StatSocial
Date signed: 7/25/2022
| TPWA PIA Questions | TPWA PIA Answers |
|---|---|
| OPDIV: | CMS |
| TPWA Unique Identifier (UID): | T-8341529-789061 |
| Is this a new TPWA? | Yes |
| Please provide the reason for revision | N/A |
| Will the use of a third-party Website or application create a new or modify an existing HHS/OPDIV System of Records Notice (SORN) under the Privacy Act? | No |
| Indicate the SORN number (or identify plans to put one in place.) |
|
| Will the use of a third-party Website or application create an information collection subject to OMB clearance under the Paperwork Reduction Act (PRA)? | No |
| Indicate the OMB approval number and approval number expiration date (or describe the plans to obtain OMB clearance.) |
|
| Does the third-party Website or application contain Federal Records? | No |
| Describe the specific purpose for the OPDIV use of the third-party Website or application: | CMS will use StatSocial to provide additional precision in targeting, aiding in audience segmentation and scaling of audience in digital advertising efforts. The audiences identified separately through partner CINT can be amplified (through lookalike targeting) and activated using StatSocial. Insights about the reached audience, when used in partnership with CINT, can be uncovered – such as media preferences – to aid in future campaign optimizations. StatSocial does not collect PII in the course of these advertising activities and therefore, does not share PII with CMS. The use of StatSocial also ensures equitable reach of messaging to diverse and historically under-served audiences by allowing for audience segmentation that is not available on the direct social platforms due to increasing limitations in audience targeting capabilities. |
| Have the third-party privacy policies been reviewed to evaluate any risks and to determine whether the Website or application is appropriate for OPDIV use? | Yes |
| Describe alternative means by which the public can obtain comparable information or services if they choose not to use the third-party Website or application: | If consumers do not want to interact with advertisements that are targeted using StatSocial data, consumers can learn about CMS campaigns through other advertising channels such as TV, radio, CMS websites, social media, and events. |
| Does the third-party Website or application have appropriate branding to distinguish the OPDIV activities from those of nongovernmental actors? | No |
| How does the public navigate to the third party Website or application from the OPIDIV? | Other... |
| Please describe how the public navigate to the third-party website or application: | Not Applicable. The CMS websites do not link to StatSocial. StatSocial is a tool used to create audiences for advertising on third-party sites and provide aggregate top-level information about users who engaged with a campaign website. |
| If the public navigate to the third-party website or application via an external hyperlink, is there an alert to notify the public that they are being directed to a nongovernmental Website? | No |
| Has the OPDIV Privacy Policy been updated to describe the use of a third-party Website or application? | Yes |
| Provide a hyperlink to the OPDIV Privacy Policy: | The above is the privacy policy for all CMS websites unless a separate one is noted below: |
| Is an OPDIV Privacy Notice posted on the third-party Website or application? | No |
| Confirm that the Privacy Notice contains all of the following elements: (i) An explanation that the Website or application is not government-owned or government-operated; (ii) An indication of whether and how the OPDIV will maintain, use, or share PII that becomes available; (iii) An explanation that by using the third-party Website or application to communicate with the OPDIV, individuals may be providing nongovernmental third-parties with access to PII; (iv) A link to the official OPDIV Website; and (v) A link to the OPDIV Privacy Policy. | |
| Is the OPDIV's Privacy Notice prominently displayed at all locations on the third-party Website or application where the public might make PII available? | |
| Is PII collected by the OPDIV from the third-party Website or application? | No |
| Will the third-party Website or application make PII available to the OPDIV? | No |
| Describe the PII that will be collected by the OPDIV from the third-party Website or application and/or the PII which the public could make available to the OPDIV through the use of the third-party Website or application and the intended or expected use of the PII: | Not applicable. CMS does not collect any PII through the use of StatSocial nor will StatSocial make available any PII to CMS. |
| Describe the type of PII from the third-party Website or application that will be shared, with whom the PII will be shared, and the purpose of the information sharing: | Not Applicable. StatSocial does not collect or share PII. |
| If PII is shared, how are the risks of sharing PII mitigated? | Not Applicable. StatSocial does not collect or share PII. |
| Will the PII from the third-party Website or application be maintained by the OPDIV? | No |
| If PII will be maintained, indicate how long the PII will be maintained: | |
| Describe how PII that is used or maintained will be secured: | Not Applicable. StatSocial does not collect or share PII. |
| What other privacy risks exist and how will they be mitigated? | CMS will conduct periodic reviews of Stat Social’s privacy policy to ensure its policies continue to align with agency objectives and privacy policies and do not present unreasonable or unmitigated risks to user’s privacy interests. CMS uses StatSocial solely for the purposes of improving equity in audience segmentation and message reach. Use of Cookies and Web Beacons for Targeted Advertising Based on Sensitive Information Potential Risk: The use of cookies, pixels, and web beacons generally presents the risk that an application could collect information about a user’s activity on the Internet for purposes that the users did not intend. The unintended purposes include providing users with behaviorally targeted advertising, based on information the individual user may consider to be sensitive. In addition, StatSocial uses data segments to profile users for advertising purposes. Use of these segments to deliver CMS advertising to these populations may be considered by some individuals to be delivering advertising based on sensitive criteria. Additional Background: StatSocial collects non-personally identifiable information by placing a cookie or pixel (also known as a web beacon) on CMS websites and on advertisements sponsored by CMS on third party websites. The non-personally identifiable information collected by StatSocial may include; plan type, IP address, browser types, operating systems, domain names, access dates and times and app interaction, referring website addresses, online transactions, browsing and search activity, device IDs and network type and service provider. A pixel (or web beacon) is a transparent graphic image (usually 1 pixel x 1 pixel) that is placed on a web page that allows StatSocial to collect information regarding the use of the web page. A cookie is a small text file stored on a website visitor’s computer that allows the site to recognize the user and keep track of preferences. These technologies provide information about when a visitor clicks on or views an advertisement. to understand the types of audiences engaging with campaign content. Mitigation: CMS and Stat Social provide consumers with information about the use of persistent cookies and related technologies. This information includes what data is collected and the data gathering choices included in their website privacy policies, including choices related to behaviorally targeted advertising. |
Third-Party Web and Application (TPWA) Privacy Impact Assessment (PIA) published by CMS as an Operating Division of the U.S. Department of Health and Human Services