Skip to main content

MEDIA MATH

Date signed: 9/7/2018

TPWA PIA info for MEDIA MATH
TPWA PIA QuestionsTPWA PIA Answers
OPDIV:CMS
TPWA Unique Identifier (UID):T-8700587-988458
Is this a new TPWA?Yes
Please provide the reason for revision.his TPWA is revised to identify all of the added CMS websites that occasionally deliver digital advertising on third-party websites in order to reach new users and that provide information to previous visitors. The CMS websites are; www.CMS.gov, www.Medicare.gov, www.MyMedicare.gov, www.Medicaid.gov, www.InsureKidsNow.gov, HealthCare.gov, and CuidadoDeSalud.gov.
Will the use of a third-party Website or application create a new or modify an existing HHS/OPDIV System of Records Notice (SORN) under the Privacy Act?No
Indicate the SORN number (or identify plans to put one in place.)
  • SORN Number: Not Applicable.
  • If not published: Not Applicable.
Will the use of a third-party Website or application create an information collection subject to OMB clearance under the Paperwork Reduction Act (PRA)?No
Indicate the OMB approval number and approval number expiration date (or describe the plans to obtain OMB clearance.)
  • OMB Approval Number: Not applicable
  • Expiration Date: Not applicable
  • Explanation: Not Applicable
Does the third-party Website or application contain Federal Records?No
Describe the specific purpose for the OPDIV use of the third-party Website or application:CMS uses MediaMath to deliver behaviorally targeted digital advertising on third party websites to encourage consumers to visit CMS websites. In addition, MediaMath will also deliver retargeted advertising to consumers who previously visited CMS websites. Behavioral targeting is a technique used to determine relevant recipients for ads, by inferring a consumer’s interests based on information collected about that particular consumer’s online web browsing behaviors, on various websites, over time. Behavioral targeting may also use data about consumers, such as demographic data, from third parties to supplement web browsing information. Retargeting is a form of behavioral targeting used by online advertisers to present ads to consumers who have previously visited a particular CMS website. MediaMath will use cookies and/or web beacons (also called pixels) placed on CMS websites for retargeting and conversion tracking. Conversion tracking allows MediaMath to measure the activity of a consumer who reached a CMS website by clicking on a digital advertisement, (i.e., what webpages within the website they clicked on, whether they completed a transaction, etc.). MediaMath will be providing aggregate reports to CMS showing ad performance by measuring activity and web browsing behavior. MediaMath collects no PII in the course of delivering advertisements or tracking conversions.
Have the third-party privacy policies been reviewed to evaluate any risks and to determine whether the Website or application is appropriate for OPDIV use?Yes
Describe alternative means by which the public can obtain comparable information or services if they choose not to use the third-party Website or application:If consumers do not want to interact with advertisements from MediaMath, consumers can learn about CMS campaigns through other advertising channels such as TV, radio, CMS websites and in-person events.
Does the third-party Website or application have appropriate branding to distinguish the OPDIV activities from those of nongovernmental actors?No
How does the public navigate to the third party Website or application from the OPIDIV?Not Applicable
Please describe how the public navigate to the third-party website or application:Not Applicable
If the public navigate to the third-party website or application via an external hyperlink, is there an alert to notify the public that they are being directed to a nongovernmental Website?No
Has the OPDIV Privacy Policy been updated to describe the use of a third-party Website or application?Yes
Provide a hyperlink to the OPDIV Privacy Policy:https://www.cms.gov/privacy/  Is the privacy policy for all CMS websites unless a separate one is noted below. 
https://www.healthcare.gov/privacy/
https://www.medicare.gov/privacy-policy/index.html
Is an OPDIV Privacy Notice posted on the third-party Website or application?No
Is PII collected by the OPDIV from the third-party Website or application? No
Will the third-party Website or application make PII available to the OPDIV?No
Describe the PII that will be collected by the OPDIV from the third-party Website or application and/or the PII which the public could make available to the OPDIV through the use of the third-party Website or application and the intended or expected use of the PII:Not Applicable. MediaMath collects no PII in the course of delivering advertisements, and thus, does not pass PII to CMS. 
Describe the type of PII from the third-party Website or application that will be shared, with whom the PII will be shared, and the purpose of the information sharing:Not Applicable. MediaMath collects no PII in the course of delivering advertisements, and thus, does not pass PII to CMS. 
If PII is shared, how are the risks of sharing PII mitigated?Not Applicable.
Will the PII from the third-party Website or application be maintained by the OPDIV?No
Describe how PII that is used or maintained will be secured: MediaMath collects no PII in the course of delivering advertisements, and thus, does not pass PII to CMS.
What other privacy risks exist and how will they be mitigated?

CMS will conduct periodic reviews of MediaMath’s privacy policy to ensure its policies continue to align with agency objectives and privacy policies and do not present unreasonable or unmitigated risks to user’s privacy interests. CMS uses MediaMath solely for the purposes of improving consumer engagement with a CMS website by directing consumers to the CMS website through the use of targeted advertising.

Use of Cookies and Web Beacons for Targeted Advertising Based on Sensitive Information
Potential Risk:

The use of cookies, pixels, and web beacons generally presents the risk that an application could collect information about a user’s activity on the Internet for purposes that the users did not intend. The unintended purposes include providing users with behaviorally targeted advertising, based on information that the individual user may consider to be sensitive. In addition, MediaMath may use data segments to profile users for advertising purposes, and some of these segments may contain information deemed to be sensitive by consumers.

Additional Background:
MediaMath collects non-personally identifiable information by placing a cookie or pixel (also known as a web beacon) on a CMS website and on advertisements sponsored by CMS on third party websites. A pixel (or web beacon) is a transparent graphic image (usually 1 pixel x 1 pixel) that is placed on a web page that allows MediaMath to collect information regarding the use of the web page. A cookie is a small text file stored on a website visitor’s computer that allows the site to recognize the user and keep track of preferences. These technologies provide information on when a visitor clicks on or views an advertisement. MediaMath uses that information to judge which advertisements are more appealing to users and which result in greater conversions, such as transactions with a CMS website.

CMS advertising displayed through MediaMath will carry persistent cookies that enable CMS to display advertising to individuals who have previously visited a CMS website. In this instance, the persistent cookie will be stored on the user’s computer for up to 13 months, unless removed by the user.

Mitigation:
CMS websites and MediaMath provide consumers with information about the use of persistent cookies and related technologies. This information includes what data is collected and the data gathering choices included in their website privacy policies, including choices related to behaviorally targeted advertising.

Tealium iQ Privacy Manager is a tool that keeps track of users’ preferences in reference to tracking and will prevent web beacons from firing when a user has opted out of tracking for advertising purposes. When a user is routed to a CMS website by clicking on a CMS advertisement displayed through MediaMath, and the Tealium iQ Privacy Manager is present on a CMS website, users are able to control which cookies they want to accept from the CMS website. Tealium iQ Privacy Manager can be accessed through information provided on the privacy policy on the CMS webiste. There is a large green “Modify Privacy Options” button that turns off the sharing of data for advertising purposes that can be accessed through the CMS website’s privacy policy.

The ability to control which cookies users want to accept is only valid when Tealium iQ Privacy Manager is installed on the website. Another alternative is for users to disable cookies through their web browser. Separately, CMS includes the Digital Advertising Alliance AdChoices icon on all targeted digital advertising. The AdChoices icon is an industry standard tool that allows users to opt out of being tracked for advertising purposes, like the Tealium iQ Privacy Manager.

MediaMath offers users the ability to opt-out of having MediaMath advertising cookies through the following process:

Opt-out of advertising at: http://www.mediamath.com/ad-choices-opt-out/;
Click on the “Ad Choices” logo in the corner of an ad served by MediaMath; and
MediaMath participates in the Digital Advertising Alliance (DAA), which provides consumers with the ability to opt-out of data collection for behavioral advertising by all companies who participate in the DAA.
MediaMath is also a member of the Network Advertising Initiative (NAI) and adheres to NAI’s Code of Conduct, including its provisions regarding providing transparency.

Targeting, Retargeting and Conversion Tracking and the Ability for Other Advertisers to Improve Targeting Based on this Advertising Campaign
Potential Risk:
Advertising technologies used by MediaMath allow it to target advertising behaviorally, by tracking users across multiple sites and over time, and the resulting combined information could reveal patters in behavior that the user may not want to disclose to MediaMath. The consumer may consider their web behavior to be sensitive by the user. These patterns in behavior could also enable and improve targeting by other advertisers who are MediaMath customers, who may wish to target consumers for purposes related to the health insurance sector.

Additional Information:
MediaMath advertising services targets consumers based on information collected through technologies like cookies and pixels. Behavioral targeting deploys ads to consumers whose on-site actions match specific attributes considered desirable by online advertisers. Behavioral targeting is a technique used to determine relevant recipients for ads, by inferring these interests based on information collected about a particular consumer’s online web browsing behaviors, on various websites, over time. Retargeting is a form of behavioral targeting used by online advertisers to present ads to users who have previously visited a particular site. In addition, ads served by MediaMath will use conversion tracking, which allows advertisers to measure the impact of their advertisements by reporting on whether users who view or interact with an ad later visit a particular site or perform desired actions on that site, such as signing up for a program or requesting further information.

Behavioral targeting, retargeting and conversion tracking enable CMS to improve the performance of ads by delivering them to relevant audiences and measuring their effect. CMS uses retargeting to send advertisements to consumers who have previously visited a CMS website, for example, advertisements reminding consumers of relevant deadlines.

Mitigation:
MediaMath does not collect or share data solely about consumers who visit a CMS website with other advertisers. MediaMath collects aggregated level “interaction” data to identify consumers that are most likely to interact with an ad from a specific industry (for example, health insurance) for the purposes of improving the ability for advertisers to reach consumers who are more likely to find that ad relevant. MediaMath does not allow for the sole targeting of consumers who have specifically interacted with an ad from CMS by other MediaMath customers.

When a user is routed to a CMS website by clicking on a CMS advertisement displayed through MediaMath, and the Tealium iQ Privacy Manager is present on the CMS website, users are able to control which cookies they want to accept from the CMS website. Tealium iQ Privacy Manager can be accessed through information provided on the privacy policy on the CMS website. There is a large green “Modify Privacy Options” button that turns off the sharing of data for advertising purposes that can be accessed through the CMS website’s privacy policy.

The ability to control which cookies users want to accept is only valid when Tealium iQ Privacy Manager is installed on the website. Another alternative is for users to disable cookies through their web browser. Separately, CMS includes the Digital Advertising Alliance AdChoices icon on all targeted digital advertising. The AdChoices icon is an industry standard tool that allows users to opt out of being tracked for advertising purposes, like the Tealium iQ Privacy Manager.

MediaMath offers users the ability to opt-out of MediaMath advertising cookies through the following processes:
Opt-out of advertising at: http://www.mediamath.com/ad-choices-opt-out/;
Click on the “Ad Choices” logo in the corner of an ad served by MediaMath; and
MediaMath participates in the Digital Advertising Alliance (DAA), which provides consumers with the ability to opt-out of data collection for behavioral advertising by all companies who participate in the DAA, including MediaMath.

Third-Party Web and Application (TPWA) Privacy Impact Assessment (PIA) published by CMS as an Operating Division of the U.S. Department of Health and Human Services

View all CMS PIAs