Information Collected and Stored Automatically
Personal Information That You Voluntarily Provide
Children and Privacy on Justice.gov
Website Measurement and Customization Technologies
The Department’s Use of Third-Party Websites and Applications
Email Subscriptions and Updates
Links to External Sites
Vulnerability Disclosure Policy
The Department’s Chief Privacy and Civil Liberties Officer, in coordination with the Department’s Office of Privacy and Civil Liberties, manages and oversees the Department’s Privacy Program. The Department Privacy Program webpage can be found here: https://www.justice.gov/opcl.
If you access information on our websites, the Department of Justice, or a contractor operating on behalf of the Department, will automatically collect and store the following basic information:
- The name of the internet domain (for example, "xcompany.com" if you use a private Internet access account, or "yourschool.edu" if you are connecting from a university's domain);
- The Internet Protocol (IP) address (a number that is automatically assigned to your computer when you are using the Internet) from which you access our site;
- The type of browser and operating system used to access our site;
- The date and time you access our site;
- The internet address of the website from which you linked directly to our site; and
- The pages you visit and the information you request.
The Department primarily collects this information for statistical analyses and technical improvements to the site. For example, the Department computer system uses software programs to create summary statistics that may be used for such purposes as assessing what information is of most and least interest to the public, determining technical design specifications, and identifying system performance or problem areas. Although the primary purpose of automatically collecting this kind of information is not to track individuals who visit this site, in certain circumstances and consistent with Federal law, the Department may take additional steps to identify you using this information and may share this information, including your identity, with other agencies.
Information Automatically Collected by a Third-Party Website or Application
The Department maintains official DOJ accounts on third-party websites and applications. These third-party website and application service providers may themselves automatically collect and store additional information about you, in accordance with their terms of service and privacy policies. The Department does not control what these third-parties service providers do with the information they collect. For information on the Department’s use of third-party websites and applications to engage with the public, please review the section below regarding the Department’s Use of Third-Party Websites and Applications.
You are not required to provide any personal information to us to access information on our websites. If you choose to provide us with personal information, such as by sending a message to an email address on this website or by filling out and submitting a form through our website, we will use that information to respond to your message or to fulfill the stated purpose of the communication. Where feasible, the Department provides visitors with a notice at the point of collection when requesting personal information on Department websites that will include a brief description of the Department’s practices with respect to the collection, use, maintenance, or dissemination of personal information.
The Department maintains and disposes of personal information you provide according to the requirements of the Federal Records Act, Department policies, and the regulations and records schedules approved by the National Archives and Records Administration. In some cases, the information you provide may be covered by the Privacy Act of 1974 (Privacy Act), or subject to the Freedom of Information Act (FOIA). A discussion of the FOIA can be found at Department of Justice Guide to the Freedom of Information Act and a discussion about the Privacy Act can be found at Privacy Act of 1974.
Sharing Personal Information You Voluntarily Provide
The Department may share information you voluntarily provide it with other entities, consistent with the Privacy Act and other applicable laws. For example, information you voluntarily provide may be shared with contractors acting on the Department’s behalf, with another government agency if your inquiry relates to that agency, with other agencies for a specific law enforcement purpose or to protect the Department’s websites from security threats, or when otherwise required by law.
If you provide comments in response to a request for public comments, we may make those comments, as well as your identity, available to the public in a publication or by posting them on our website.
Personal Information Voluntarily Provided As Part of a Search Request on DOJ Websites
The Department will collect information you voluntarily provide as part of a search request on a DOJ website. If you choose to provide personal information as part of a search request on a Department webpage, the Department and its service providers will use that information to facilitate your search request. The Department of Justice, or a contractor operating on behalf of the Department, may also automatically collect and store the information you provide as part of a search request as described in the section above regarding Information Collected and Stored Automatically. DOJ currently uses the General Services Administration’s (GSA) Search.gov (e.g., https://search.justice.gov) as its primary search engine tool for searching for information within DOJ websites. Upon entering search request information into search engines managed by Search.gov, GSA will collect and use certain information in accordance with the Search.gov Terms of Service.
Personal Information Voluntarily Provided to the Department on Third-Party Websites or Applications
The Department maintains official DOJ accounts on third-party websites and applications. When interacting with the public on third-party websites and applications, the Department may request that you voluntarily provide information to the Department (for example, the Department may request your information to register for an event hosted by the Department). These third-party website and application service providers may also collect the information you voluntarily provide, in accordance with their terms of service and privacy policies. The Department does not control what these third-parties service providers do with the information they collect. For information on the Department’s use of third-party websites and applications, please review the section below regarding Department’s Use of Third-Party Websites and Applications.
The Department does not collect or use information for commercial marketing.
Use Caution When Voluntarily Providing Sensitive Information
Remember that internet communications are not necessarily secure from interception. If your communication is sensitive or includes personal information, you may prefer to send it to the Department by postal mail or other commercial carriers instead.
We believe in the importance of protecting the privacy of children online and do not knowingly contact or collect personal information from children under 13. Unless otherwise stated, our websites are not intended to solicit information of any kind from children under 13.
Website measurement and customization technologies (commonly called “cookies") are small bits of text that are downloaded to your internet browser when you visit a website. The Office of Management and Budget Memorandum M-10-22, Guidance for Online Use of Web Measurement and Customization Technologies, defines conditions under which Federal agencies may use session and persistent cookies, and categorizes them in “tiers” to identify their characteristics. You may control permissions for cookies on this or any other website by adjusting your individual browser settings for customized privacy protection – see https://www.usa.gov/optout-instructions for helpful guidance. You can still use Department websites if you do not accept the cookies, but you may be unable to use certain cookie-dependent features.
Session cookies are not stored on your computer’s hard drive, and are removed when you complete your session or exit the site. Some Department websites use these “Tier 1” session cookies to provide streamlined navigation and statistical analysis. These temporary cookies do not gather personally identifying information.
Certain Department websites use “Tier 2” persistent cookies that remain on your computer’s hard drive after you complete an activity. For example, some Department websites use persistent cookies in association with a voluntary customer satisfaction survey conducted by a third party, Foresee. These surveys obtain feedback and data regarding visitors’ satisfaction with our websites, but they do not collect any personally identifying information. If you are randomly selected to participate in this survey, a persistent cookie is stored on your computer’s hard drive for 90 days to preclude a new invitation during that time. Some Department websites also use persistent cookies to enable a Google Analytics, Siteimprove, or Webtrends program to measure how new and returning visitors use our websites over time. These persistent cookies do not collect any personally identifying information, and the information collected is used only to improve our websites.
In the interest of promoting transparency, public participation, and open government, the Department uses third-party websites (including social media platforms with official DOJ accounts) and third-party applications to enhance the user experience, promote access to information, and provide ease of navigation throughout Department websites. The Office of Management and Budget Memorandum M-10-23, Guidance for Agency Use of Third-Party Websites and Applications, defines conditions under which Federal agencies may use third-party websites and applications to engage with the public.
Visiting Official Department of Justice Pages on Third-Party Websites and Applications
The Department currently maintains official DOJ accounts on several third-party websites and applications. The third-party service provider’s terms of service and privacy policies govern your activity on the third-party website or application. The Department does not control what these third-parties service providers do with the information they collect. You may wish to review the third-party service provider’s terms of service and privacy policies before using it to understand how and when the third-party service provider collects, uses, and/or shares information you make available by using its service. You can find the privacy policies for third-party websites and applications commonly used by the Department below.
The creation and use of official DOJ accounts on third-party websites and applications may cause personally identifying information to become available or accessible to the Department. Such information may become available to the Department when a user provides, submits, communicates, links, posts, or associates information with official DOJ accounts (e.g., through “liking,” “friend-ing,” responding to tweets, or commenting on content provided by the Department). The Department does not control, moderate, or endorse the comments or opinions provided by you on official DOJ accounts.
The Department may collect and maintain personally identifying information you make available on third-party websites and applications with official DOJ accounts. Specifically:
- The Department of Justice, or a contractor operating on behalf of the Department, may automatically collect certain browser information, including the full internet address of the third-party service provider, if you travel directly to a Department website from the third-party application or website, as outlined in the section above regarding Information Collected and Stored Automatically;
- DOJ may request that individuals voluntarily provide information to the Department through third-party websites and applications. In such cases, to the extent feasible, DOJ will provide a conspicuous notice written in plain language at locations where the public might submit such information;
- In certain circumstances, DOJ Capstone Officials, which include DOJ Senior Leadership, Heads of Components, and their direct reports, may “share,” “retweet,” “friend,” “follow,” or respond publicly to content made available on official DOJ accounts. To the extent that the Department’s “share,” “retweet,” “friend-ing,” “follow,” or public response constitutes the creation of a record under the Federal Records Act, the Department may be required to maintain and archive such interaction;
- DOJ may collect and maintain information made available to the Department on official DOJ accounts for a specific law enforcement or national security purpose (for example, activity that indicates a violation or potential violation of law, a threat of physical harm, or harm to national security); and
- DOJ may collect and maintain information made available to the Department on official DOJ accounts when required by law.
The Department will not otherwise collect and maintain personally identifying information you make available on third-party websites and applications with official DOJ accounts. In all circumstances, the Department will only collect and maintain personally identifying information you make available on official DOJ accounts consistent with the Privacy Act, the Federal Records Act, and other applicable laws.
Visit our Contact Page for information on how to send official correspondence to the Attorney General or the Department.
Embedded Third-Party Content and Applications on Department of Justice Websites
Certain Department webpages also contain embedded content and applications from third-party website and application service providers. DOJ provides embedded content and applications to further the Department’s interest in promoting transparency and open government.
In addition to the practices outlined in the sections above regarding Information Collected and Stored Automatically and the Personal Information That You Voluntarily Provide, these third-party service providers also collect information on visitors who visit a DOJ webpage hosting the embedded content or application. For more details on how and when these third-party service providers collect, use, and share information, you may wish to review their terms of service and privacy policies. The privacy policies for third-party websites and applications commonly used by the Department can be found below.
Third-Party Privacy Policies
The privacy policies for third-party social media platforms, a specific type of third-party website, with official DOJ accounts used to communicate with the public include:
A list of official DOJ social media accounts can be found at: https://www.justice.gov/social. For more information on the Department’s use of third-party social media platforms used to communicate with the public, please refer to the Department’s adapted Privacy Impact Assessment, “Use of Third-Party Social Media Tools to Communicate with the Public.”
The privacy policies for other third-party websites and applications commonly used by the Department include:
For more information on the Department’s use of third-party websites and applications, please refer to the Department’s Privacy Impact Assessment webpage.
The Department maintains several lists of subscribers who have asked to receive periodic email updates. Any recipient of a Department email may unsubscribe from future messages via a link at the bottom of each email message. We do not sell, rent, exchange, or otherwise disclose our list subscribers to persons or organizations outside the Department.
Our email analytics provider, GovDelivery, also offers the capability to view some data, such as whether a mass email was opened, at an individual level for 30 days after an email was sent; as a matter of policy and practice this data is only viewed on an aggregate basis.
The Department’s websites may contain links to websites created and maintained by other public or private organizations. We provide these links as a service to visitors to our site. When you follow a link to an external site, you are leaving the Department and are subject to the privacy and security policies of the external site.
The Department’s websites may contain links to websites created and maintained by other public or private organizations. We provide these links as a service to visitors to our site. When you follow a link to an external site, you are leaving the Department’s website and are subject to the privacy and security policies of the external site.
For site security purposes and to ensure that this service remains available to all users, the Department’s information systems, and information systems operated by contractors on behalf of the Department, employ software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Anyone using these information systems expressly consents to such monitoring and is advised that if such monitoring reveals evidence of possible abuse or criminal activity, such evidence may be provided to appropriate law enforcement officials. Unauthorized attempts to upload or change information on these information systems are strictly prohibited and may be punishable by law, including the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act of 1996.
Additionally, DOJ information systems, and information systems operated by contractors on behalf of the Department, may be protected by EINSTEIN cybersecurity capabilities under the operational control of the U.S. Department of Homeland Security United States Computer Emergency Readiness Team (US-CERT). Electronic communications with DOJ may be scanned by government-owned or contractor equipment to look for network traffic indicating known or suspected malicious cyber activity, including malicious content or communications.
Electronic communications within DOJ will be collected or retained by US-CERT only if they are associated with known or suspected cyber threats. US-CERT will use the information collected through EINSTEIN to analyze the known or suspected cyber threat and help DOJ and other agencies respond and better protect their computers and networks.
For additional information about EINSTEIN capabilities, please see the EINSTEIN program-related Privacy Impact Assessments available on the U.S. Department of Homeland Security cybersecurity privacy website along with other information about the federal government’s cybersecurity activities.
The Department is committed to ensuring the security of the American public by safeguarding their digital information. The Vulnerability Disclosure Policy (VDP) provides guidelines for the cybersecurity research community and members of the general public (hereafter referred to as researchers) on conducting good faith vulnerability discovery activities directed at public facing DOJ websites and services. The VDP also instructs researchers on how to submit discovered vulnerabilities to the DOJ’s Office of the Chief Information Officer (OCIO), within the Justice Management Division.
Public Key Encryption information will be posted in this location soon.
For more information, see our Vulnerability Disclosure Policy.