Personally Identifiable Information
As a general rule, the Department does not collect PII about you when you visit our website, unless you choose to provide such information to us. Submitting PII through our website is voluntary. By doing so, you are giving the Department your permission to use the information for the stated purpose. However, not providing certain information may result in the Department’s inability to provide you with the service you desire.
If you choose to provide us with PII on a Department website, through such methods as completing a web form or sending us an email, we will use that information to help us provide you the information or service you have requested or to respond to your message. The information we may receive from you varies based on what you do when visiting our site.
Generally, the information requested by the Department will be used to respond to your inquiry or to provide you with the service you request. When this information is requested, the reasons for collecting it, a description of the Department’s intended use of the information, how to grant consent to use mandatorily provided information, and how to grant consent for other than statutorily mandated uses will be fully described in a separate customized “Privacy Notice.” This customized Privacy Notice will either appear on the web page collecting the information or be accessible through a hyperlink (link) prominently displayed immediately above or below the information request.
Many of our programs and websites allow you to send us an email. We will use the information you provide to respond to your inquiry. We will only send you general information via email. You should be reminded that email may not necessarily be secure against interception. Therefore, we suggest that you do not send sensitive personal data (such as your Social Security number) to us via email. If your intended email communication is very sensitive, or includes information such as your bank account, credit card, or Social Security number, you should instead send it by U.S. mail. Another alternative may be submission of data through a secure web page, if available.
Electronic mail messages that meet the definition of records in the Federal Records Act (44 U.S.C. 3101 et seq.) are covered under the same disposition schedule as all other Federal records. This means that emails you send us will be preserved and maintained for varying periods of time if those emails meet the definition of Federal records. Electronic messages that are not records are deleted when no longer needed.
Categories of information the Department collects on its websites are further described below.
Automatically Collected Information
We collect and temporarily store certain information about your visit for use in site management and security purposes only. We collect and analyze this information because it helps us to better design our website to suit your needs. We may also automatically collect information about the web content you view in the event of a known security or virus threat. This information includes:
1. The Internet domain from which you access our website (for example, “xcompany.com” if you use a private Internet access account, or “yourschool.edu” if you connect from an educational domain);
2. The Internet Protocol (IP) address (a unique number for each computer connected to the Internet) from which you access our website;
3. The type of browser (e.g., Firefox, Internet Explorer, Chrome) used to access our site;
4. The operating system (e.g., Windows, Mac OS, Unix) used to access our site;
5. The date and time you access our site;
6. The Universal Resource Locators (URLs), or addresses, of the pages you visit;
7. Your username, if it was used to log in to the website; and
8. If you visited this website from another website, the URL of the forwarding site.
We may share the above information with our employees or representatives with a “need-to-know” in the performance of their official duties, other Federal agencies, or other named representatives as needed to quickly process your request or transaction. This information is only used to help us make our site more useful for you. Raw data logs are retained temporarily as required for security and site management purposes only. More information about how we share information can be found in our Privacy Act Systems of Records Notices.
Third-Party Websites and Applications
The Department uses social media websites and other kinds of third-party websites. The Department uses social media websites to interact with foreign constituencies and engage in public diplomacy worldwide. Social media websites are used to publicize embassy and Department events, and engage with members of the public in foreign countries. The Department also uses web measurement and customization technologies to measure the number of visitors to our websites and their various sections and to help make our websites more useful to visitors. In such cases, the third-party application may request an email address, username, password, and geographic location (e.g., State, region, or ZIP code) for account registration purposes. The Department of State does not use third-party websites to solicit and collect PII from individuals. Any PII passively collected (i.e., not solicited) by the third-party website will not be transmitted or stored by the Department; no PII will be disclosed, sold or transferred to any other entity outside the Department, unless required for law enforcement purposes or by statute.
The Department uses various types of online surveys to collect opinions and feedback from a random sample of visitors. Primarily, state.gov uses the ForeSee Results’ American Customer Satisfaction Index (ACSI) online survey on an ongoing basis to obtain feedback and data on visitors’ satisfaction with the state.gov website. This survey does not collect PII. Although the survey invitation pops up for a random sample of visitors, it is optional. If you decline the survey, you will still have access to the identical information and resources at the state.gov site as those who do take the survey. The survey reports are available only to state.gov managers and other designated staff who require this information to perform their duties. The Department may use other limited-time surveys for specific purposes, which are explained at the time they are posted.
The Department retains the data from the ACSI survey results as long as needed to support the mission of the state.gov website.
The Department’s Bureau of Global Public Affairs (GPA) uses the GovDelivery service to deliver email bulletin messages to self-subscribed users. GPA’s Office of Global Web Platforms serves as the executive agent for the Department’s GovDelivery Service and controls who at the Department has access to send email bulletins, create or delete topics.
GovDelivery is a web-based e-mail subscription management system that allows a member of the public (user) to subscribe to news and information on www.state.gov. The GovDelivery user selects specific topics that interest them. Whenever information on that topic is made available by the Department, the user that has subscribed to that topic receives an email. The user’s subscription profile consists of their email address and the topics they wish to receive email updates for. The user may customize and manage their subscription profile in order to receive exactly the types of information they desire, and they may cancel their subscriptions at any time.
Users engaging the Department’s GovDelivery system expect privacy protections while interacting with the Department. We will only use the email addresses provided by the users to send email messages related to the topics selected by the user in the GovDelivery system. We will not use the GovDelivery service to: 1) send email messages not related to the topics selected by the user; 2) actively seek personally identifiable information; and 3) search for or by personally identifiable information without a waiver from our Privacy Office. To the extent a user posts or sends personally identifiable information to the Department’s GovDelivery system, we will use the minimum amount necessary to accomplish a purpose authorized by statute, executive order, or regulation.
Neither the Department nor GovDelivery may share a user’s subscription profile (including email address) without a waiver from the Privacy Office.
Information Collected for Tracking and Customization (Cookies)
A cookie is a small file that a website transfers to your computer to allow it to remember specific information about your session while you are connected. Your computer will only share the information in the cookie with the website that provided it, and no other website can request it. There are two types of cookies:
- Session: Session cookies last only as long as your web browser is open. Once you close your browser, the cookie is deleted. Websites may use session cookies for technical purposes such as to enable better navigation through the site, or to allow you to customize your preferences for interacting with the site.
- Persistent: Persistent cookies are saved on a user’s hard drive in order to determine which users are new to the site or are returning, and for repeat visitors, to block recurring invitations to take the ForeSee satisfaction survey.
If you do not wish to have session or persistent cookies stored on your machine, you can in your browser. You will still have access to all information and resources at Department websites. However, turning off cookies may affect the functioning of some Department websites. Be aware that disabling cookies in your browser will affect cookie usage at all other websites you visit as well.
The Department takes the security of all PII very seriously. We take precautions to maintain the security, confidentiality, and integrity of the information we collect at this site. Such measures include access controls designed to limit access to the information to the extent necessary to accomplish our mission. We also employ various security technologies to protect the information stored on our systems. We routinely test our security measures to ensure that they remain operational and effective.
We take the following steps to secure the information we collect:
- Employ internal access controls to ensure that only personnel who have access to your information are those with a need to do so to perform their official duties.
- Train appropriate personnel on our privacy and security policies and compliance requirements.
- Secure the areas where we retain paper copies of the information we collect online.
- Perform regular backups of the information we collect online to ensure against loss.
- Use technical controls to secure the information we collect online including, but not limited to:
- Secure Socket Layer (SSL)
- Password protections
- Periodically test our security procedures to ensure personnel and technical compliance.
- Employ external access safeguards to identify and prevent unauthorized access by outsiders that attempt to “hack” into, or cause harm to, the information contained in our systems.
We hold our contractors and other third-party providers to the same high standards that we use to ensure the security, confidentiality, and integrity of personal information they may have access to in the course of their work completed on behalf of the Department.
Interaction With Children Online
The Department is committed to the protection of children’s online privacy. The Children’s Online Privacy Protection Act (COPPA) governs information gathered online from or about children under the age of 13. Verifiable consent from a child’s parent or guardian is required before collecting, using, or disclosing personal information from a child under age 13. If a Department website intends to collect information about children under 13 years old, COPPA-required information and instructions will be provided by the specific web page that collects information about the child. The web page will specify exactly what the information will be used for, who will see it, and how long it will be kept.
Visiting Other Websites
Our website contains links to international agencies, private organizations, and some commercial entities. These websites are not within our control and may not follow the same privacy, security, or accessibility policies. Once you link to another site, you are subject to the policies of that site. All Federal websites, however, are subject to the same Federal policy, security, and accessibility mandates. Additional information is available in the Department’s External Link Policy and Disclaimers.
Office of Global Information Services
Privacy Office – A/GIS/PRV
State Annex 9
U.S. Department of State
Washington, DC 20006
Updated November 1, 2018