The kinds of information BIS collects

Automatic Collections - BIS Web servers automatically collect the following information:

  • The IP address of the computer from which you visit our sites and, if available, the domain name assigned to that IP address;
  • The type of browser and operating system used to visit our Web sites;
  • The date and time of your visit;
  • The Internet address of the Web site from which you linked to our sites; and
  • The pages you visit.
  • In addition, when you use our search tool our affiliate, USA.gov, automatically collects information on the search terms you enter. No personally identifiable information is collected by USA.gov.

This information is collected to enable BIS to provide better service to our users. The information is used only for aggregate traffic data and not used to track individual users. For example, browser identification can help us improve the functionality and format of our Web site.

Submitted Information: BIS collects information you provide through e-mail and Web forms. We do not collect personally identifiable information (e.g., name, address, phone number, e-mail address) unless you provide it to us. In all cases, the information collected is used to respond to user inquiries or to provide services requested by our users. Any information you provide to us through one of our Web forms is removed from our Web servers within seconds thereby increasing the protection for this information.

Privacy Act System of Records: Some of the information submitted to BIS may be maintained and retrieved based upon personal identifiers (name, e-mail addresses, etc.). In instances where a Privacy Act System of Records exists, information regarding your rights under the Privacy Act is provided on the page where this information is collected.

Consent to Information Collection and Sharing: All the information users submit to BIS is done on a voluntary basis. When a user clicks the "Submit" button on any of the Web forms found on BIS's sites, they are indicating they are aware of the BIS Privacy Policy provisions and voluntarily consent to the conditions outlined therein.

How long the information is retained: We destroy the information we collect when the purpose for which it was provided has been fulfilled unless we are required to keep it longer by statute, policy, or both. For example, under BIS's records retention schedule, any information submitted to obtain an export license must be retained for seven years.

How the information is used: The information BIS collects is used for a variety of purposes (e.g., for export license applications, to respond to requests for information about our regulations and policies, and to fill orders for BIS forms). We make every effort to disclose clearly how information is used at the point where it is collected and allow our Web site user to determine whether they wish to provide the information.

Sharing with other Federal agencies: BIS may share information received from its Web sites with other Federal agencies as needed to effectively implement and enforce its export control and other authorities. For example, BIS shares export license application information with the Departments of State, Defense, and Energy as part of the interagency license review process.

In addition, if a breach of our IT security protections were to occur, the information collected by our servers and staff could be shared with appropriate law enforcement and homeland security officials.

The conditions under which the information may be made available to the public: Information we receive through our Web sites is disclosed to the public only pursuant to the laws and policies governing the dissemination of information. For example, BIS policy is to share information which is of general interest, such as frequently asked questions about our regulations, but only after removing personal or proprietary data. However, information submitted to BIS becomes an agency record and therefore might be subject to a Freedom of Information Act request.

How e-mail is handled: We use information you send us by e-mail only for the purpose for which it is submitted (e.g., to answer a question, to send information, or to process an export license application). In addition, if you do supply us with personally identifying information, it is only used to respond to your request (e.g., addressing a package to send you export control forms or booklets) or to provide a service you are requesting (e.g., e-mail notifications). Information we receive by e-mail is disclosed to the public only pursuant to the laws and policies governing the dissemination of information. However, information submitted to BIS becomes an agency record and therefore might be subject to a Freedom of Information Act request.

The use of "cookies": BIS does not use "persistent cookies" or tracking technology to track personally identifiable information about visitors to its Web sites.

Information Protection: Our sites have security measures in place to protect against the loss, misuse, or alteration of the information on our Web sites. We also provide Secure Socket Layer protection for user-submitted information to our Web servers via Web forms. In addition, staff is on-site and continually monitor our Web sites for possible security threats.

Links to Other Web Sites: Some of our Web pages contain links to Web sites outside of the Bureau of Industry and Security, including those of other federal agencies, state and local governments, and private organizations. Please be aware that when you follow a link to another site, you are then subject to the privacy policies of the new site.

Privacy Impact Assessment: The purpose of a Privacy Impact Assessment (PIA) is to ensure there is no collection, storage, access, use or dissemination of identifiable personal information (and for some organizations business information) that is not both needed and permitted.
Commerce USXPORTS Exporter Support System PIA

Further Information: If you have specific questions about BIS' Web information collection and retention practices, please use the form provided.

Policy Updated:  October 5th, 2016 10:00am

Welcome to the BIS Newsroom! Here you will find information on BIS' current activities, as well as historical records and speeches and testimony from BIS' senior management team members.

September 5, 2017

BIS published a notice in the Federal Register [with hyperlink to the link below] to advise the public that the National Defense Stockpile Market Impact Committee, co-chaired by the departments of Commerce and State, is seeking public comments on the potential market impact of the proposed Fiscal Year 2019 National Defense Stockpile Annual Materials Plan.

Click here to view the FR Notice

 

May 9, 2017

Singapore Man Sentenced to 40 Months in Prison For Plot Involving Exports to Iran of U.S. Components

Click here to view the Press Release

August 29, 2016

BIS published a notice in the Federal Register [with hyperlink to the link below] to advise the public that the National Defense Stockpile Market Impact Committee, co-chaired by the departments of Commerce and State, is seeking public comments on the potential market impact of the proposed Fiscal Year 2018 National Defense Stockpile Annual Materials Plan.

Click here to view the FR Notice

March 7, 2016

Documents Pertaining to the Addition of ZTE Corporation and Related Entities to the Entity List

BIS has added ZTE Corporation and three affiliated entities to the Entity List.   The Entity List (Supplement No. 4 to Part 744) includes foreign entities that are subject to specific license requirements for the export, reexport, or transfer of items subject to the Export Administration Regulations (EAR).  

Click here to view the rule.

The principal bases for the addition of these entities were two ZTE corporate documents entitled “Report Regarding Comprehensive Reorganization and the Standardization of the Company Export Control Related Matters” and “Proposal for Import and Export Control Risk Avoidance.”  These documents outline a ZTE-developed scheme to violate U.S. export control laws by establishing, controlling, and using a series of “detached” (e.g., shell or front) companies to illicitly reexport controlled items to sanctioned countries without authorization.  
These documents, in original language and English translation, are:
         1.    “Report Regarding Comprehensive Reorganization and the Standardization of the Company Export Control Related Matters”
        Mandarin
        English
         2.    “Proposal for Import and Export Control Risk Avoidance”
        Mandarin
        English

 

March 1, 2016

Letter from Secretary Pritzker to several associations on the implementation of the Wassenaar Arrangement “intrusion software” and surveillance technology provisions

 

February 23, 2016
                                                                                                                                                             
BIS publishes rule revising the Entity List


This rule amends the Export Administration Regulations (EAR) by adding eight persons under eight entries to the Entity List under the destination of the United Arab Emirates (U.A.E.).  This final rule also removes nine persons from the Entity List, as the result of a request for removal submitted by these persons, a review of information provided in the removal request in accordance with the procedure for requesting removal or modification of an Entity List entity and further review conducted by the End-User Review Committee (ERC). Finally, this rule is also revising six existing entries in the Entity List.  One entry under Iran is modified to correct the entry by updating the Federal Register citation.  Five entries on the Entity List under the destinations of Armenia, Greece, India, Pakistan and the United Kingdom (U.K.) are modified to reflect a removal from the Entity List.
Entity List Rule

 

February 19, 2016

BIS publishes rule revising the Export Administration Regulations (EAR): Control of Fire Control, Laser, Imaging, and Guidance and Control Equipment the President Determines No Longer Warrant Control Under the United States Munitions List (USML)


This proposed rule describes how articles the President determines no longer warrant control under Category XII (Fire Control, Laser, Imaging, and Guidance and Control Equipment) of the United States Munitions List (USML) of the International Traffic in Arms Regulations (ITAR) would be controlled under the Commerce Control List (CCL) of the Export Administration Regulations (EAR) by amending Export Control Classification Number (ECCN) 7A611 and creating new “600 series” ECCNs 7B611, 7D611, and 7E611.  In addition, for certain dual-use infrared detection items, this proposed rule would expand controls for certain software and technology, eliminate the use of some license exceptions, revise licensing policy, and expand license requirements for certain transactions involving military end users or foreign military commodities.  This proposed rule would also harmonize provisions within the EAR by revising controls related to certain quartz rate sensors and uncooled thermal imaging cameras. This proposed rule was published simultaneously with a Department of State proposed rule that would make related changes to Categories XII of the United States Munitions List.  Comments on these proposed rules are due no later than April 4, 2016.
BIS Rule
State Rule

 
February 9, 2016

BIS publishes clarifications and revisions to military aircraft, gas turbine engines and related items’ license requirements


This proposed rule would add clarifying text to the descriptions of the types of military aircraft controlled on the Commerce Control List.  The lists of items that are subject only to the anti-terrorism reason for control would be clarified and expanded.  This proposed rule was published simultaneously with a Department of State proposed rule that would make related changes to Categories VIII and XIX of the United States Munitions List.  Comments on these proposed rules are due no later than March 25, 2016.
BIS Rule
State Rule

 

January 27, 2016

BIS published Cuba licensing policy revisions


This rule amends the general policy of denial that applies applications for licenses to export or reexport to Cuba.  It provides a general policy of approval for five types of transactions and a policy of case-by-case review for items to meets the needs of the Cuban people even in instances where the Cuban government is the consignee.  This rule does not make any changes to license requirements or to license exception availability.  It was published simultaneously with a Department of the Treasury, Office of Foreign Assets Control rule that amended the Cuban Assets Control Regulations.
BIS Rule
Treasury Rule

Other Recent News Stories

BIS Logo cropped

Digital Privacy Policy

The Federal Government necessarily creates, collets, uses, processes, stores, maintains, disseminates, discloses and disposes of Personally Identifiable Information (PII) to support its mission authorized by Federal regulation.

As the responsibility is disseminated down throughout each agency, activities related to the maintenance of systems of records subject to the Act are to be identified and content reviewed to assure that “only” that information is maintained which is necessary and relevant to a specific function in which the agency is authorized to perform by law or Executive Order 5 U.S.C. 552a € (1) and that no information about the political or religious beliefs and activities of individuals is maintained except as provided within the EO.

In doing so, each agency IAW EO 5 U.S.C. 552a € (4) and (11), must prepare and publish a public notice of the existence and character of those systems collecting such information consistent with the guidance therein. Establish reasonable administrative, technical and physical safeguards to assure that records are only disclosed to those who are authorized to have access and to protect against anticipated threats, hazards or integrity which could result in substantial harm or unfairness to any individual whose information is being maintained.

The agency has the responsibility to publish guidance describing the procedures for any systems that are deemed exempt from provisions of the Privacy Act to include the reasons for the exemption. And to report to OMB and Congress annually the activities of the system and immediately if any proposed changes to the prescribed system of record prior to the changes being implemented.

E-Government Act

Public Law 107-347 was renamed the E-Government Act in 2002. Its purpose was to establish a broader framework of measure that require using Internet-based information technology to enhance citizen access to Government information and services. The Digital Privacy Policy serves as a general notice on an agency website explaining agency information handling practices.

System of Record Notice

A System of Records Notice (SORN) is a public notice published in the Federal Register, required by the Privacy Act of 1974. Its intent is to notify the public of a record that a Federal Agency has created, modified or removed. To remain in compliance with the requirement of supplying a list, BIS has placed a link to the SORN below in the agency reports section.

Publications:

The Privacy Act of 1974, approved December 31, 1974 (Public Law No. 93-579, 5 U.S.C. 552a), set forth a series of requirements governing Federal agency personal record keeping practices. It places the principal responsibility for compliance with its provision on Federal agencies but also provides that the Office of Management and budget (OMB) develop guidelines and regulations with continued assistance to and oversight of the implementation of the Act.

Privacy Act Implementation Rules

BIS has provided a link to all Privacy Act implementation rules IAW 5 U.S.C 552a (f).

Publically Available Agency Reports on Privacy

The Privacy Act requires that agencies give the public notice of their systems of records by publication in the Federal Register. The Privacy Act prohibits the disclosure of a record about an individual from a system of records absent the written consent of the individual, unless the disclosure is pursuant to one of twelve statutory exceptions. The Act also provides individuals with a means by which to seek access to and amendment of their records, and sets forth various agency record-keeping requirements.

OMB Circular A-108, provided the responsibilities for the maintenance of records about individuals by Federal Agencies and guidance on the agencies responsibilities under the Privacy Act.

Whereas the Privacy Act Implementation included guidelines and responsibilities in more detail to define the responsibilities for implementing the Privacy Act of 1974 to ensure that personal information about individuals collected by Federal agencies is limited to that which is legally authorized, necessary and is maintained in a manner which precludes unwarranted intrusions upon individual privacy.

OMB Circular A-130, was later developed to establish policies for the management of Federal information resources, including procedural and analytical guidelines for implementing specific aspects of the policies. OMB A-108, was then rescinded and replaced with Appendix I within OMB Circular A-130 to readdress the pertinent guidance in the from OMB A-108 and provided further explanation of the requirements in the Privacy Act.                  

Privacy Impact Assessment

TCD/CWC
CUESS

The collection of both Personally Identifiable Information (PII) and Business Identifiable Information (BII) is mission essential for BIS. Examples of information collected is as follows; names, addresses, social security numbers, employer identification numbers, telephone numbers, or email addresses. It also includes any information used separately or in combination for identification such as gender, race, date of birth, or geographic indicator.

The E-Government Act of 2002, Section 208 requires a federal agency to issue a Privacy Impact Assessment (PIA) any time the agency is developing or procuring new information technology involving the collection, maintenance or dissemination of information in an identifiable form or that make substantial changes to existing information technology that manages information in identifiable form. A PIA is an analysis of how information in identifiable form is collected, stored, protected, shared and manages.

BIS produces a PIA for each system containing PII/BII.  The PIA also covers confidentiality, access to data, and use of data to demonstrate that the systems owners and developers have incorporated privacy protection throughout the entire life system of the system.

BIS has included a link to their Privacy Impact Assessments, unless doing so would raise security concerns or reveal classified or sensitive information, to include information that is potentially damaging to a national interest, law enforcement effort, or competitive business interest. If such circumstances should be deemed necessary, compelling justification must be provided in order to decline to post a link to a PIA.

Exemptions to the Privacy Act

BIS has provided citations and links for the justification used to establish the final ruling for the exemptions published in the Federal Register that publicizes each Privacy Act exemption claimed for the system of record.

The Nature of Information BIS Collects

Automatic Collections - BIS Web servers automatically collect the following information:

  • The IP address of the computer from which you visit our sites and, if available, the domain name assigned to that IP address;
  • The type of browser and operating system used to visit our Web sites;
  • The date and time of your visit;
  • The Internet address of the Web site from which you linked to our sites; and
  • The pages you visit.
  • In addition, when you use our search tool our affiliate, USA.gov, automatically collects information on the search terms you enter. No personally identifiable information is collected by USA.gov.

This information is collected to enable BIS to provide better service to our users. The information is used only for aggregate traffic data and not used to track individual users. For example, browser identification can help us improve the functionality and format of our Web site.

Purpose and Use of Information Collected

Submitted Information: BIS collects information you provide through e-mail and Web forms. We do not collect personally identifiable information (e.g., name, address, phone number, e-mail address) unless you provide it to us. In all cases, the information collected is used to respond to user inquiries or to provide services requested by our users. Any information you provide to us through one of our Web forms is removed from our Web servers within seconds thereby increasing the protection for this information.

Privacy Act System of Records: Some of the information submitted to BIS may be maintained and retrieved based upon personal identifiers (name, e-mail addresses, etc.). In instances where a Privacy Act System of Records exists, information regarding your rights under the Privacy Act is provided on the page where this information is collected.

Consent to Information Collection and Sharing: All the information users submit to BIS is done on a voluntary basis. When a user clicks the "Submit" button on any of the Web forms found on BIS's sites, they are indicating they are aware of the BIS Privacy Policy provisions and voluntarily consent to the conditions outlined therein.

How the information is used: The information BIS collects is used for a variety of purposes (e.g., for export license applications, to respond to requests for information about our regulations and policies, and to fill orders for BIS forms). We make every effort to disclose clearly how information is used at the point where it is collected and allow our Web site user to determine whether they wish to provide the information.

Machine Readable Privacy Policy

The E-Government Act also requires that agencies adopt machine readable technology that alerts users automatically about whether the site privacy practices match their personal privacy preferences so they can make an informed choice about whether to conduct business with that site. Privacy policy in standardized machine-readable format means a statement about site privacy practices written in a standard computer language (not English text) that can be read automatically by a Web browser.

Whether Information is Shared or Disclosed

Each of the web sites provides BIS with a variety of ways to communicate with different agencies. Some may allow visitors to log in, create profiles and save information in those profiles. We do not collect any personally identifiable information about you through your use of these platforms, however BIS may share information received from its Web sites with other Federal agencies as needed to effectively implement and enforce its export control and other authorities. For example;

Legal purposes – we may provide your information to third parties as required by law to cooperate with regulators or law enforcement authority.

Export License Application – we may provide your information with the Departments of Defense, Energy, State etc., as part of the interagency license review process.

To ensure our computer services remain secure should there be a breach of our IT security protections the overarching Department network system employs software programs to monitor and detect intrusive network traffic being identified as unauthorized attempting to upload or change information, or otherwise cause damage to our computer systems.

Information we receive through our Web sites is disclosed to the public only pursuant to the laws and policies governing the dissemination of information. For example as frequently asked question about our regulations, we use the information to help us improve our site, but only after removing personal or proprietary data.

We use information you send us by email only for the purpose in which it is submitted. In addition, if you do supply us with PII, it is only used to respond to your request or to provide a service you are requesting. However, information submitted to BIS becomes and agency record and therefore might be submitted to a Freedom of Information Act request.

Our web site contains links to other federal agencies, international agencies, and private organizations. Choosing that link will open in a separate window leading you away from our website. Our agency is not responsible for the policies of that web site.

Third-Party Social Networking

You may be able to access third-party social networks, such as Facebook, Twitter and Google+, from BIS websites, however you do so at your own risks. Please note these websites have their own set of information practices and privacy policies and BIS is not responsible for the information you choose to submit. See OMB Memorandum M-10-23, Guidance for Agency Use of Third-Party Websites and Applications (June 25, 2010) for more information.

Information Being Retained

BIS destroys the information collected to include questions and comments when the purpose for which it was provided has been fulfilled unless required to be retained IAW the retention policy specified by the National Archives and Records Administration’s general Records Schedule (GRS) 20, electronic Records or other approved records schedule as applicable.                       

Opt Out/ Use of “cookies”

BIS does not use “persistent cookies” or tracking technology to track personally identifiable information about visitors to its Web sites.

Users can choose not to accept the use of “cookies” by changing the settings on their local computer's web browser. The USA.gov website, http://www.usa.gov/optout_instructions.shtml, provides general instructions on how to opt out of cookies and other commonly used web measurement and customization technologies.

Consent to Information Collection and Sharing

All the information users submit to BIS, is done on a volunteer basis. When a user clicks the “Submit” button on any of the Web forms found on BIS’ sites, they are indicating they are aware of the BIS Privacy Policy provisions and voluntarily consent to the conditions outlined therein.

Children's Online Privacy Protection Act (COPPA)

The Children’s Online Privacy Protection Act (COPPA), 16 CFR Part 312, requires operators of web sites directed to children under age 13, and operators that have actual knowledge of collecting or maintaining personal information from children under 13, to obtain verifiable consent from parents prior to the collection, use, or disclosure of personal information from children. We do not knowingly collect personal information from children under age 13 on our web sites. For more information regarding COPPA please visit the Federal Trade Commission’s Children’s Privacy webpage.

Contact Information for the Senior Agency Official for Privacy (SAOP)

Please send questions or comments to www.commerce.gov/saop

Policy Updated:  July 28th, 2017 2:00pm

   
© BIS 2016