US Department of Health and Human Services. Third Party Websites and Applications Privacy Impact Assessment



Similar documents
US Department of Health and Human Services. Third Party Websites and Applications Privacy Impact Assessment

SKoolAide Privacy Policy

Interactive Communications International, Inc. Privacy Policy Your Privacy Rights

Privacy Policy. Peeptrade LLC ( Company or We ) respect your privacy and are committed to protecting it through our compliance with this policy.

ADVERTISING SELF-REGULATORY COUNCIL/COUNCIL OF BETTER BUSINESS BUREAUS DECISION

PRIVACY POLICY Effective Date:, INTRODUCTION AND OVERVIEW

Your Privacy Center. Online Privacy Statement. About the Information We Collect

ARYZTA PRIVACY POLICY

FLASH DELIVERY SERVICE

COMCAST.COM - PRIVACY STATEMENT

LIDL PRIVACY POLICY. Effective Date: June 11, 2015

COMMENTARY Scope & Purpose Definitions I. Education. II. Transparency III. Consumer Control

FitCause Privacy Policy

Modern Table Website Privacy Policy

Personal Information - How Do We Collect?

Status: Final. Form Date: 15-JAN-15. Question 1: OPDIV Question 1 Answer: CMS

Please read this Policy carefully. Your continued use of our sites means that you understand and consent to the terms of this Policy.

1. The information we collect and how we collect it.

Information About Our Organization and General Data Collection Practices. Lotlinx Website and Dealer Customers Marketing Efforts

Zubi Advertising Privacy Policy

Privacy Impact Assessment. for. Social Media Websites and Applications. Date: May Point of Contact: Kristen Lefevre

Privacy Policy Last Modified: April 3,

NBA Math Hoops Privacy Statement and Children s Privacy Statement Updated October 17, 2013.

Privacy Policy Last Updated September 10, 2015

GSA s Digital Analytics Program and FTC

INDEX PRIVACY POLICY...2

Bell Code for Business to Consumer Electronic Commerce

TOY INDUSTRY CHECKLIST FOR MOBILE APPS AND PROMOTIONS

TargetingMantra Privacy Policy

How To Know What You Can And Can'T Do At The University Of England Students Union

**MT op» ^chv. Adapted Privacy Impact Assessment. Google Analytics. March 19, Contact

Seashore Point Privacy Policy and Terms of Service

The Canadian Self-Regulatory Program for Online Behavioural Advertising

Beasley Broadcast Group, Inc. Privacy Policy

Privacy and Data Policy

Department of Homeland Security Use of Google Analytics

Information Collected. Type of Information Collected. We may collect two general types of information when you use the Site:

AIG INSURANCE COMPANY OF CANADA Privacy Principles

Use of Web Measurement and Customization Technologies

Privacy Policy documents for

Optum Website Privacy Policy

ADVERTISING SELF-REGULATORY COUNCIL/COUNCIL OF BETTER BUSINESS BUREAUS DECISION

Privacy Policy. Last Update: January 28, 2016

We may collect the following types of information during your visit on our Site:

ADVERTISING SELF-REGULATORY COUNCIL/COUNCIL OF BETTER BUSINESS BUREAUS DECISION

ChangeIt Privacy Policy - Canada

ADVANCED CABLE COMMUNICATIONS WEBSITE PRIVACY POLICY COLLECTION AND USE OF INFORMATION FROM USERS

Collection of Information and Interest-Based Advertising Perceptions

Privacy Statement. Privacy Practices and Feedback

Rise Broadband Networks, Inc. Privacy Policy and Customer California Privacy Rights. Effective date: January, 2016

US 2013 Consumer Data Privacy Study Advertising Edition

Family, Career and Community Leaders of America, Inc. Privacy Policy

We will not collect, use or disclose your personal information without your consent, except where required or permitted by law.

AMC PRIVACY POLICY INFORMATION COLLECTION

Verified Volunteers. A division of SterlingBackcheck. Privacy Policy. Last Updated: November 5, 2014

PRIVACY POLICY. Introduction

ADVERTISING SELF-REGULATORY COUNCIL/COUNCIL OF BETTER BUSINESS BUREAUS DECISION

Dmac Media. Privacy Policy

DEPARTMENT OF HEALTH & HUMAN SERVICES

Zep Inc.: Global Online Privacy Notice

GlobePartners Limited. Privacy Policy

PRIVACY POLICY. To start, it is important for you to know two definitions that are key to understanding our programs and privacy practices:

This Privacy Policy has been prepared by DEBTSUPPORTCENTRE (the Company, we or us)

Certification and Recertification Requirements for the Navigator Program in Federallyfacilitated

Programmatic Marketing Glossary of Terms

PRIVACY POLICY. FAIRWAY LEASING, LLC dba Aaron s Sales & Lease Ownership. Page 1 of 8

Federal Trade Commission Privacy Impact Assessment for:

ADVERTISING SELF-REGULATORY COUNCIL/COUNCIL OF BETTER BUSINESS BUREAUS DECISION

ASC AdChoices Compliance Report

Types of Information That May Be Collected

Vyve Broadband Website Privacy Policy. What Information About Me Is Collected and Stored?

Why It Is Important? Retargeting. Common Objections

DARTFISH PRIVACY POLICY

Privacy Policy. About Us and Our Purpose. Your Privacy is Our Mission

UNILEVER PRIVACY PRINCIPLES UNILEVER PRIVACY POLICY

1. TYPES OF INFORMATION WE COLLECT.

Measurabl, Inc. Attn: Measurabl Support 1014 W Washington St, San Diego CA,

BBVA Wallet Application Privacy Policy

Adaptive Business Management Systems Privacy Policy

CONSENT TO PROCESSING IN THE UNITED STATES AND ELSEWHERE.

NAI Mobile Application Code

APPENDIX B DEFINITIONS

Behavioral (Interest Based) Advertising: State of the Industry going into 2014 November 7, 2013

PRIVACY POLICY. Your Personal Information will be processed by Whistle Sports in the United States.

Talen Energy Corporation Website Privacy Notice

ETHICAL ELECTRIC PRIVACY POLICY. Last Revised: December 15, 2015

ConteGoView, Inc. Privacy Policy Last Updated on July 28, 2015

Johnson Controls Privacy Notice

Protecting your privacy

WIRELESS TRAINING SOLUTIONS. by vlogic, Inc. L a b 0.2 Access to Content Management System

Third Party Application Privacy Impact Assessment

Your privacy is important to CPABC. This Privacy Policy explains how CPABC collects, uses, discloses and retains your information. Who is CPABC?

Acxiom Privacy by Design: Accountability

ROHIT GROUP OF COMPANIES PRIVACY POLICY This privacy policy is subject to change without notice. It was last updated on July 23, 2014.

NAI Code 2013 of Conduct

New York Privacy Officers Forum. Online Behavioral Advertising: Emerging Legal and Business Issues

Online Interest-Based Advertising: The Road Traveled and the Road Ahead

Department of Homeland Security Web Portals

Starfish Tutorial/Manual for Students at Valley City State University

By using our website, you agree that we can place these types of cookies on your device.

Transcription:

US Department of Health and Human Services Third Party Websites and Applications Privacy Impact Assessment Date: 10/21/2015 OPDIV: CMS TPWA Unique Identifier (UID): T-8576744-722595 Tool(s) covered by this TPWA: Rocket Fuel Is this a new TPWA? Yes If an existing TPWA, please provide the reason for revision: Not applicable. Will the use of a third-party Website or application create a new or modify an existing HHS/OPDIV System of Records Notice (SORN) under the Privacy Act? No Indicate the SORN number (or identify plans to put one in place.): Not applicable because CMS is not collecting or storing any personally identifiable information (PII). If not published: Not applicable. Will the use of a third-party Website or application create an information collection subject to OMB clearance under the Paperwork Reduction Act (PRA)? No Indicate the OMB approval number and approval number expiration date (or describe the plans to obtain OMB clearance.) OMB Approval Number: Not applicable. Expiration Date: Not applicable. Does the third-party Website or application contain Federal Records? No Describe the specific purpose for the OPDIV use of the third-party Website or application: Rocket Fuel will be used for retargeting consumers who have previously visited Healthcare.gov with display, video and mobile advertising. Conversion tracking will be in place for Rocket Fuel to measure consumer s activity on Healthcare.gov who were driven to the website from advertising. Have the third-party privacy policies been reviewed to evaluate any risks and to determine whether the Website or application is appropriate for OPDIV use? Yes Describe alternative means by which the public can obtain comparable information or services if they choose not to use the third-party Website or application: The public can

(1) use CMS's paper application, (2) call into CMS's call center, or (3) visit an agent or broker to enroll in coverage. Does the third-party Website or application have appropriate branding to distinguish the OPDIV activities from those of nongovernmental actors? Not applicable because Rocket Fuel is not a separate site or application where branding could be placed. Rocket Fuel is used to place and track advertising on third-party sites. How does the public navigate to the third party Website or application from the OPDIV? Not applicable because Rocket Fuel is not a separate site or application where branding could be placed. Rocket Fuel is used to place and track advertising on third-party sites. Please describe how the public navigate to the third party website or application: Not applicable because Rocket Fuel is not a separate site or application where branding could be placed. Rocket Fuel is used to place and track advertising on third-party sites. If the public navigate to the third-party website or application via an external hyperlink, is there an alert to notify the public that they are being directed to a nongovernmental Website? Not applicable because the public does not navigate to Rocket Fuel advertising services. Has the OPDIV Privacy Policy been updated to describe the use of a third-party Website or application? Yes Provide a hyperlink to the OPDIV Privacy Policy: https://www.healthcare.gov/privacy/ Is an OPDIV Privacy Notice posted on the third-party Website or application? Not applicable because Rocket Fuel is not a separate site or application where branding could be placed. Rocket Fuel is used to place and track advertising on third-party sites. Confirm that the Privacy Notice contains all of the following elements: (i) An explanation that the Website or application is not government-owned or government-operated; (ii) An indication of whether and how the OPDIV will maintain, use, or share PII that becomes available; (iii) An explanation that by using the third-party Website or application to communicate with the OPDIV, individuals may be providing nongovernmental third-parties with access to PII; (iv) A link to the official OPDIV Website; and (v) A link to the OPDIV Privacy Policy: Not applicable because there is no additional Privacy Notice. Is the OPDIV's Privacy Notice prominently displayed at all locations on the thirdparty Website or application where the public might make PII available? Not applicable because there is no additional Privacy Notice. Is PII collected by the OPDIV from the third-party Website or application? No

Will the third-party Website or application make PII available to the OPDIV? No Describe the PII that will be collected by the OPDIV from the third-party Website or application and/or the PII which the public could make available to the OPDIV through the use of the third-party Website or application and the intended or expected use of the PII: CMS does not collect any PII through the use of Rocket Fuel. Describe the type of PII from the third-party Website or application that will be shared, with whom the PII will be shared, and the purpose of the information sharing: PII is not stored or shared. If PII is shared, how are the risks of sharing PII mitigated? No PII is shared with CMS. Will the PII from the third-party Website or application be maintained by the OPDIV? No. If PII will be maintained, indicate how long the PII will be maintained: Not applicable. Describe how PII that is used or maintained will be secured: Not applicable. What other privacy risks exist and how will they be mitigated? CMS will use Rocket Fuel in a manner that will support CMS s mission to inform users of the opportunities for health care coverage available under the Affordable Care Act through HealthCare.gov, while respecting the privacy of users. CMS will conduct periodic reviews of Rocket Fuel s privacy practices to ensure its policies continue to align with agency objectives and privacy policies and do not present unreasonable or unmitigated risks to user privacy. CMS employs Rocket Fuel solely for the purposes of improving CMS services and activities online related to operating HealthCare.gov. Potential Risk: As described in our Privacy Policy, we use persistent cookies on HealthCare.gov to support our digital advertising outreach, and these cookies may be stored on a user s local browser for a limited time. Rocket Fuel cookies used to provide CMS with the Rocket Fuel advertising services are set to expire after 30 months. The use of persistent cookies presents the risk that more information will be collected about users than is necessary to fulfill the purpose of the collection, compromising user privacy. Mitigation: Both HealthCare.gov and Rocket Fuel offer users notice about the use of persistent cookies, the information collected about them, and the data gathering

choices that they have in their website privacy policies. The CMS business need for advertising cookie retention longer than one year is to accurately target users over multiple open enrollment periods. CMS uses a Tealium iq Privacy Manager to give users control over which tags or cookies they want to accept from HealthCare.gov. For Rocket Fuel advertising cookies outside of HealthCare.gov, Rocket Fuel offers users the ability to opt-out of having Rocket Fuel target them using cookies by opting out through: an opt-out link on http://www.rocketfuel.com/privacy/; and opt-out options on websites of industry self-regulation programs respected by Rocket Fuel, including the Digital Advertising Alliance, the Network Advertising Initiative, the European Interactive Digital Advertising Alliance, and the Canadian Self-Regulatory Principles for Online Behavioral Advertising. Potential Risk: CMS uses Rocket Fuel for retargeting, as well as conversion tracking. These advertising techniques use cookies to track users across multiple sites and over time, and the resulting combined information could be used to compromise user privacy by revealing patterns in behavior that the user may not want to disclose to CMS or to disclose to Rocket Fuel to enable and/or improve its provision of advertising services to other Rocket Fuel customers who may wish to target the health care sector. Retargeting is an advertising technique used by online advertisers to present ads to users who have previously visited a particular site. Conversion tracking allows advertisers to measure the impact of their advertisements by tracking whether users who view or interact with an ad later visit a particular site or perform desired actions on such site, such as enrolling in health care coverage on HealthCare.gov. Retargeting and conversion tracking enables CMS to improve the performance of ads by delivering them to relevant audiences and measuring their effect. CMS uses retargeting to provide information to consumers who have previously visited HealthCare.gov, such as reminders about upcoming enrollment deadlines. Mitigation: To mitigate this risk, CMS uses a Tealium iq Privacy Manager to give users control over which tags or cookies they want to accept from HealthCare.gov, including whether they want to accept advertising cookies. Users can also click on the AdChoices icon in the corner of HealthCare.gov ads delivered outside of HealthCare.gov to opt-out of ad targeting.

CMS observes the Do Not Track browser setting for digital advertising that uses retargeting. If Do Not Track is set before a device visits HealthCare.gov, third party retargeting tools will not load on the site. If you did not have Do Not Track on before visiting HealthCare.gov, there are other mitigation strategies, such as the Tealium iq Privacy Manager mentioned above. For more information on Do Not Track or information on how to set the Do Not Track setting in a browser, go to the Do Not Track website at http://donottrack.us/. Rocket Fuel offers users the ability to opt-out of having Rocket Fuel target them using cookies by opting out through: an opt-out link on http://www.rocketfuel.com/privacy/; and opt-out options on websites of industry self-regulation programs respected by Rocket Fuel, including the Digital Advertising Alliance, the Network Advertising Initiative, the European Interactive Digital Advertising Alliance, and the Canadian Self-Regulatory Principles for Online Behavioral Advertising.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information