Print

Digital Privacy Policy

The Federal Government necessarily creates, collets, uses, processes, stores, maintains, disseminates, discloses and disposes of Personally Identifiable Information (PII) to support its mission authorized by Federal regulation.

As the responsibility is disseminated down throughout each agency, activities related to the maintenance of systems of records subject to the Act are to be identified and content reviewed to assure that “only” that information is maintained which is necessary and relevant to a specific function in which the agency is authorized to perform by law or Executive Order 5 U.S.C. 552a € (1) and that no information about the political or religious beliefs and activities of individuals is maintained except as provided within the EO.

In doing so, each agency IAW EO 5 U.S.C. 552a € (4) and (11), must prepare and publish a public notice of the existence and character of those systems collecting such information consistent with the guidance therein. Establish reasonable administrative, technical and physical safeguards to assure that records are only disclosed to those who are authorized to have access and to protect against anticipated threats, hazards or integrity which could result in substantial harm or unfairness to any individual whose information is being maintained.

The agency has the responsibility to publish guidance describing the procedures for any systems that are deemed exempt from provisions of the Privacy Act to include the reasons for the exemption. The agency has the responsibility to report to OMB and Congress annually the activities of the system and prior to changes being implemented, report immediately if any proposed changes to the prescribed system of record.

E-Government Act

Public Law 107-347 was renamed the E-Government Act in 2002. Its purpose was to establish a broader framework of measure that requires using Internet-based information technology to enhance citizen access to Government information and services. The Digital Privacy Policy serves as a general notice on an agency website explaining agency information handling practices.

System of Record Notice

A System of Records Notice (SORN) is a public notice published in the Federal Register, required by the Privacy Act of 1974. Its intent is to notify the public of a record that a Federal Agency has created, modified or removed. To remain in compliance with the requirement of supplying a list, BIS has placed a link to the SORN below in the agency reports section.

Publications

The Privacy Act of 1974, approved December 31, 1974 (Public Law No. 93-579, 5 U.S.C. 552a), set forth a series of requirements governing Federal agency personal record keeping practices. It places the principal responsibility for compliance with its provision on Federal agencies but also provides that the Office of Management and budget (OMB) develop guidelines and regulations with continued assistance to and oversight of the implementation of the Act.

Privacy Act Implementation Rules

BIS has provided a link to all Privacy Act implementation rules IAW 5 U.S.C 552a (f).

Publically Available Agency Reports on Privacy

The Privacy Act requires that agencies give the public notice of their systems of records by publication in the Federal Register. The Privacy Act prohibits the disclosure of a record about an individual from a system of records absent the written consent of the individual, unless the disclosure is pursuant to one of twelve statutory exceptions. The Act also provides individuals with a means by which to seek access to and amendment of their records, and sets forth various agency record-keeping requirements.

OMB Circular A-108 provided the responsibilities for the maintenance of records about individuals by Federal Agencies and guidance on the agencies responsibilities under the Privacy Act.

Whereas the Privacy Act Implementation included guidelines and responsibilities in more detail to define the responsibilities for implementing the Privacy Act of 1974 to ensure that personal information about individuals collected by Federal agencies is limited to that which is legally authorized, necessary and is maintained in a manner which precludes unwarranted intrusions upon individual privacy.

OMB Circular A-130 was later developed to establish policies for the management of Federal information resources, including procedural and analytical guidelines for implementing specific aspects of the policies. OMB A-108, was then rescinded and replaced with Appendix I within OMB Circular A-130 to readdress the pertinent guidance in the from OMB A-108 and provided further explanation of the requirements in the Privacy Act.                                                       

Privacy Impact Assessment

Privacy Impact Assessment for the Chemical Weapons Convention (CSC) System

Privacy Impact Assessment for the Commerce USXPORTS Exporter Support System 

The collection of both Personally Identifiable Information (PII) and Business Identifiable Information (BII) is mission essential for BIS. Examples of information collected is as follows; names, addresses, social security numbers, employer identification numbers, telephone numbers, or email addresses. It also includes any information used separately or in combination for identification such as gender, race, date of birth, or geographic indicator.

The E-Government Act of 2002, Section 208 requires a federal agency to issue a Privacy Impact Assessment (PIA) any time the agency is developing or procuring new information technology involving the collection, maintenance or dissemination of information in an identifiable form or that make substantial changes to existing information technology that manages information in identifiable form. A PIA is an analysis of how information in identifiable form is collected, stored, protected, shared and manages.

BIS produces a PIA for each system containing PII/BII.  The PIA also covers confidentiality, access to data, and use of data to demonstrate that the systems owners and developers have incorporated privacy protection throughout the entire life system of the system.

BIS has included a link to their Privacy Impact Assessments, unless doing so would raise security concerns or reveal classified or sensitive information, to include information that is potentially damaging to a national interest, law enforcement effort, or competitive business interest. If such circumstances should be deemed necessary, compelling justification must be provided in order to decline to post a link to a PIA.

Exemptions to the Privacy Act

BIS has provided citations and links for the justification used to establish the final ruling for the exemptions published in the Federal Register that publicizes each Privacy Act exemption claimed for the system of record.

The Nature of Information BIS Collects

Automatic Collections - BIS Web servers automatically collect the following information:

This information is collected to enable BIS to provide better service to our users. The information is used only for aggregate traffic data and not used to track individual users. For example, browser identification can help us improve the functionality and format of our Web site.

Purpose and Use of Information Collected

Submitted Information: BIS collects information you provide through e-mail and Web forms. We do not collect personally identifiable information (e.g., name, address, phone number, e-mail address) unless you provide it to us. In all cases, the information collected is used to respond to user inquiries or to provide services requested by our users. Any information you provide to us through one of our Web forms is removed from our Web servers within seconds thereby increasing the protection for this information.

Privacy Act System of Records: Some of the information submitted to BIS may be maintained and retrieved based upon personal identifiers (name, e-mail addresses, etc.). In instances where a Privacy Act System of Records exists, information regarding your rights under the Privacy Act is provided on the page where this information is collected.

Consent to Information Collection and Sharing: All the information users submit to BIS is done on a voluntary basis. When a user clicks the "Submit" button on any of the Web forms found on BIS's sites, they are indicating they are aware of the BIS Privacy Policy provisions and voluntarily consent to the conditions outlined therein.

How the information is used: The information BIS collects is used for a variety of purposes (e.g., for export license applications, to respond to requests for information about our regulations and policies, and to fill orders for BIS forms). We make every effort to disclose clearly how information is used at the point where it is collected and allow our Web site user to determine whether they wish to provide the information.

Machine Readable Privacy Policy

The E-Government Act also requires that agencies adopt machine readable technology that alerts users automatically about whether the site privacy practices match their personal privacy preferences so they can make an informed choice about whether to conduct business with that site. Privacy policy in standardized machine-readable format means a statement about site privacy practices written in a standard computer language (not English text) that can be read automatically by a Web browser.

Whether Information is Shared or Disclosed

Each of the web sites provides BIS with a variety of ways to communicate with different agencies. Some may allow visitors to log in, create profiles and save information in those profiles. We do not collect any personally identifiable information about you through your use of these platforms, however BIS may share information received from its Web sites with other Federal agencies as needed to effectively implement and enforce its export control and other authorities. For example;

Legal purposes – we may provide your information to third parties as required by law to cooperate with regulators or law enforcement authority.

Export License Application – we may provide your information with the Departments of Defense, Energy, State etc., as part of the interagency license review process.

To ensure our computer services remain secure should there be a breach of our IT security protections the overarching Department network system employs software programs to monitor and detect intrusive network traffic being identified as unauthorized attempting to upload or change information, or otherwise cause damage to our computer systems.

Information we receive through our Web sites is disclosed to the public only pursuant to the laws and policies governing the dissemination of information. For example as frequently asked question about our regulations, we use the information to help us improve our site, but only after removing personal or proprietary data.

We use information you send us by email only for the purpose in which it is submitted. In addition, if you do supply us with PII, it is only used to respond to your request or to provide a service you are requesting. However, information submitted to BIS becomes and agency record and therefore might be submitted to a Freedom of Information Act request.

Our web site contains links to other federal agencies, international agencies, and private organizations. Choosing that link will open in a separate window leading you away from our website. Our agency is not responsible for the policies of that web site.

Third-Party Social Networking

You may be able to access third-party social networks, such as Facebook, Twitter and Google+, from BIS websites, however you do so at your own risks. Please note these websites have their own set of information practices and privacy policies and BIS is not responsible for the information you choose to submit. See OMB Memorandum M-10-23, Guidance for Agency Use of Third-Party Websites and Applications (June 25, 2010) for more information.

Information Being Retained

BIS destroys the information collected to include questions and comments when the purpose for which it was provided has been fulfilled unless required to be retained IAW the retention policy specified by the National Archives and Records Administration’s general Records Schedule (GRS) 20, electronic Records or other approved records schedule as applicable.                                                            

Opt Out/ Use of “cookies”

BIS does not use “persistent cookies” or tracking technology to track personally identifiable information about visitors to its Web sites.

Users can choose not to accept the use of “cookies” by changing the settings on their local computer's web browser. The USA.gov website, http://www.usa.gov/optout_instructions.shtml, provides general instructions on how to opt out of cookies and other commonly used web measurement and customization technologies.

Consent to Information Collection and Sharing

All the information users submit to BIS, is done on a volunteer basis. When a user clicks the “Submit” button on any of the Web forms found on BIS’ sites, they are indicating they are aware of the BIS Privacy Policy provisions and voluntarily consent to the conditions outlined therein.

Children's Online Privacy Protection Act (COPPA)

The Children’s Online Privacy Protection Act (COPPA), 16 CFR Part 312, requires operators of web sites directed to children under age 13, and operators that have actual knowledge of collecting or maintaining personal information from children under 13, to obtain verifiable consent from parents prior to the collection, use, or disclosure of personal information from children. We do not knowingly collect personal information from children under age 13 on our web sites. For more information regarding COPPA please visit the Federal Trade Commission’s Children’s Privacy webpage.

Contact Information for the Senior Agency Official for Privacy (SAOP)

Please send questions or comments to This email address is being protected from spambots. You need JavaScript enabled to view it.

Policy Updated:  July 28th, 2017 2:00pm