PRIVACY PROGRAM PLAN
The Department of the Treasury Privacy Program, under the Office of the Assistant Secretary for Management, manages the Department’s compliance with and implementation of the Privacy Act of 1974, Section 208 of the e-Government Act of 2002, along with Office of Management and Budget and Treasury privacy directives. The Privacy Program Plan seeks to integrate privacy protections into the Department, ensuring the protection of the personally identifiable information that is collected, used, maintained, retained, and shared by Treasury programs. The Plan provides references to resources needed for compliance in daily privacy operations, and discusses distribution of authority/responsibility to implement these requirements.
Personally Identifiable Information
PII is any information that is "linked" or is "linkable" to a particular individual. "Linked" means Treasury can identify the individual from the information itself (e.g., their name). "Linkable" means the information could be linked to a particular individual only if it is combined with other information derived from another source (e.g., a full [as opposed to partial] Internet Protocol address is generally linkable to a computer owned by an account holder who subscribes to a particular internet service provider). PII may include, but is not limited to, an individual's name, Social Security number, physical address, email address, Internet Protocol address, phone number, or birth date.
Department of the Treasury - Departmental Offices
This policy applies to Treasury.gov visitors (i.e., visitors to Treasury websites that begin with the designation www.treasury.gov in the Uniform Resource Locator (URL)). The Treasury.gov activities of the following Treasury offices are covered by this policy:
- Domestic Finance
- Economic Policy
- General Counsel
- International Affairs
- Legislative Affairs
- Office of the Secretary of the Treasury
- Special Inspector General for the Troubled Asset Relief Program
- U.S. Treasury Inspector General for Tax Administration
- U.S. Mint
- Internal Revenue Service
- Bureau of Engraving and Printing
- Office of the Comptroller of the Currency
- Bureau of the Fiscal Service
- Financial Crimes Enforcement Network
This policy does not apply to external (outside Treasury) federal agency websites. Treasury.gov provides links to certain external federal agencies' websites. These federal agencies' websites generally are subject to the same laws and other requirements as Treasury websites, but we do not endorse or have any control over any linked federal agencies' website content or implementation of their privacy policies. Therefore, once you access the website of another federal agency, you should review its privacy and security policies because the Treasury.gov policy does not apply to your interaction with that site.
This policy does not apply to external non-governmental organizations' websites linked on Treasury.gov. Treasury.gov provides links to certain external websites that are not subject to the same laws, regulations, or privacy policies as federal websites. If you click a Treasury.gov link to an external website, you generally will receive notice that you are leaving the Treasury.gov site. We do not endorse or have any control over any linked external website content or implementation of their privacy policies. Once you leave Treasury.gov and access an external website, you should review the external privacy and security policies because the Treasury.gov policy does not apply to your interactions with that site.
There are some limited circumstances when we will collect PII from social media sites. This policy applies to Treasury's use of social media websites when and if we collect information that you choose to provide to us by using a Treasury generated hashtag or when you send information to Treasury via email, postal mail, or telephone as instructed on a Treasury account on a particular social media website. Please see the Social Media section below for more information.
We collect information that you voluntarily provide to us. Some types of interactions may require you to disclose PII to Treasury to obtain services offered on Treasury.gov. You may choose to provide information to file a complaint, provide feedback, provide or seek information, or receive news alerts and website content updates (e.g., registration for an email listserv to receive automatic alerts from Treasury). We collect that information through e-mail messages that you send directly to Treasury or through secure web forms. You are not required to provide your information on Treasury.gov for any purpose, but we cannot provide these services without the information requested.
The PII that you provide to us via Treasury.gov will be used only for purposes compatible with the purpose for which it was originally collected. We will use your information to provide the information you request (e.g., news alerts and Treasury.gov website updates), to investigate and resolve complaints, and/or to make changes to Treasury.gov or Treasury programs to address issues or concerns raised in visitor feedback. For example, if you register with a Treasury online mailing list, we will use the e-mail address you provide to send communications as requested. We may also use the email for the compatible purpose of sending you a notice about updates to Treasury.gov. When you choose to send an e-mail to Treasury (though Treasury discourages the public from including PII or other sensitive information in e-mails because of security concerns that may arise during email transit to Treasury) or fill out a secure web form, you are consenting to Treasury using the information provided in accordance with this notice as well as any information provided in the form through which the information is provided. For more information, please see Contact Us
Treasury maintains and disposes of all information it collects on Treasury.gov (either automatically or provided voluntarily) according to federal records retention policies and National Archives and Records Administration requirements. These policies determine how long Treasury keeps the information it collects. The length of time Treasury keeps particular information collected on Treasury.gov depends on the type of information involved. Different types of information may be controlled by different General Records Schedules or Records Control Schedules and, therefore, be kept for longer or shorter periods of time. Unless otherwise required by law, when the information reaches the expiration date stated in the applicable retention policy, it is destroyed.
Sharing and Disclosure
- Internal Sharing -A limited number of Treasury employees and contractors must have access to the information provided on Treasury.gov to perform their duties related to the information you submit to us. This includes employees and contractors responsible for Treasury.gov maintenance and security as well as employees and contractors whose duties include responding to the particular complaint, feedback, or request received.
- External Sharing - We disclose information collected on Treasury.gov only as required by law and/or for purposes consistent with the Privacy Act of 1974. Treasury does not share personally identifiable information obtained on Treasury.gov with other federal agencies or other governmental or non-governmental organizations or individuals except as stated in this policy or as otherwise authorized or required by law. When the Privacy Act applies to PII collected on Treasury.gov, disclosures within Treasury will be limited only to Treasury personnel and contractors who have a need to know the information to perform their official duties. We do not disclose such information externally (outside of Treasury) unless the requirements of the Privacy Act are met. For example, external disclosure may occur if the disclosure is supported by a routine use in the published system of records notice or the disclosure is otherwise allowed by the Privacy Act. Information collected on Treasury.gov may be subject to disclosure under the Freedom of Information Act.
- Commercial Marketing - We do not disclose, give, sell, or transfer any personal information about visitors to our website unless required by statute or for law enforcement purposes. Moreover, we do not create individual profiles with the information you provide or share it with any private organizations. We do not collect or share information for commercial marketing purposes.
Web Measurement and Customization
Single Session and Multi-Session Cookies
Treasury.gov generally uses single session cookies (not multi-session cookies) to collect information from visitors; however our contractors may use multi-session cookies. A cookie is a small text record placed on the computer of a visitor to a website to facilitate communications between visitor's computer and websites they visit. Treasury Directive 81-08, Certification Process for the Use of Web Measurement and Customization Technologies on Treasury Websites, details Treasury's full policy on cookie usage. After meeting all Treasury requirements in Treasury Directive 81-08, Treasury websites may use the following types of cookies:
- Single session - These cookies remember your online interactions within a single session or visit. These cookies expire when you close your browser and are then automatically deleted from your computer. Any identifier is used only within that session, is not later reused, and is deleted immediately after the session ends. Treasury.gov's use of these technologies is referred to as a "Tier 1" use according to Office of Management and Budget Memorandum 10-22, Guidance for Online Use of Web Measurement and Customization Technologies OMB M-10-22
- Multi-session without personally identifiable information - These cookies remember your computer (but not you personally) and browsing activities on Treasury.gov through multiple visits. This technology encompasses any use of multi-session web measurement and customization technologies when no PII is collected. These cookies collect only a part of your Internet Protocol address. This partial IP address is not PII because it cannot be linked with other information to identify you. The use of this multi-session technology is referred to as a "Tier 2" use as that term is described in OMB M-10-22. Treasury.gov does not use multi-session cookies without PII.
- Multi-session with personally identifiable information - These cookies remember the way you interact with a website through multiple visits (when you leave the site and later come back), and can collect PII about you or allow a website to recognize you (by combining it with other information provided by you). This use is "Tier 3" as that term is used in OMB M-10-22. Treasury.gov contractors may use Multi-session cookies with PII.
Google Analytics Collection
When you visit Treasury.gov, we use Google Analytics, a web measurement service, to collect, combine, and summarize information about your use of the site. Google Analytics collects and analyzes information regarding your browsing activities using a "cookie" that Google places on your computer. The Google Analytics software automatically "anonymizes" (i.e., masks the information so it cannot be identified with you) any PII by removing the portion of the Internet Protocol address that could potentially link to your computer or other device to the individual before the information is sent to Google for analysis. Google does not receive any PII from your visit to Treasury.gov. Google automatically receives the anonymized data and immediately combines your data with other Treasury.gov visitors' data for analysis. Neither Treasury.gov nor Google ever have access to information regarding the specifics of your browsing activities on the site. The cookies expire after you leave Treasury.gov and they are automatically deleted from your computer. This use is "Tier 1" according to OMB M-10-22.
If you navigate to Treasury.gov solely to read or download information, Google Analytics collects and stores only the following information in order to deliver aggregate data to Treasury:
- The name of your internet domain: (for example, "xcompany.com" if you use a private Internet access account, or "yourschool.edu" if you are connecting from a university's domain);
- Networking: the full Internet Protocol (IP) address (discussed in more detail below) assigned to the computer or other device (collectively referred to as "device") you used to access the Internet on a particular occasion before you visited Treasury.gov (as stated above, upon collection, the IP address is automatically "anonymized" (i.e., masked so the information cannot be identified with you) any PII by removing the portion of the Internet Protocol address that could potentially link to your computer or other device to the individual before the information is sent to Google for analysis;
- Your internet connection speed;
- Date/Time of Access: the date and time when you accessed Treasury.gov;
- Content: the pages you visited and files you downloaded from Treasury.gov;
- Referrer: the IP address of a website that may have referred you (i.e., linked you) to Treasury.gov; and Device/Browser: technical information about the device you used to access Treasury.gov (e.g., operating system, screen resolution and color, Flash/Java support, and language).
Google Analytics Use
Treasury has a contract with ForeSee that allows ForeSee to place a single-session cookie on your computer when you visit Treasury.gov to administer a customer satisfaction survey. ForeSee uses a single session cookie that prevents you from being presented with the survey multiple times in the same browser session. This cookie expires once you exit the Treasury.gov website and close your browser. It does not collect your PII (e.g., it does not collect Internet Protocol addresses) or identify visitors personally. This use is a "Tier 1" cookie according to OMB M-10-22.
We use the information collected by ForeSee to administer a customer satisfaction survey. ForeSee uses two session cookies on the information section of our Web site to operate surveys we offer to you, without collecting IP addresses (e.g. to manage sampling and control elements such as date and number of pages viewed). For instructions on opting out of cookies, please see: http://www.usa.gov/optout-instructions.shtml.
IP Addresses Collection
Treasury.gov collects your full internet protocol address, browser type, and location information for internal governmental purposes related to information and system security.
IP Addresses Use
We use a full Internet Protocol addresses automatically collected from you to enhance your user experience. All computers or devices that communicate via the Internet are assigned an Internet Protocol address, a sequence of numbers that identifies a computer or other device you use to access the Internet. The full Internet Protocol address allows your computer or other device to communicate with Treasury.gov and other websites on the Internet. Without the exchange of Internet Protocol addresses between visitors and websites, communication over the internet would not be possible. Therefore, we collect the Internet Protocol address when you connect to Treasury.gov so we can communicate with your computer and exchange information.
When the entire sequence of numbers in the Internet Protocol address is collected, it may be used to uniquely identify the device used to access Treasury.gov (or other websites) and distinguish the device from other computers and devices. When combined with other information (e.g., a visitor's internet service provider's records), the full Internet Protocol address sometimes can be used to trace and identify a particular individual who visited Treasury.gov. We only use the Internet Protocol address for this purpose in very limited circumstances. For example, Treasury may use the full Internet Protocol address to trace a particular visitor's identity pursuant to an authorized law enforcement investigation or intelligence inquiry (e.g., to investigate the use of a device to access Treasury.gov in an unauthorized manner or for some other criminal purpose).
External Privacy Policies
When you visit a Treasury page on any of the above social media sites, the privacy and security policies of those websites apply. Treasury does not control, moderate, or endorse the comments or opinions provided by visitors while the information is posted on these sites. These social media sites each have their own privacy notices and we encourage you to read each policy for the social media sites that you use.
Accessing Social Media without an Account.
You are not required to have an account with or subscribe to social media websites on which Treasury has an account to access Treasury content on those sites. You may access Treasury content on social media sites (without becoming a member of the social media website) by linking to the relevant site through Treasury's home page. You may also send comments directly to us (as an alternative to posting on the social media site) using the Contact Us page.
Collection, Use, and Sharing of Information Obtained from Social Media
There are some limited circumstances when Treasury will collect PII from social media sites. This policy applies to our use of social media websites when and if we collect information that you choose to provide when you engage Treasury through third-party social media websites.
Unauthorized uploading or unauthorized attempts to upload or change information on Treasury.gov is strictly prohibited and is punishable by law, including under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act of 1996. Treasury.gov uses software that can monitor network traffic and identify unauthorized attempts to upload or change information, or otherwise cause damage to the website. Use of this system constitutes consent to such monitoring and auditing. Except for authorized law enforcement investigations, this monitoring and auditing is not used to identify individual users or their usage habits.
Treasury takes precautions to maintain the security, confidentiality, and integrity of the information collected and maintained on Treasury.gov in accordance with the requirements of the e-Government Act of 2002 and guidance issued by the National Institute for Science and Technology. Such measures include access controls designed to limit access to the information internally to the extent necessary to accomplish Treasury's mission and complying with the Privacy Act with respect to internal and external disclosures. Treasury reviews and tests these security controls as part of an ongoing process to ensure that personally identifiable information is protected as it is being processed, when it is transmitted, and while it is being stored on any Treasury information technology system.
Sending Email to Treasury
If you choose to transmit or receive personal information electronically (such as by e-mail), your information must travel over the Internet to reach its destination. You should be aware that we cannot guarantee e-mail sent across the Internet is secure against interception. We therefore discourage you from sending information such as Social Security or bank account numbers through e-mail.
Employee and Contractor Training
Treasury employees and contractors are required to safeguard personally identifiable information as well as other sensitive information. All Treasury employees and contractors are required to take annual privacy training and information security training. This training includes proper handling of information subject to the Privacy Act of 1974 and other personally identifiable information.
Treasury.gov is an official United States Government system which may be used only for authorized purposes. To keep Treasury.gov available and secure, Treasury monitors network traffic to the extent necessary to identify unauthorized attempts to add or change information, or otherwise cause damage to the website. "Except for authorized law enforcement investigations, this monitoring and auditing is not used to identify individual users or their usage habits except as otherwise stated in this policy."
Visiting Treasury.gov constitutes consent to such monitoring and auditing.
Visitors who violate the law while using Treasury.gov are subject to prosecution. Unauthorized attempts to alter the confidentiality, integrity, and availability of information on this website are strictly prohibited and are subject to prosecution, including under the Computer Fraud and Abuse Act of 1986, the National Information Infrastructure Protection Act of 1996, and 18 U.S.C. §§ 1001 and 1030.
Children's Online Privacy
Treasury is committed to protecting children's online privacy. Treasury.gov does not attempt to collect personally identifiable information online from children under the age of 13. When visitors to Treasury.gov submit personally-identifiable information through Treasury.gov (e.g., email address, name, or postal address), they are warranting that they are 18 years of age or older.
The Department of the Treasury does not endorse any commercial product, service, process, or enterprise. Links to other web sites and references to any commercial product or enterprise are provided solely for the convenience of the user and do not constitute an endorsement or recommendation. The Department of the Treasury assumes no responsibility for the content or operation of external (outside Treasury) web sites.
The United States Government (including the Department of the Treasury) makes no warranty, express or implied, including the warranties of merchantability and fitness for a particular purpose and assumes no legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process described or depicted on this web site and does not represent that its use would not infringe privately owned rights.
Treasury maintains a separate page related to the Privacy Act. Treasury's privacy compliance materials are available at Privacy and Civil Liberty Impact Assessments, Computer Matching Programs, Directives, Reports, and Systems of Records Notices.