The Centers for Disease Control and Prevention (CDC) is committed to maintaining your privacy and protecting your personal information when you visit CDC websites, use CDC’s mobile applications. With respect to the collection, use, and disclosure of personally identifiable information (PII), CDC complies with all applicable federal laws.
- CDC does not collect any personally identifiable information (PII) when you visit any of CDC’s digital medial channels unless you choose to provide that information to us.
- Any PII that you choose to provide is fully protected.
- Non-PII information related to your visit to our websites may be automatically collected and temporarily stored.
Here is how we handle information about your visit to our website:
Information You Give Us
You do not have to provide any personal information to visit any of the CDC digital media channels with limited exception such as external SharePoint site, special partnership collaboration site, data collection surveillance etc. If you choose to provide us with any personal information such as sending a message to an email address on this website, filling out a form and submitting it through our website, completing a survey, we will use that information to respond to your message or to fulfill the stated purpose of the communication. We will maintain any information you provide in accordance with applicable federal laws. CDC will not disclose, give, sell, or transfer any personal information about visitors to our websites, unless required by law enforcement or by statute.
Visits to CDC.gov or CDC content
When browsing any website, certain information about your visit can be collected. When browsing, reading pages, or downloading information from the CDC website directly or via APIs on other websites, specific information is gathered and stored automatically. This information does not identify you personally. We automatically collect and temporarily store only the following information about your visit:
- The Internet domain (for example, “xcompany.com” if a private Internet access account is used, or “yourschool.edu” if connecting from a university’s domain) and IP address (an IP address is a number that is automatically assigned to your computer when surfing the Web)
- Information about your computer or mobile device (e.g., type and version of web browser, operating system, screen resolution, and connection speed)
- The visit date and time
- The pages or screens accessed or visited on CDC’s digital media
- The number of times CDC’s digital media was accessed
- The amount of data (measured in number of bytes) transmitted from CDC.gov to your computer
- If www.cdc.gov is designated as a home page (in the event your mobile device allows this functionality)
- The internet address or URL of the website visited immediately prior to visiting CDC’s digital media, but only if you connect to CDC.gov via a link from another web page within that website
Using CDC’s Mobile Application
Email message subscription services are offered by CDC as a convenience to users who choose to receive information via this channel. All information published via email subscriptions services is available on CDC.gov without the requirement to provide email address.
The email subscriber information is secured and only available to CDC managers, members of the CDC’s communication and web teams, and other designated staff who require this information to perform their duties. If, at any time, you wish to stop receiving our messages, simply click on the “Unsubscribe” link at the bottom of each email message.
Where CDC provides a public health messaging system that uses short code or a short message service (SMS) option, CDC will provide you information via SMS about how to sign up for the SMS option; how to cancel or unsubscribe from the SMS option; how to rejoin the SMS option; and how to get assistance on the use of the SMS option. Where CDC provides this SMS option, please note that generally message and data rates may apply, and that message frequency may vary. Questions about your text plan or data plan should be directed to your wireless provider.
We retain the phone numbers of our SMS subscribers, logs of messages we send, and automatically generated data used to improve our SMS communications. We use this information to manage CDC SMS subscriptions. Your carrier may collect additional data elements, please see their privacy policies for further details. We will not use your phone number to track, reverse look up, or for any type of commercial marketing. Mobile numbers will not be shared with third parties.
Invitations to CDC surveys are sent via a pop up or external links to a random sampling of visitor. Your acceptance of a survey is completely optional. If you decline any survey, you will still have the same access to the information and resources provided in all the CDC’s digital media channels, as those who opt to take a survey.
CDC uses online surveys to collect opinions and feedback from visitors on all type of digital media channels. Please refer to the current third-party tools/pages list for the current survey service providers. These survey service providers obtain feedback and data on visitor’s satisfaction on behalf of the CDC. Surveys conducted on behalf of the CDC do not collect any Personally Identifiable Information (PII), and the aggregate results are only available to CDC staff (e.g., subject matter experts, health communication staff, and other designated staff) who require this information to perform their duties.
Official CDC Presence on Third-Party Websites
All official CDC information available on third-party websites is also available on CDC.gov site. The CDC maintains official pages or accounts on third-party websites in order to better engage and communicate with the general public (a current third-party tools/pages list is here). Your activity on those sites is governed by the third-party website’s security and privacy policies. Users of third-party sites often share information with the general public, user communities, and/or the third-party operating the site. Consequently, you should review the privacy policies of third-party sites before using them and ensure that you understand how your information may be shared and used. You should also adjust privacy settings on your account on any third-party site to match your preferences.
For the sole purpose of complying with the Presidential Records Act Externalexternal icon, the CDC archives some information that users submit or publish when engaging with the CDC through official CDC pages or accounts on third-party websites (e.g., by sending a message, posting a comment, “following,” “friending,” or taking similar actions). This information may contain personal information, such as an individual’s username and other public account information, when such information is available based on the user’s privacy settings and the terms of the site. For example:
- On Twitter, the CDC automatically archives “tweets” from official CDC accounts, “direct messages” sent to or from official CDC accounts, and “mentions” (tweets from other users to official CDC accounts; these tweets contain an @ and the username of an official CDC account (e.g., @CDCgov). The CDC also automatically archives any status that official accounts have “favorited.”
- On Facebook, the CDC archives all content created by official CDC pages, content that tags an official CDC page, and any content posted on official CDC pages (for example, the number of likes to the page and comments posted)
- On Instagram, the CDC archives all content created by official CDC profiles, content that tags an official CDC profile, and any content posted on official CDC profiles (for example, the number of likes to the profile and comments posted). The CDC also automatically archives stories posted to official CDC profiles.
For aggregate statistical analysis and to improve the quality of our services, we may integrate web measurement tools with our social media pages. To see current list of web measurement tools, please refer to the current third-party tools/pages list. These tools enable basic analysis of social media traffic (such as the number of people visiting a certain page) and do not collect personally identifiable information.
If you choose to provide us with information, we may use that information to contact you, respond to your message, or provide you the information or services you requested. In order to serve you better, we may analyze multiple sources of data you have provided (for example, to look up whether you previously contacted the CDC about the same topic so that we do not send you a duplicative response). We may also use messages or comments collected through CDC.gov sites, Apps, or official social media profiles for our own purposes, such as to inform policy decisions or in public advocacy.
We may use data you provide and automatically generated data for statistical analysis to assess, for example, what information is of interest to users, technical design specifications, and system performance. This allows us to make general improvements to our site as well as to offer tailored content to email subscribers (e.g., a follow-up message to subscribers interested in a specific topic based on information they have provided or automatically generated data).
Information you choose to share with the CDC (directly and via third party sites) may be treated as public information. We may, for example, publish compilations of messages or comments collected through CDC.gov or official social media pages and provide them to national leaders, members of the press, or other individuals outside of the Federal Government. However, we exercise discretion to limit such disclosures to protect your privacy (for example, we generally do not publish last names of commenters).
The CDC uses a third-party analytics provider (for current provider please see current third-party tools/pages list to collect and summarize this information in conjunction with cookies. The third-party analytics provider does not receive personally identifiable information through these cookies and is prohibited from combining, matching, or cross-referencing CDC.gov information with any other information.
Within the CDC, we restrict access to personally identifiable information to only those employees, contractors, and/or vendors who require access to this information in order to perform their official duties and exercise controls to limit what data they can view based on the specific needs of their position. If you choose to share information with us, we may in some cases share that information (or automatically generated information) with other government agencies in response to lawful law enforcement requests or to protect CDC.gov from security threats.
We do not use or share your information for commercial purposes and, except as described above, we do not exchange or otherwise disclose this information.
Submitting personal information (name, address, telephone number, email address, etc.) is voluntary and is not required to access information on our website. However, if you choose to provide CDC with personally identifiable information — for example by completing a form, leaving a comment, sending email, or completing a survey — we may use that information to respond to your message and/or help us get you the information or services you requested.
We retain the information only for as long as necessary to respond to your question or request. Information submitted electronically is maintained and destroyed as required by the Federal Records Act and records schedules of the National Archives and Records Administration. It may be subject to disclosure in certain cases (for example, if required by a Freedom of Information Act request, court order, or Congressional access request, or if authorized by a Privacy Act System of Records Notice (SORN)). It is subject to the Privacy Act if maintained in a Privacy Act system of record.
For more information, see:
As data retention policies vary from system to system, please check that system’s policy or their individual SORN for more detailed information.
CDC content gets published on third-party sites as a convenience to users who prefer to use these channels. All information published on these third-party sites is also available on CDC.gov site.
Links to External Sites
CDC.gov pages and other CDC digital media platforms may link to websites created and maintained by other public and/or private organizations and individuals. When you follow a link to an external site, you are leaving CDC.gov and are subject to the external site‘s privacy and security policies. We do not control or guarantee the accuracy, relevance, timeliness, or completeness of information contained on an external site. We also do not endorse the site’s sponsor, any views they express, or any products or services they offer.
CDC Pages on Third-Party Websites
Your activity on third-party sites (a current list is here) is governed by the third-party website’s security and privacy policies. Please contact the third-party site’s Privacy Office if you have any questions or need further information.
CDC Content Embedded in Third-Party Sites
We believe in the importance of protecting the privacy of children online. As such, we will take all reasonable steps to protect the privacy and safety of any child from whom information is collected as required by the Children’s Online Privacy Protection Act (COPPA)external icon. A child’s parent or guardian is required to provide consent before CDC collects, uses, or shares personal information from a child under age 13.
When a CDC Web site needs to collect information about a child under 13 years old, COPPA required information and instructions will be provided by the specific Web page that collects information about the child. The Web page will specify exactly what the information will be used for, who will see it, and how long it will be kept.
Personal information about children under 13 years of age may be needed to respond to his/her communication to us. Personal information about your child will be destroyed immediately upon completion of its intended purpose. On rare occasions, it may be determined that a communication from a child under 13 years old should be maintained for historical purposes. Should such an occasion occur, CDC will obtain the necessary consent from the child’s parent.
Finally, we provide many on-line tools and services in support of CDC’s mission. A child under 13 years old may inadvertently provide personal information to one of these services. If this should happen, the information about the child will be deleted immediately upon discovery.
Our digital media channels are not intended to solicit information of any kind from children under age 13. If you believe that we have received information from or about children under age 13, please contact the CDC Privacy Office (see Contact information here).
All CDC digital media offerings, including the CDC.gov site, are maintained by the U.S. Government and protected by various provisions of Title 18 of the U.S. Code. Violations of Title 18 are subject to criminal prosecution in Federal court.
At CDC, reasonable precautions are taken to protect CDC’s digital platforms, including information automatically collected by or voluntarily submitted to CDC.gov or an official CDC page on a third-party site. For example, we restrict access to personally identifiable information to employees, contractors, and vendors who require access to this information in order to perform their official duties, and exercise controls to limit what data they can view based on the specific needs of their position. Access to official CDC accounts on third-party sites is limited to the individuals who administer those accounts, and all official CDC accounts are clearly labeled.
Also, commonly used practices and technical controls are utilized to protect the information in our possession or control, along with CDC.gov itself. These practices and controls include, but are not limited to: encrypting the transfer of personal information over the internet via secure sockets protocols such as Transport Layer Security (TLS), Secure Sockets Layer (SSL) etc., using high-strength firewalls and intrusion detection systems (IDS) to safeguard personal information, and maintaining strict technical controls and procedures to ensure the integrity of all data on CDC.gov.
We periodically review our processes and systems to verify compliance with industry best practices and to ensure the highest level of security for CDC’s all digital platforms.
We will revise or update this policy from time to time. If we make significant changes to how we handle personal information, we will post changes to the policy on our site and change the date at the bottom. We will provide additional notice in advance (e.g., a disclaimer on our website or an email to subscribers) if material changes are being made.