences. While we are not presently offering such an option, Tier 2 technology is the usual way of providing for such a service.
2. The usage Tier, session type, and technology used
We implement Tier 1 (Single session) and Tier 2 (Multi-session without PII) technologies using the text-based “cookie” technology.
3. The nature of the information collected
We collect information to distinguish between new and returning visitors and track aggregate visitor participation in surveys, outreach, or public interaction
4. The purpose and use of the information
We collect this information to optimize your experience on our website and to collect statistically accurate data about your use of our web-site.
5. Whether and to whom we will disclose the information
We use the information we collect using these technologies only for SSA program purposes, and disclose only to SSA employees or contractors for those program purposes.
6. The privacy safeguards applied to the information
We will comply with all applicable statutes and policies in regards to protecting the privacy and security of information we collect using a web measurement or customization technology. A listing of Privacy Impact Assessments for our electronic systems and collections, including those utilizing web measurement and customization technologies, are located at http://www.socialsecurity.gov/foia/html/pia.htm
7. The data retention policy for the information
We will retain data the technology makes available only as long as required by law, or specific program need as specified by the National Archives and Records Administration’s General Records Schedule 20, which pertains to Electronic Records or other approved records schedule as applicable.
8. Whether we enable the technology by default or not and why
In order to optimize your experience and provide statistically accurate data about use of our web-site, the technologies we describe above are enabled by default. We will review any future additional use of these technologies and change this policy statement accordingly before implementing additional uses of the technologies.
9. How to opt-out of the web measurement and/or customization technology
You can remove or block the use of web measurement and customization technologies by changing the setting of your browser to block cookies as described at http://www.usa.gov/optout_instructions.shtml.
10. Statement that opting-out still permits users to access comparable information or services
11. The identities of all third-party vendors involved in the measurement and customization process
We currently use Tier 2 technology on our Open Government page hosted by IdeaScale, as well as on our YouTube and Facebook pages. There are a number of Tier 1 technologies used by SSA. WebTrends is a web-based reporting tool for our internet and intranet applications and informational pages activities. Our WebTrends data collection is purely internal to SSA’s computers; the data collected is not shared with, or stored on, WebTrends’ servers. WebSphere is a similar tool that tracks a user’s session within an application. Tivoli is an application that keeps track of the authenticated user and maintains a user’s session on the firewall. Some third party social media sites we use may utilize web measurement and customization technologies, however these technologies are not used on behalf of SSA, and are solely used for the third party’s own purposes. In addition, some pages on SSA.gov may include web content or functionality from third parties, such as embedded videos hosted by non-SSA.gov services.
All personal information you provide to us is voluntary. We may collect personal information about you (such as, name, e-mail address, Social Security Number, or other unique identifier) only if you specifically and knowingly provide it to us.
We collect personally identifiable information and other information only as necessary to administer our programs. The information you provide will be used only for that purpose. We do not sell the information collected at this site, or any other information we collect. You do not have to give us personal information to visit our website.
We may share the information you provide with our employees or representatives with a “need-to-know,” other Federal agencies (for example, Railroad Retirement Board, or the Department of Veterans Affairs), or other named representatives as needed to expeditiously process your request or transaction. In a government-wide effort to combat security and virus threats, we may share some information we collect automatically, such as your Internet Protocol address, with other Federal government agencies. Also, Federal law (such as, the Privacy Act and Social Security Act) may require us to share the collected information for other purposes. More information about how we share information can be found in our Privacy Act Notices of Systems of Records.
Throughout our website, we will let you know if the information we ask you to provide is voluntary or required. By providing your personal information, you give us consent to use the information only for the purpose for which it was collected. We describe those purposes when we collect information. We will ask for your consent before using the information you provide for any secondary purpose other than those required by Federal law.
We are especially concerned about protecting children’s privacy. Therefore, we comply with the Children’s Online Privacy Protection Act of 1998 (COPPA). COPPA and its accompanying Federal Trade Commission regulation establish United States Federal law that protects the privacy of children using the Internet. We encourage parents and teachers to involve themselves in children’s Internet explorations. We do not intentionally collect information from children under the age of 13. Our “Kids’ Place” page does not require children to provide any information that could personally identify them. If, however, a child chooses to provide personally identifying information to us, through an e-mail or otherwise, we will only use it to respond to the inquiry and we will not retain it.
- Employ internal access controls to ensure that the only people who see your information are those with a need to do so to perform their official duties.
- Train appropriate personnel on our privacy and security policies to know requirements for compliance.
- Secure the areas where we retain paper copies of the information we collect online.
- Perform regular backups of the information we collect online to ensure against loss.
- Use technical controls to secure the information we collect online including, but not limited to:
- Secure Socket Layer (SSL)
- Password protections
- Periodically test our security procedures to ensure personnel and technical compliance.
- Employ external access safeguards to identify and prevent unauthorized tries of outsiders to “hack” into, or cause harm to, the information contained in our systems.
When we use contractors to perform various website and database functions. We make sure that the agreement language with the contractor ensures the security, confidentiality, and integrity of any personal information the contractor may have access to in the course of contract performance.
We suggest that you do not send personal information to us via email. We will only send you general information via email.
Electronic mail messages that meet the definition of records in the Federal Records Act (44 U.S.C. 3101 et seq.) are covered under the same disposition schedule as all other Federal records. This means that emails you send us will be preserved and maintained for varying periods of time if those emails meet the definition of Federal records. Electronic messages that are not records are deleted when no longer needed.