Privacy and Security Policy
- Authorized Uses of Pay.gov
- Importance of Privacy
- Information Automatically Gathered
- Personal Information We May Ask for and Its Uses
- Personal Information Not Sought from Children
- Our Legal Authority to Ask for Personal Information
- To Whom We May Release Personal Information
- No Unsolicited Information
- Caution About Sending Unencrypted Personal Information Over the Internet
- Cookies and Analytics
Authorized Uses of Pay.gov
We authorize you to access and use Pay.gov services for the primary purpose of conducting financial transactions with Federal agencies. Accessing or using Pay.gov services without consenting to the terms of these Pay.gov notices and agreement is unauthorized and prohibited. Any access or use of the Pay.gov Web site for unlawful purposes, purposes other than those allowed under these notices and agreement or in a manner contrary to the terms of these notices or agreement is unauthorized and prohibited. Among other things, attempts to "crack," disrupt, bring down, infect with a computer virus or worm, block access to by others, or spoof Pay.gov are unauthorized. Also unauthorized are attempts to impersonate others or to intercept data intended for others. Unauthorized use may be a violation of law, including a violation of the Computer Fraud and Abuse Act of 1986 and National Information Infrastructure Protection Act (18 U.S.C. § 1030) and mail fraud statutes if it leads to an item being delivered by mail and may result in criminal penalties.
Also, 31 U.S.C. § 333 prohibits (among other things) the misuse of certain names, terms, symbols, and emblems of the Department of the Treasury, as well as any colorable imitations of these items. This conduct is illegal if done in connection with business activities in a manner that reasonably could be construed as falsely implying that such activities are in any manner approved, endorsed, sponsored, authorized by, or associated with the Department of the Treasury. For instance, "framing" the Pay.gov site in a manner designed to falsely imply a relationship with Treasury could be forbidden under the statute. Section 333 also provides that the use of disclaimers is irrelevant to a determination of whether the statute has been violated.
Importance of Privacy
We are committed to protecting the privacy rights of the public. These rights are ensured through the Privacy Act of 1974 (5 U.S.C. §552A), Office of Management and Budget guidance, and other Federal regulations and FMS policy.
Information Automatically Gathered
For Web site security purposes as well as to improve our site, Pay.gov uses software that can monitor network traffic and identify unauthorized attempts to cause damage or upload or change information. Like all Web sites, when a page is requested Pay.gov can obtain some information about the request, such as: name of the domain from which the visitor accesses the Internet (e.g. "a company.com"; " a school.edu; or "an agency.gov"), Internet protocol address, date and time the Web site is visited and type of browser and operating system used to access the site. Aggregate information about individual Web pages visited also is collected.
We generally do not use this automatically gathered information to attempt to identify individual users. We may use this information for authorized law enforcement investigations related to Pay.gov. This includes attempting to trace the source of an attack designed to disrupt or bring down the site or to prove whether a financial transaction has taken place. Otherwise, we only use this information to improve the content and structure of the Pay.gov Web site.
Pay.gov does not use persistent "cookies", which are permanent files placed on a visitor's hard drive that allow a Web site to monitor a visitor's use of the site. To the extent Pay.gov uses any cookies at all, such cookies are session cookies, which expire and automatically are removed no later than upon the closing of a Web browser.
Personal Information We May Ask for and Its Uses
We do not require you to provide any personal information just to access the Pay.gov site. If you choose to use certain services provided by Pay.gov, such as submitting a form or paying a bill electronically, we may need to confirm whom you claim to be to provide access, a process known as authentication.
Authentication may entail that you provide a username and password previously issued to you after a registration process. Another way that Pay.gov may perform authentication is by asking you to provide certain sensitive personal identifying information, in particular your name, address, phone number, driver's license number, date of birth, taxpayer identification number, financial institution account information, and amount of recent payment from the Treasury Department, that Pay.gov will verify by querying commercial or Government databases. The information you provide to Pay.gov will not be added to the databases of any commercial database provider, other than that needed for the purposes of fraud screening and billing us for the service, and cannot be re-disclosed by the commercial database provider. This authentication process is exclusively geared to verify a user's identity; it in no way performs a credit check. The only criterion is that the information you provide is consistent with the records in the databases we access for authentication.
Although this does not constitute a Fair Credit Reporting Act action (which mandates the database providers to offer certain aspects of Customer Service), we will disclose the names of the databases if you so request.
All information you provide will be encrypted during any transmission or delivered using secure, dedicated networks.
Personal Information Not Sought from Children
We do not attempt to collect personally identifiable information on-line from children age 16 or younger. Furthermore, we do not attempt to authenticate any person claiming to be age 16 or younger.
Our Legal Authority to Ask for Personal Information
We ask for personal information during authentication so that you can access certain information and conduct transactions that may typically result in the collection or payment of public money. Unless stated otherwise, the providing of this information is voluntary, not mandatory; however, if you choose not to provide this information we may not be able to process your requests.
Among the voluntary information we may seek, Social Security numbers are a special case. Unlike other voluntary information, the Privacy Act states that an agency cannot deny you access or otherwise refrain from processing your transactions if you refuse to provide this particular piece of information, unless there is a statutory provision or other exception that allows or requires the agency to ask for this information. In this regard, there is a statutory provision at 31 U.S.C. § 7701 that can require us to ask for Social Security numbers in many instances. This statute mandates that we ask for this information in transactions that may result in a receivable and in certain other financial dealings. When dealing with a particular agency application, that agency may have additional cause to ask us to request your Social Security number.
To Whom We May Release Personal Information
The parties to whom we disclose information may include:
- Appropriate Federal, state, local or foreign agencies responsible for investigating or prosecuting the violation of, or for enforcing or implementing, a statute, rule, regulation, order, or license, but only if the investigation, prosecution, enforcement or implementation concerns a transaction(s) or other event(s) that involved (or contemplates involvement of), in whole or part, an electronic method of collecting revenues for the Federal government. The records and information may also be disclosed to commercial database vendors to the extent necessary to obtain information pertinent to such an investigation, prosecution, enforcement or implementation.
- Commercial database vendors for the purposes of authenticating the identity of individuals who electronically authorize payments to the Federal Government, to obtain information on such individuals' payment or check writing history, and for administrative purposes, such as resolving a question about a transaction.
- A court, magistrate, or administrative tribunal, in the course of presenting evidence, including disclosures to opposing counsel or witnesses, for the purpose of civil discovery, litigation, or settlement negotiations or in response to a subpoena, where relevant or potentially relevant to a proceeding, or in connection with criminal law proceedings.
- A congressional office in response to an inquiry made at the request of the individual to whom the record pertains.
- Fiscal agents, financial agents, financial institutions, and contractors for the purpose of performing financial management services, including, but not limited to, processing payments, investigating and rectifying possible erroneous reporting information, creating and reviewing statistics to improve the quality of services provided, or conducting debt collection services.
- Federal agencies, their agents and contractors for the purposes of facilitating the collection of revenues, the accounting of such revenues, and the implementation of programs related to the revenues being collected.
- Federal agencies, their agents and contractors, to credit bureaus, and to employers of individuals who owe delinquent debt only when the debt arises from the unauthorized use of electronic payment methods. The information will be used for the purpose of collecting such debt through offset, administrative wage garnishment, referral to private collection agencies, litigation, reporting the debt to credit bureaus, or for any other authorized debt collection purpose.
- Financial institutions, including banks and credit unions, and credit card companies for the purpose of revenue collections and/or investigating the accuracy of information required to complete transactions using electronic methods and for administrative purposes, such as resolving questions about a transaction.
As was previously mentioned, the information you voluntarily provide may be communicated during authentication to third parties to validate your information and to ultimately confirm your identity. They are legally bound to not further disclose information we share with them.
In addition, if authentication is successful, we may make the information you provide, and the details of how we concluded authentication was successful, available to the agency that owns the application with which you are attempting to complete a transaction.
We will not license or sell your personal information for commercial purposes.
No Unsolicited Information
We may send notices to your e-mail address with regard to transactions you conduct on the Pay.gov site, such as confirmation notices, but otherwise we will not use your personal information to send you unsolicited information unless you opt-in to do so, such as by asking to be placed on an e-mail list.
Caution About Sending Unencrypted Personal Information Over the Internet
If you choose to send Pay.gov personal information electronically or request that we send you personal information electronically (such as by e-mail), we cannot guarantee its confidentiality as it travels across the Internet. While not likely, others could eavesdrop. To make this less likely, we may use encryption to protect information that you send or view via Web pages (this does not apply to e-mail). Pay.gov utilizes a secure transmission protocol (Secure Sockets Layer (SSL)) to provide protection of the Web page communications across the Internet between Pay.gov and your computer. SSL is a commonly used protocol for managing the security of an interactive Web session on the Internet. If the Web page has an address that begins with <https://> rather than <http://> then the page is protected by SSL.
Information transmitted to and from agencies and third party vendors other than through Web pages will be transmitted through a secure virtual private network connection or dedicated connection.
Cookies and Analytics
Pay.Gov uses single-session cookies to serve technical purposes, like providing seamless navigation through the platform. Cookies are messages that web servers pass to your web browser when you visit Internet sites. Your browser stores each message in a small file, called cookie.txt . When you request another page from the server, your browser sends the cookie back to the server. These cookies do not permanently record data, and they are not stored on your computerís hard drive. Pay.Govís session cookies are only available during an active browser session. When you close your browser, the session cookie disappears.
Pay.Gov also uses persistent cookies and Google Analytics to help us understand how people use the platform, and how we can make it better. We do not collect any personally identifiable information. Traffic statistics are collected anonymously and aggregated, and no information is traceable to any specific individual.
Most Internet browsers automatically accept persistent cookies. Although using persistent cookies creates a much better experience for you, Pay.gov will also work without them. If you don't want to accept cookies, you can edit your browser's options by following these instructions to stop accepting persistent cookies or to prompt you before accepting a cookie from the websites you visit.