As a Federal agency, the Privacy Act of 1974 (5 U.S.C. § 552a) requires us to protect the information we collect from you.  We respect your right to privacy and will protect it when you visit our website.  We have always treated the privacy of our customers with utmost importance.  In fact, we wrote our first regulation to ensure your privacy.  You may have access to any of the information we collect about you at this site and we will correct any errors you may find.  Our regulation subsection 401.40 provides information on how to get information about you and subsection 401.65 provides information on how to correct information about you.

The Privacy Policy below explains our online information practices.  This policy applies only to the information we collect from you over the Internet.  This policy does not apply to third-party websites that you are able to reach from our website, nor does it cover other information collection practices within the Social Security Administration.  For more information about our privacy practices, please visit our privacy and disclosure webpage.

Our Use Of Web Measurement And Customization Technologies

In order to optimize your experience and provide statistically accurate data about how you use our web site, we use web measurement and customization technologies.  These technologies are commonly known as “cookies,” but may include other technologies.  We have no plans to implement any other such technology, but will continually review any potential future uses of cookies or other technologies and revise this policy as needed.

When we use such technologies, a small piece of text is sent to your computer along with the web page when you visit a site.  No other web site can access the cookie we set; your computer will share the information in the cookie only with the computer that sent it.

There are three “tiers” of these web measurement and customization technologies, as established by the Office of Management and Budget:

  • Tier 1 – Single session. This technology “remembers” the online interactions within a single session or visit to a single web site; they let our server know that a person is continuing a visit to our site and connect the person’s activities for analysis. Any information related to a particular visit to the web site is deleted from the person’s computer immediately after the session ends.
  • Tier 2 – Multi-session without personally identifiable information (PII).  This type of technology  notices when a person returns to a web site and remembers his or her online interactions and preferences across multiple sessions, typically for the purpose of web analytics, but also for customizing people’s online experience.
  • Tier 3 – Multi-session with PII.  This type of cookie is the same as Tier 2, but back-end web site programming ties it to people’s PII. We do not, and have no plan to, use Tier 3 cookies.

1.  The purpose of the web measurement and customization technology

We can provide a better experience for you if we understand how you use the site.  To this end, we use Tier 1 technology when you transact business on line with us, such as applying for benefits or changing your address.  We store this “session cookie” on your computer only during your visit.  The session cookie keeps you and us from losing information you have entered during a business transaction with us. Once you exit our application, your computer deletes the cookie from your computer. When you partially complete one of our on-line applications, we provide you with a secure means of returning to your application that does not use any web measurement technology.

We use Tier 2 technology to help us analyze site use by identifying you as a new or returning visitor; this does nothing other than distinguish whether you have been to our site before.  Our web measurement applications compare the behavior of new and returning visitors in the aggregate to help us identify work flows and trends and also resolve common problems on our site. We do not use this technology to identify you or any other person.

We use Tier 2 web measurement technology to improve our website and provide a better user experience for our customers. This technology anonymously tracks how visitors interact with socialsecurity.gov, including where they came from, what they did on the site, and whether they completed any pre-determined tasks while on the site.

This technology is provided by Google Analytics and the information collected is used to optimize our website; helping us determine top tasks, improve our user interface and diversify our content offerings to meet the needs of our customers. No personally identifiable information is collected, so the anonymity of the end user is protected.  The measurement data that is collected is only retained for as long as is needed for proper analysis and optimization of the website and is accessible only to employees whose position necessitates it.

The Social Security Administration also uses Tier 2 technology to obtain feedback and data on visitors’ satisfaction with the SSA website. To accomplish this, SSA participates in a government-wide relationship with ForeSee Results, which provides an array of survey tools as part of its American Customer Satisfaction Index (ACSI). The ACSI survey is a mix of unique features and tools, including cxReplay (formerly Session Replay), which provides federal agencies with an assessment of the experiences of their web visitors. The ACSI survey does not collect PII. Participation in the AC SI survey is entirely voluntary. Visitors who decline the survey invitation enjoy full access to the identical information and resources on the SSA website as those who take the survey. Answers to the ACSI help SSA improve and evolve its website to make it easier to use and more responsive to the needs of SSA visitors.

The ACSI staff conducts analyses and reports on the aggregated data from the ACSI survey. The reports are only available to SSA website managers, members of the SSA communications and web teams, and others who require user feedback to perform their duties. The SSA retains the data only as long as required by law or needed to support the mission of the SSA website. SSA’s survey policies and practices conform to the Office of Management and Budget Memo-10-22, Guidance for Online Use of Web Measurement and Customization Technologies.

Since disabling this web measurement technology requires modifying individual browser settings it is enabled by default. If you wish to opt-out, you can find step-by-step instructions for changing your settings at http://www.usa.gov/optout_instructions.shtml. Google also provides a browser plug-in that will allow you to opt-out of all Google Analytics measurements, which you can find at http://tools.google.com/dlpage/gaoptout. Please note that opting-out in no way effects your access to content within socialsecurity.gov or how you see the site.

We also use Tier 2 technology on our Open Government page hosted by IdeaScale to make your login easier, prevent anonymous abuse of the service, and ensure fair voting. We also maintain pages on Facebook and YouTube, both of which use Tier 2 technology. We will update our policy as necessary should we extend our use of these technologies in other similar services.

In the future, we plan to make it possible for you to customize your online experience with us by saving your website preferences.  While we are not presently offering such an option, Tier 2 technology is the usual way of providing for such a service.

2. The usage Tier, session type, and technology used

We implement Tier 1 (Single session) and Tier 2 (Multi-session without PII) technologies using the text-based “cookie” technology.

3. The nature of the information collected

We collect information to distinguish between new and returning visitors and track aggregate visitor participation in surveys, outreach, or public interaction

4. The purpose and use of the information

We collect this information to optimize your experience on our website and to collect statistically accurate data about your use of our web-site.

5.  Whether and to whom we will disclose the information

We use the information we collect using these technologies only for SSA program purposes, and disclose only to SSA employees or contractors for those program purposes.

6.  The privacy safeguards applied to the information

We will comply with all applicable statutes and policies in regards to protecting the privacy and security of information we collect using a web measurement or customization technology.  A listing of Privacy Impact Assessments for our electronic systems and collections, including those utilizing web measurement and customization technologies, are located at http://www.socialsecurity.gov/foia/html/pia.htm

7.  The data retention policy for the information

We will retain data the technology makes available only as long as required by law, or specific program need as specified by the National Archives and Records Administration’s General Records Schedule 20, which pertains to Electronic Records or other approved records schedule as applicable.

8.  Whether we enable the technology by default or not and why

In order to optimize your experience and provide statistically accurate data about use of our web-site, the technologies we describe above are enabled by default.  We will review any future additional use of these technologies and change this policy statement accordingly before implementing additional uses of the technologies.

9.  How to opt-out of the web measurement and/or customization technology

You can remove or block the use of web measurement and customization technologies by changing the setting of your browser to block cookies as described at http://www.usa.gov/optout_instructions.shtml.

10.  Statement that opting-out still permits users to access comparable information or services

Should you choose to opt-out, we will always make comparable information or services available to you. You should be aware that changing the settings in your browser to block cookies will affect your interactions with any other web sites that use cookies.

11.  The identities of all third-party vendors involved in the measurement and customization process

We currently use Tier 2 technology on our Open Government page hosted by IdeaScale, as well as on our YouTube and Facebook pages. There are a number of Tier 1 technologies used by SSA. WebTrends is a web-based reporting tool for our internet and intranet applications and informational pages activities. Our WebTrends data collection is purely internal to SSA’s computers; the data collected is not shared with, or stored on, WebTrends’ servers. WebSphere is a similar tool that tracks a user’s session within an application.  Tivoli is an application that keeps track of the authenticated user and maintains a user’s session on the firewall. Some third party social media sites we use may utilize web measurement and customization technologies, however these technologies are not used on behalf of SSA, and are solely used for the third party’s own purposes. In addition, some pages on SSA.gov may include web content or functionality from third parties, such as embedded videos hosted by non-SSA.gov services.

Other Information We May Collect

All personal information you provide to us is voluntary.  We may collect personal information about you (such as, name, e-mail address, Social Security Number, or other unique identifier) only if you specifically and knowingly provide it to us.

Why We Collect Personal Information

We collect personally identifiable information and other information only as necessary to administer our programs.  The information you provide will be used only for that purpose.  We do not sell the information collected at this site, or any other information we collect.  You do not have to give us personal information to visit our website.

Sharing Your Information

We may share the information you provide with our employees or representatives with a “need-to-know,” other Federal agencies (for example, Railroad Retirement Board, or the Department of Veterans Affairs), or other named representatives as needed to expeditiously process your request or transaction.  In a government-wide effort to combat security and virus threats, we may share some information we collect automatically, such as your Internet Protocol address, with other Federal government agencies.  Also, Federal law (such as, the Privacy Act and Social Security Act) may require us to share the collected information for other purposes.  More information about how we share information can be found in our Privacy Act Notices of Systems of Records.

How We Use Your Personal Information

Throughout our website, we will let you know if the information we ask you to provide is voluntary or required.  By providing your personal information, you give us consent to use the information only for the purpose for which it was collected.  We describe those purposes when we collect information.  We will ask for your consent before using the information you provide for any secondary purpose other than those required by Federal law.

COPPA

We are especially concerned about protecting children’s privacy.  Therefore, we comply with the Children’s Online Privacy Protection Act of 1998 (COPPA).  COPPA and its accompanying Federal Trade Commission regulation establish United States Federal law that protects the privacy of children using the Internet.  We encourage parents and teachers to involve themselves in children’s Internet explorations.  We do not intentionally collect information from children under the age of 13.  Our “Kids’ Place” page does not require children to provide any information that could personally identify them.  If, however, a child chooses to provide personally identifying information to us, through an e-mail or otherwise, we will only use it to respond to the inquiry and we will not retain it.

Security

The Internet was originally designed as an open system with no built-in security; however, we are required to protect the information we collect and maintain about you and will not use the Internet to do business with you unless we can do so in a secure manner.  We will take reasonable precautions to maintain the security, confidentiality, and integrity of the information we collect at this site.  We take the following steps to secure the information we collect.
  • Employ internal access controls to ensure that the only people who see your information are those with a need to do so to perform their official duties.
  • Train appropriate personnel on our privacy and security policies to know requirements for compliance.
  • Secure the areas where we retain paper copies of the information we collect online.
  • Perform regular backups of the information we collect online to ensure against loss.
  • Use technical controls to secure the information we collect online including, but not limited to:
    • Secure Socket Layer (SSL)
    • Encryption
    • Firewalls
    • Password protections
  • Periodically test our security procedures to ensure personnel and technical compliance.
  • Employ external access safeguards to identify and prevent unauthorized tries of outsiders to “hack” into, or cause harm to, the information contained in our systems.

When we use contractors to perform various website and database functions.  We make sure that the agreement language with the contractor ensures the security, confidentiality, and integrity of any personal information the contractor may have access to in the course of contract performance.

Email

We suggest that you do not send personal information to us via email.  We will only send you general information via email.

Electronic mail messages that meet the definition of records in the Federal Records Act (44 U.S.C. 3101 et seq.) are covered under the same disposition schedule as all other Federal records.  This means that emails you send us will be preserved and maintained for varying periods of time if those emails meet the definition of Federal records.  Electronic messages that are not records are deleted when no longer needed.

Visiting Other Websites

Our website contains links to international agencies, private organizations, and some commercial entities.  These websites are not within our control and may not follow the same privacy, security, or accessibility polices.  Once you link to another site, you are subject to the policies of that site.  All Federal websites, however, are subject to the same Federal policy, security, or accessibility mandates.

Social Media Sites

The Social Security Administration (SSA) uses third party social media sites to increase transparency, encourage public collaboration with SSA, and in general make our content available in other formats or forums. Please be aware that the privacy protection provided on third party social media sites may not be the same as the privacy protections described for SSA’s website at www.socialsecurity.gov. While we do moderate comments or opinions made on third party social media sites, we do not collect, maintain, or disseminate any personally identifiable information made available to SSA by those sites or users of those sites.