CDC Digital Media Channel Privacy Policy Notice
The Centers for Disease Control and Prevention (CDC) is committed to maintaining your privacy and protecting your personal information when you visit CDC websites, use CDC’s mobile applications, or receive public health information from CDC. With respect to the collection, use, and disclosure of personally identifiable information (PII), CDC complies with all applicable federal laws.
Our privacy policy is clear:
- CDC does not collect any personally identifiable information (PII) when you visit any of CDC’s digital medial channels unless you choose to provide that information to us.
- Any PII that you choose to provide is fully protected.
- Non-PII information related to your visit to our websites may be automatically collected and temporarily stored.
Here is how we handle information about your visit to our website and users who receive CDC information through CDC or other digital media channels:
If you have any questions regarding CDC’s privacy policy or need further information, please contact CDC Privacy Office at mailto:privacy@cdc.gov, or call 770-488-8660.
Submitting personal information (name, address, telephone number, email address, etc.) is voluntary and is not required to access information on our website. However, if you choose to provide CDC with personally identifiable information — for example by completing a form, leaving a comment, sending email, or completing a survey — we may use that information to respond to your message and/or help us get you the information or services you requested.
We retain the information only for as long as necessary to respond to your question or request. Information submitted electronically is maintained and destroyed as required by the Federal Records Act and records schedules of the National Archives and Records Administration. It may be subject to disclosure in certain cases (for example, if required by a Freedom of Information Act request, court order, or Congressional access request, or if authorized by a Privacy Act System of Records Notice (SORN)). It is subject to the Privacy Act if maintained in a Privacy Act system of record.
For more information, see:
As data retention policies vary from system to system, please check that system’s policy or their individual SORN for more detailed information.
CDC may work through third-party vendors to use geofencing technologies to reach individuals with critical health information at a specific place and time. These technologies can be particularly useful during a public health emergency. Geofencing technologies are location-based services in which an application (app) or other software program uses a mobile device’s global positioning system (GPS) to prompt a specific message, push notification or mobile advertisement (e.g., on web browsers or apps) when that device enters or exits a defined “geofence” or shortly thereafter. A geofence is a virtual perimeter around a real-world geographic area, which could include an airport or land border, school, shopping mall, stadium, or other geographic area.
To receive a geofenced message from CDC, you must have certain apps downloaded and either have background location sharing enabled on your device or be actively using those apps while passing through a geofenced area. A geofence does not track your location or your phone number; it is solely used to detect devices that may enter a specific geographic area at a point in time so they can receive a CDC-sponsored message. Messages may be delivered multiple times within a few days after crossing through a geofenced area, though CDC will limit the number of times an individual would receive a message. Additionally, CDC requires that individuals always have the option to opt-out of messaging, including any ads that are delivered in real-time and shortly thereafter.
CDC may get aggregated data from third-party vendors about the number of times a message is shown, the number of people who see the message, and the number of comments, likes, shares, and clicks a message receives. CDC may also receive aggregated data about the basic demographic groups reached by messages, such as the distribution of ages and gender ranges. CDC does not receive any personally identifiable information (PII) about individuals reached through geotargeted health messages.
If you choose to provide us with information, we may use that information to contact you, respond to your message, or provide you the information or services you requested. In order to serve you better, we may analyze multiple sources of data you have provided (for example, to look up whether you previously contacted the CDC about the same topic so that we do not send you a duplicative response). We may also use messages or comments collected through CDC.gov sites, Apps, or official social media profiles for our own purposes, such as to inform policy decisions or in public advocacy.
We may use data you provide and automatically generated data for statistical analysis to assess, for example, what information is of interest to users, technical design specifications, and system performance. This allows us to make general improvements to our site as well as to offer tailored content to email subscribers (e.g., a follow-up message to subscribers interested in a specific topic based on information they have provided or automatically generated data).
We believe in the importance of protecting the privacy of children online. As such, we will take all reasonable steps to protect the privacy and safety of any child from whom information is collected as required by the Children’s Online Privacy Protection Act (COPPA). A child’s parent or guardian is required to provide consent before CDC collects, uses, or shares personal information from a child under age 13.
When a CDC Web site needs to collect information about a child under 13 years old, COPPA required information and instructions will be provided by the specific Web page that collects information about the child. The Web page will specify exactly what the information will be used for, who will see it, and how long it will be kept.
Personal information about children under 13 years of age may be needed to respond to his/her communication to us. Personal information about your child will be destroyed immediately upon completion of its intended purpose. On rare occasions, it may be determined that a communication from a child under 13 years old should be maintained for historical purposes. Should such an occasion occur, CDC will obtain the necessary consent from the child’s parent.
Finally, we provide many on-line tools and services in support of CDC’s mission. A child under 13 years old may inadvertently provide personal information to one of these services. If this should happen, the information about the child will be deleted immediately upon discovery.
Our digital media channels are not intended to solicit information of any kind from children under age 13. If you believe that we have received information from or about children under age 13, please contact the CDC Privacy Office (see Contact information here).
All CDC digital media offerings, including the CDC.gov site, are maintained by the U.S. Government and protected by various provisions of Title 18 of the U.S. Code. Violations of Title 18 are subject to criminal prosecution in Federal court.
At CDC, reasonable precautions are taken to protect CDC’s digital platforms, including information automatically collected by or voluntarily submitted to CDC.gov or an official CDC page on a third-party site. For example, we restrict access to personally identifiable information to employees, contractors, and vendors who require access to this information in order to perform their official duties, and exercise controls to limit what data they can view based on the specific needs of their position. Access to official CDC accounts on third-party sites is limited to the individuals who administer those accounts, and all official CDC accounts are clearly labeled.
Also, commonly used practices and technical controls are utilized to protect the information in our possession or control, along with CDC.gov itself. These practices and controls include, but are not limited to: encrypting the transfer of personal information over the internet via secure sockets protocols such as Transport Layer Security (TLS), Secure Sockets Layer (SSL) etc., using high-strength firewalls and intrusion detection systems (IDS) to safeguard personal information, and maintaining strict technical controls and procedures to ensure the integrity of all data on CDC.gov.
We periodically review our processes and systems to verify compliance with industry best practices and to ensure the highest level of security for CDC’s all digital platforms.
Information you choose to share with the CDC (directly and via third party sites) may be treated as public information. We may, for example, publish compilations of messages or comments collected through CDC.gov or official social media pages and provide them to national leaders, members of the press, or other individuals outside of the Federal Government. However, we exercise discretion to limit such disclosures to protect your privacy (for example, we generally do not publish last names of commenters).
The CDC uses a third-party analytics provider (for current provider please see current third-party tools/pages list to collect and summarize this information in conjunction with cookies. The third-party analytics provider does not receive personally identifiable information through these cookies and is prohibited from combining, matching, or cross-referencing CDC.gov information with any other information.
Within the CDC, we restrict access to personally identifiable information to only those employees, contractors, and/or vendors who require access to this information in order to perform their official duties and exercise controls to limit what data they can view based on the specific needs of their position. If you choose to share information with us, we may in some cases share that information (or automatically generated information) with other government agencies in response to lawful law enforcement requests or to protect CDC.gov from security threats.
We do not use or share your information for commercial purposes and, except as described above, we do not exchange or otherwise disclose this information.
We will revise or update this policy from time to time. If we make significant changes to how we handle personal information, we will post changes to the policy on our site and change the date at the bottom. We will provide additional notice in advance (e.g., a disclaimer on our website or an email to subscribers) if material changes are being made.