The Privacy Act
The Privacy Act of 1974 protects the personal information the Federal government keeps on individuals in systems of records (SOR). The Privacy Act regulates how the government can disclose, share, provide access to, and keep the personal information that it collects. The Privacy Act does not cover all information collected online. The Act's major provisions require agencies to:
- Publish a Privacy Act Notice in the Federal Register explaining the existence, character and uses of a new or revised SOR;
- Keep information about you accurate, relevant, timely, and complete to assure fairness in dealing with you; and
- Allow you to, on request, access and review your information held in a SOR and request amendment of the information if you disagree with it.
If the OIG collects information from you online, which is subject to the Privacy Act (information kept in an SOR), we will provide a Privacy Act Statement specific to that collected information. This Privacy Act Statement will tell you:
- The authority for and the purpose and use of the information collected subject to the Privacy Act;
- Whether providing the information is voluntary or mandatory; and
- The effects on you if you do not provide any or all requested information.
For more information or for comments and concerns on our privacy practices, please contact our Legal Counsel, Deborah Stover-Springer, by email at firstname.lastname@example.org or by phone at (202) 326-4030.
Collection of Information - Non-Personal
We collect information about your website visit which does not identify you personally. We do not collect or sell this non-personal information for commercial purposes. Non-personal information collected includes the web service used, the computer, browser, operating system, and web service used. We also collect the date, time, and pages you visit. Collecting this data helps us make the website more useful, determine technical design specifications, and identify system performance or problem areas. In the event of a known security or virus threat, we may collect information on the web content you view.
In order to provide a secure website experience, OIG monitors network traffic for unauthorized or malicious activities, which could alter information, or otherwise result in damage. OIG does not identify individual users, unless a user chooses to submit information or a user exercises illegal behavior. Tampering with OIG's website is prohibited by law. All users are subject to the Computer Fraud and Abuse Act of 1986, the National Information Infrastructure Protection Act of 1996, and other applicable laws.
Collection of Information - Personal
When you visit our website, we may request and collect information from you including contact information. Our principal purpose for collecting personal information online or offline is to better provide you with what you need and want, to address security or virus threats, or as required by law. Purposes may include responding to your complaints or replying to your feedback.
We may share personally-identifiable information you provide to us within OIG or with the Pension Benefit Guaranty Corporation, other Federal government agencies, or other named representatives as needed to speed your request or transaction. In a government-wide effort to combat security and virus threats, we may share some information we collect automatically, such as an IP address, with other Federal government agencies. Or the law may require us to share collected information with authorized law enforcement, Homeland Security, and national security activities.
Throughout our website, should we request information, we will inform the public whether the information we request is voluntary or required. By providing personally-identifiable information, you grant us consent to use this information, but only for the primary reasons you provide it. We will ask you to grant us consent before using your voluntarily provided information for any secondary purpose, other than those required under the law. PBGC may use the email address you submit to contact you regarding your complaint status or for other purposes such as to request feedback.
Information provided by users who contact OIG by email outside of our provided secure online service applications will be used only for the purposes described at the point of collection and as detailed in the applicable Privacy Act notice. OIG does not have control over the security of the information transmitted by email over the public Internet. Users who must send sensitive information to OIG should contact OIG by telephone, by fax, or send the information via regular mail.
OIG practices physical, electronic, and personnel procedures to protect personally- identifiable and other information collected. Transactions and data submitted by you are logged by OIG. Your information will be maintained and managed in accordance with the Federal Records Act. OIG may disclose information you submit if we are required to do so by law or if we believe that such action is necessary to comply with the law, protect and defend our rights and property, and/or protect against misuse or unauthorized use of information, or protect the personal safety or property of our users or the public. Information about you may be disclosed as part of any investigation into your actions, should OIG suspect you have engaged in wrongdoing.
We are committed to properly securing the information we collect. To help us do this, we take the following steps to:
- Employ internal access controls to ensure access is gained on a need-to-know basis;
- Train relevant personnel on our privacy and security measures to know requirements for compliance;
- Secure the areas where we hold hard copies of information we collect;
- Perform regular backups of the information we collect to ensure against loss;
- Use technical controls to secure any information we collect;
- Periodically test our security procedures to ensure personnel and technical compliance; and
- Employ external access safeguards to identify and prevent unauthorized attempts.