Privacy and Security Notice
This page explains how we will handle information we learn about you from your visit to our site, and tells you that EPA monitors network traffic to ensure website security.
Your Rights under the Privacy Act
The Privacy Act of 1974 protects the personal information the federal government keeps on you in “systems of records (SOR)” (information an agency controls that can be retrieved by name or some other personal identifier). The Privacy Act regulates how the government can disclose, share, provide access to, and maintain the personal information that it collects. Not all information collected online is covered by the Privacy Act.
- publish a Privacy Act Notice in the Federal Register explaining the existence, character and uses of a new or revised SOR;
- keep information about you accurate, relevant, timely, and complete to assure fairness in dealing with you; and
- allow you to, upon request, access and review your information held in a SOR and request amendment of the information if you disagree with it.
Your viewing of EPA’s website does not result in the collection of any personal information that is contained in a Privacy Act System of Records as defined by the Privacy Act. View information concerning the Privacy Act.
EPA and Privacy
Please be assured that the privacy of our visitors is of utmost importance to us. We collect no personally identifiable information about you when you visit our site unless you choose to provide that information to us.
We want to inform you that, for each HTTP request (which is what your web browser generates when you request a page or part of a page from a website) received; we collect and store only the following information, in what is called a log file:
- the date and time
- the originating Internet Protocol (IP) address (this address can refer to a specific computer; more frequently, commercial Internet providers use a temporary IPA which does not link to a specific computer)
- the type of browser and operating system used (if provided by the browser)
- the URL of the referring page (if provided by the browser)
- the object requested
- completion status of the request
- pages visited
The information above is also collected by Google Analytics on behalf of EPA. Google Analytics uses first-party persistent cookies, which the government classifies as Tier 2 persistent cookies. Tier 2 persistent cookies do not collect any personally identifiable information, but only those metrics listed above. In addition, persistent cookies can identify return visitors to EPA's website by setting a small file in internet web browsers. Unless you first opt-out (see below), the Google Analytics code used will automatically set a persistent cookie in the browser of the computer you are using to access EPA's website.
Traffic statistics for EPA's website are only reported to us anonymously and in the aggregate, and no information provided by Google Analytics is traceable to any specific individual. We use the information that we automatically collect to measure the number of visitors to the different areas of our sites, and to help us make our pages more useful to visitors. This includes analyzing web traffic to determine the types of devices and browsers that view EPA Web pages most often and the level of demand for specific pages and topics of interest.
You can opt-out by changing the cookie settings in your browser. See instructions on how to disable cookies in some of the most popular web browsers. Google also provides an Opt-Out Browser Add-on for newer browsers. Opting-out will not prevent you from obtaining information from EPA websites.
For more information about the federal government's use of persistent cookies, please refer to the Office of Management and Budget's (OMB) Memo Guidance for the Online Use of Web Measurement and Customization Technologies (PDF).
How Long the Information is Retained
The logs for each day, with no personal information, are maintained in accordance with Records Schedule 095.
Cookies are small files that web servers place on a user's hard drive. They can serve several functions, depending upon how they are designed:
- they allow the website to identify you as a previous visitor each time you access a site;
- they track what information you view at a site (important to us for trying to determine your information needs);
- in the more advanced cases they track your movements through many websites but not the whole web; and
- they can be used to help a website tailor screens for each customer's preference.
EPA pages have "session cookies," to facilitate use of a particular page and to identify the number and type of pages viewed during visits to www.epa.gov. Session cookies disappear when the web user terminates a Web session and closes the browser. EPA also permits the use of persistent cookies for the collection of Web metrics; however, EPA does not collect any personally identifiable information about visitors to our Web pages (see "EPA and Privacy" above).
If you are concerned about the potential use of the information gathered from your computer by cookies, you can set your browser to prompt you before it accepts a cookie. Most Internet browsers have settings that let you identify and/or reject cookies.
Other Information Collection and Personally Identifiable Information (PII)
In addition to the information automatically collected by the server, EPA offices may collect other information from online visitors. Before collecting personally identifiable information through our web pages, we will prominently disclose:
- why EPA is collecting the information;
- what information is to be collected;
- the intended use of the information;
- how it will be protected/secured;
- who at EPA will have access to the information;
- if it will be shared within or outside EPA, including on publicly available websites, and if shared, with whom;
- the opportunity to consent to, or reject, the collection and/or sharing;
- how long the information will be retained and when it will be destroyed; and
- what other privacy risks exist and how the agency will mitigate those risks.
How the Information is Used
We may store non-personally identifiable information we collect (such as search engine queries and anonymous survey responses) indefinitely to help us better understand and meet the needs of our visitors. We may share non-personally identifiable information with others, including the public, in aggregated form (for instance, in a list of our most popular search engine queries), in partial or edited form (such as in a report summarizing responses to a questionnaire), or verbatim (for example, in a complete listing of survey responses).
How E-mail is Handled
By sending us an electronic mail message (for example, an e-mail message containing an official Freedom of Information Act request), you may be sending us personally-identifying information, such as name and address. In these cases, we may retain the information as long as necessary to respond to your request or otherwise resolve the subject matter of your e-mail. Please be aware that email is not necessarily secure from third party interception or misdirection. For your own protection you may wish to communicate sensitive information using a method other than email.
Personal Information via Forms
Some of our pages provide forms allowing visitors to submit search engine queries, questionnaires, feedback, or other information. Some of these forms may request personally identifiable information (e.g., name, address, e-mail address) for specific purposes, such as when the submitter is requesting a personal response, registering for a conference, or subscribing to a mailing list. All information submitted by visitors is voluntary.
EPA and Social Media or Third Party Sites
In addition to EPA's official website, EPA uses social media and third party sites to provide EPA content in a different format that may be useful or interesting to you. When we use these sites, the information we provide is consistent with the intended purpose of the EPA website. EPA does not collect personally identifiable information (PII) about you when you visit these third party sites unless you choose to provide that information. Please be aware that the privacy protection provided on social media and third party sites that are not a part of the epa.gov domain may not be the same as the privacy protection described here. View more information about EPA and social media.
The U.S. Environmental Protection Agency (EPA) takes seriously our responsibility for information security and has taken steps to safeguard the integrity of its data and prevent unauthorized access to the information it maintains.
For site security purposes and to ensure that this service remains available to all users, EPA employs monitors and filters to identify and block unauthorized attempts to upload or change information, cause disruptions or interruptions of service, or otherwise cause damage to the information on our web pages. "Bots" or traffic with malicious intent or harmful impact on the website will be blocked. Unauthorized attempts to upload or change information on this site are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act. Except for these authorized law enforcement investigations, no other attempts are made to identify individual users or their usage habits
Vulnerability Disclosure Policy
To improve our ability to identify security issues that could lead to the compromise of sensitive data or the disruption of services, the EPA has implemented a vulnerability disclosure program which encourages cyber security researchers to report any vulnerabilities they have discovered so that the EPA can take appropriate actions to mitigate or fix those vulnerabilities in a timely manner. The EPA’s Vulnerability Disclosure Policy describes “good faith” expectations between the EPA and the researcher, what types of testing are authorized for which systems, how to report vulnerabilities, and what communication to expect once vulnerabilities are reported. For more information, review the EPA's Vulnerability Disclosure Policy.