US Department of Health and Human Services. Third Party Websites and Applications Privacy Impact Assessment



Similar documents
US Department of Health and Human Services. Third Party Websites and Applications Privacy Impact Assessment

SKoolAide Privacy Policy

Zep Inc.: Global Online Privacy Notice

Information About Our Organization and General Data Collection Practices. Lotlinx Website and Dealer Customers Marketing Efforts

ARYZTA PRIVACY POLICY

Please read this Policy carefully. Your continued use of our sites means that you understand and consent to the terms of this Policy.

Seashore Point Privacy Policy and Terms of Service

Department of Homeland Security Use of Google Analytics

COMCAST.COM - PRIVACY STATEMENT

**MT op» ^chv. Adapted Privacy Impact Assessment. Google Analytics. March 19, Contact

Information Collected. Type of Information Collected. We may collect two general types of information when you use the Site:

Privacy Policy Last Updated September 10, 2015

GSA s Digital Analytics Program and FTC

Interactive Communications International, Inc. Privacy Policy Your Privacy Rights

Privacy Policy. Peeptrade LLC ( Company or We ) respect your privacy and are committed to protecting it through our compliance with this policy.

Privacy Statement. Privacy Practices and Feedback

Collection of Information and Interest-Based Advertising Perceptions

FitCause Privacy Policy

FLASH DELIVERY SERVICE

PRIVACY POLICY Effective Date:, INTRODUCTION AND OVERVIEW

Your Privacy Center. Online Privacy Statement. About the Information We Collect

Beasley Broadcast Group, Inc. Privacy Policy

AIG INSURANCE COMPANY OF CANADA Privacy Principles

Zubi Advertising Privacy Policy

TargetingMantra Privacy Policy

We may collect the following types of information during your visit on our Site:

1. The information we collect and how we collect it.

What personal information do we collect from the people that visit our blog, website or app?

LIDL PRIVACY POLICY. Effective Date: June 11, 2015

NBA Math Hoops Privacy Statement and Children s Privacy Statement Updated October 17, 2013.

Measurabl, Inc. Attn: Measurabl Support 1014 W Washington St, San Diego CA,

SchoolFront.com Privacy & Security

INDEX PRIVACY POLICY...2

Use of Web Measurement and Customization Technologies

1. TYPES OF INFORMATION WE COLLECT.

Privacy Policy Last Modified: April 3,

PRIVACY POLICY Our privacy policy discloses how we gather and use your data. In short we do not collect sensitive personal information.

Status: Final. Form Date: 15-JAN-15. Question 1: OPDIV Question 1 Answer: CMS

Verified Volunteers. A division of SterlingBackcheck. Privacy Policy. Last Updated: November 5, 2014

Privacy and Data Policy

Optum Website Privacy Policy

Privacy Impact Assessment. for. Social Media Websites and Applications. Date: May Point of Contact: Kristen Lefevre

Online Privacy Policy

Abilities Centre collects personal information for the following purposes:

Personal Information - How Do We Collect?

Pilot Freight Services Privacy Policy

(BETA DRAFT)PRIVACY DISCLOSURES

Adaptive Business Management Systems Privacy Policy

How To Know What You Can And Can'T Do At The University Of England Students Union

This Privacy Policy has been prepared by DEBTSUPPORTCENTRE (the Company, we or us)

Federal Trade Commission Privacy Impact Assessment for:

UNILEVER PRIVACY PRINCIPLES UNILEVER PRIVACY POLICY

Family, Career and Community Leaders of America, Inc. Privacy Policy

ADVANCED CABLE COMMUNICATIONS WEBSITE PRIVACY POLICY COLLECTION AND USE OF INFORMATION FROM USERS

PRIVACY POLICY. FAIRWAY LEASING, LLC dba Aaron s Sales & Lease Ownership. Page 1 of 8

Privacy Policy documents for

AMC PRIVACY POLICY INFORMATION COLLECTION

If you have any questions about our privacy practices, please refer to the end of this privacy policy for information on how to contact us.

Federal Trade Commission Privacy Impact Assessment. Conference Room Scheduling PIA

CONSENT TO PROCESSING IN THE UNITED STATES AND ELSEWHERE.

PRIVACY IMPACT ASSESSMENT (PIA) For the

Dmac Media. Privacy Policy

Privacy Policy GEM Payment Services - Privacy Policy, effective 2012

Rise Broadband Networks, Inc. Privacy Policy and Customer California Privacy Rights. Effective date: January, 2016

How We Use Your Personal Information On An Afinion International Ab And Afion International And Afinion Afion Afion

Programmatic Marketing Glossary of Terms

Vyve Broadband Website Privacy Policy. What Information About Me Is Collected and Stored?

Cookies Compliance Advisory

FOUR BLOCK FOUNDATION, INC. PRIVACY POLICY November 6, 2015

Privacy Policy. About Us and Our Purpose. Your Privacy is Our Mission

Types of Information That May Be Collected

Small Business Health Options Program (SHOP) Health coverage application for employers

Privacy Policy I. THE INFORMATION WE COLLECT AND HOW WE USE IT

Privacy Policy & Terms of Use Effective: 12/13/2011. Terms and Conditions. Changes in this Privacy Policy. Internet Privacy & Security

Privacy Policy. Last Update: January 28, 2016

Decision-making using web analytics. Rachell Underhill, UNC Grad School Anita Crescenzi, UNC Health Sciences Library

Introduction. February 10, 2015

INTRODUCTION We respect your privacy and are committed to protecting it through our compliance with this privacy policy.

Web Sites Covered This policy covers NASBA.org and all other NASBA affiliated sites that link to this policy.

ETHICAL ELECTRIC PRIVACY POLICY. Last Revised: December 15, 2015

PRIVACY POLICY. The Policy is incorporated into Terms of Use and is subject to the terms laid down therein.

The privacy of DataLogic CRM, Inc. s customers and affiliates is important to us. Therefore:

Green Pharm is committed to your privacy. We disclose our information practices below and we agree to notify you of:

Our collection of information

Search Marketing By Design

FIVE REASONS RETARGETING IS CRITICAL FOR YOUR BUSINESS

Modern Table Website Privacy Policy

ADVERTISING SELF-REGULATORY COUNCIL/COUNCIL OF BETTER BUSINESS BUREAUS DECISION

corporate.ford.com/jobs Privacy Statement

TOY INDUSTRY CHECKLIST FOR MOBILE APPS AND PROMOTIONS

nexusfordevelopment.org Privacy Policy

ChangeIt Privacy Policy - Canada

By using our website, you agree that we can place these types of cookies on your device.

ROHIT GROUP OF COMPANIES PRIVACY POLICY This privacy policy is subject to change without notice. It was last updated on July 23, 2014.

APPENDIX B DEFINITIONS

GlobePartners Limited. Privacy Policy

The Canadian Self-Regulatory Program for Online Behavioural Advertising

Johnson Controls Privacy Notice

Layar Privacy Policy

PRIVACY NOTICE. Last Updated: March 24, 2015

Transcription:

US Department of Health and Human Services Third Party Websites and Applications Privacy Impact Assessment Date: 10/21/2015 OPDIV: CMS TPWA Unique Identifier (UID): T-5775483-419703 Tool(s) covered by this TPWA: GOOGLE ADVERTISING SERVICES DoubleClick, AdWords, AdMob Is this a new TPWA? Yes If an existing TPWA, please provide the reason for revision: Not applicable. Will the use of a third-party Website or application create a new or modify an existing HHS/OPDIV System of Records Notice (SORN) under the Privacy Act? No Indicate the SORN number (or identify plans to put one in place.): Not applicable because CMS is not collecting or storing any personally identifiable information (PII). If not published: Not applicable Will the use of a third-party Website or application create an information collection subject to OMB clearance under the Paperwork Reduction Act (PRA)? No Indicate the OMB approval number and approval number expiration date (or describe the plans to obtain OMB clearance.) OMB Approval Number: Not applicable. Expiration Date: Not applicable. Does the third-party Website or application contain Federal Records? No Describe the specific purpose for the OPDIV use of the third-party Website or application: CMS uses Google advertising services, including DoubleClick, AdWords, and AdMob for the placement of digital advertising on third-party and Google sites in order to reach new users and provide information to previous visitors to HealthCare.gov. Each of these tools serves a distinct purpose. Google s DoubleClick service operates as a backbone to serve CMS ads, Google

AdWords facilitates placing CMS advertisements on Google and third-party websites, and Google s AdMob facilitates placing CMS advertisements on mobile applications. Have the third-party privacy policies been reviewed to evaluate any risks and to determine whether the Website or application is appropriate for OPDIV use? Yes Describe alternative means by which the public can obtain comparable information or services if they choose not to use the third-party Website or application: If users do not want to interact with Google advertising services but still want to obtain health insurance through HealthCare.gov, they can (1) navigate directly to HealthCare.gov by typing the site address into their browser, (2) use CMS's paper application, (3) call into CMS's call center, or (4) visit an agent or broker to enroll in coverage. Does the third-party Website or application have appropriate branding to distinguish the OPDIV activities from those of nongovernmental actors? Not applicable because Google advertising services are not a separate site or application where branding could be placed, but they are rather used to place and track advertising on thirdparty and Google sites. How does the public navigate to the third party Website or application from the OpDiv? The public does not navigate to Google advertising services, as they are used to place and track advertising on third-party and Google sites. The public can generally navigate to these sites in the same way as any other publicly available website. Please describe how the public navigate to the third party website or application: The public does not navigate to Google advertising services, as they are used to place and track advertising on third-party and Google sites. The public can generally navigate to these sites in the same way as any other publicly available website. If the public navigate to the third-party website or application via an external hyperlink, is there an alert to notify the public that they are being directed to a nongovernmental Website? No Has the OPDIV Privacy Policy been updated to describe the use of a third-party Website or application? Yes Provide a hyperlink to the OPDIV Privacy Policy: https://www.healthcare.gov/privacy/ Is an OPDIV Privacy Notice posted on the third-party Website or application? Not applicable because Google advertising services are not a separate site or

application where a Privacy Notice could be placed, but they are rather used to place and track advertising on third-party and Google sites. Confirm that the Privacy Notice contains all of the following elements: (i) An explanation that the Website or application is not government-owned or government-operated; (ii) An indication of whether and how the OPDIV will maintain, use, or share PII that becomes available; (iii) An explanation that by using the third-party Website or application to communicate with the OPDIV, individuals may be providing nongovernmental third-parties with access to PII; (iv) A link to the official OPDIV Website; and (v) A link to the OPDIV Privacy Policy Not applicable because there is no additional Privacy Notice. Is the OPDIV's Privacy Notice prominently displayed at all locations on the thirdparty Website or application where the public might make PII available? Not applicable because there is no additional Privacy Notice. Is PII collected by the OPDIV from the third-party Website or application? No Will the third-party Website or application make PII available to the OPDIV? No Describe the PII that will be collected by the OPDIV from the third-party Website or application and/or the PII which the public could make available to the OPDIV through the use of the third-party Website or application and the intended or expected use of the PII: CMS does not collect any PII through the use of Google advertising services. Describe the type of PII from the third-party Website or application that will be shared, with whom the PII will be shared, and the purpose of the information sharing: PII is not stored or shared. If PII is shared, how are the risks of sharing PII mitigated? No PII is shared with CMS. Will the PII from the third-party Website or application be maintained by the OPDIV? No If PII will be maintained, indicate how long the PII will be maintained: Not applicable. Describe how PII that is used or maintained will be secured: Not applicable. What other privacy risks exist and how will they be mitigated? CMS will use Google advertising services in a manner that will support CMS s mission to inform users of the opportunities for health care coverage available under the Affordable Care Act through HealthCare.gov, while respecting the privacy of users. CMS will conduct periodic reviews of Google s privacy practices to ensure its policies continue to align with agency objectives and privacy policies and do not present unreasonable or unmitigated risks to user privacy.

CMS employs Google advertising services solely for the purposes of improving CMS s services and activities online related to operating HealthCare.gov. Potential Risk: As described in our Privacy Policy, we use persistent cookies on HealthCare.gov to support our digital advertising outreach, and these cookies may be stored on a user s local browser for a limited time. Google advertising cookies used to provide CMS with the Google advertising services are set to expire after a maximum of two years. Cookies persisting for a long period of time present a risk that more information will be collected about users than is necessary to fulfill the collection purpose, compromising user privacy. Mitigation: The CMS business need for advertising cookie retention longer than one year is to accurately target users over multiple open enrollment periods. Both HealthCare.gov and Google offer users notice about the use of persistent cookies, the information collected about them, and the data gathering choices that they have in their website privacy policies. CMS uses a Tealium iq Privacy Manager to give users control over which tags or cookies they want to accept from HealthCare.gov. For Google advertising cookies outside of HealthCare.gov, Google offers users the ability to opt-out of having Google advertising services target them using cookies by opting out through: choices offered at http://www.google.com/settings/ads/; and opt-out options on websites of industry self-regulation programs respected by Google, including the Digital Advertising Alliance and the Network Advertising Initiative. Google also respects mobile operating system advertising choices, allowing users to opt out of mobile interest based advertising. Potential Risk: CMS uses Google advertising services for retargeting, as well as conversion tracking. These advertising techniques use cookies to track users across multiple sites and over time, and the resulting combined information could be used to compromise user privacy by revealing patterns in behavior that the user may not want to disclose to CMS or to Google for provision of advertising services to other Google customers who may wish to target the health care sector.

Retargeting is an advertising technique used by online advertisers to present ads to users who have previously visited a particular site. Conversion tracking allows advertisers to measure the impact of their advertisements by tracking whether users who view or interact with an ad later visit a particular site or perform desired actions on such site, such as enrolling in health care coverage on HealthCare.gov. Retargeting and conversion tracking enables CMS to improve the performance of ads by delivering them to relevant audiences and measuring their effect. CMS uses retargeting to provide information to consumers who have previously visited HealthCare.gov, such as reminders about upcoming enrollment deadlines. Mitigation: To mitigate this risk, CMS uses a Tealium iq Privacy Manager to give users control over which tags or cookies they want to accept from HealthCare.gov, including whether they want to accept advertising cookies. Users can also click on the AdChoices icon in the corner of HealthCare.gov ads delivered outside of HealthCare.gov to opt-out of ad targeting. CMS observes the Do Not Track browser setting for digital advertising that uses retargeting. If Do Not Track is set before a device visits HealthCare.gov, third party retargeting tools will not load on the site. If you did not have Do Not Track on before visiting HealthCare.gov, there are other mitigation strategies, such as the Tealium iq Privacy Manager mentioned above. For more information on Do Not Track or information on how to set the Do Not Track setting in a browser, go to the Do Not Track website at http://donottrack.us/. Google offers users the ability to opt-out of having Google advertising services target them using cookies by opting out through: choices offered at http://www.google.com/settings/ads/; and opt-out options on websites of industry self-regulation programs respected by Google, including the Digital Advertising Alliance and the Network Advertising Initiative. Google also respects mobile operating system advertising choices, allowing users to opt out of mobile interest based advertising. Potential Risk: The ability of Google to record, analyze, track, and profile the activities of internet users with data that is both personally identifiable and data that is not personally identifiable presents risk that data about HealthCare.gov users could be used to personally identify HealthCare.gov users or could otherwise be misused. Mitigation: CMS does not receive any personally identifiable information from Google advertising services, and other data received from Google advertising services is available only to CMS managers, teams who implement Federally facilitated

Marketplaces programs represented on HealthCare.gov, members of the CMS communications and web teams, and other designated federal staff and contractors who need this information to perform their duties. Google provides information on the types of information collected about users in its privacy policy, as well as choices with respect to such information collection or how it is used. For example, users can: Review and update their Google activity controls to decide what types of data, such as videos they ve watched on YouTube or past searches, they would like saved with their account when they use Google services. Review and control certain types of information tied to their Google Account by using Google Dashboard. View and edit their preferences about the Google ads shown to them on Google and across the web, such as which categories might interest them, using Ads Settings. They can also opt out of certain Google advertising services in Google s Ads Settings. Adjust how the Profile associated with their Google Account appears to others. Control who they share information with through their Google Account. Take information associated with their Google Account out of many of Google s services. Choose whether their Profile name and Profile photo appear in shared endorsements that appear in ads.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information