Privacy & Security Policy

Privacy

At Texas.gov, your privacy is one of our top priorities. This policy describes the privacy and security practices regarding information collected from Texas.gov site visitors. The Texas.gov Privacy and Security Policy applies only to the Texas.gov site. This policy does not apply whenever visitors leave Texas.gov domains by clicking a link to an external site, including the sites of state agencies and local governments. The Texas.gov linking policy includes more information about links from Texas.gov to external sites.

Collection of Information

For online transactions conducted on Texas.gov, individuals will be requested to enter information about themselves and/or the organization with which they are affiliated. When personally identifiable information is requested, there will be an indication of whether the disclosure of such information is mandatory or optional to continue the transaction. The type of information requested will vary based upon the type of transaction and the state agency or local government involved in the transaction with the individual. Texas.gov will collect the same information as would be collected if the transaction was performed in person, over the telephone, or through the mail with the state agency or local government. Additional information may be requested if required by law, if such information is necessary to verify an individual’s identity and secure the transaction, or if the visitor voluntarily elects to receive information from state agencies, local governments, or Texas.gov.

For general use or browsing of Texas.gov, visitors are not asked for personally identifiable information, and none will be collected. Texas.gov uses server logs and persistent cookies to collect information about the number and types of visitors to Texas.gov and how they use the website. This information includes the type of browser, operating system, and the Internet Protocol ("IP") address used by each visitor and similar information about the computer network used. It also includes information verifying when and how pages of the website were accessed. However, no attempt is made to match this information with the identity of the visitor, except as is required to comply with a law enforcement investigation. For more information regarding cookies, see below.

Children’s Online Privacy Protection Act

Children under the age of 13 are not eligible to use services that require submission of personal information and should not submit any personal information to us. This includes submitting personal information to the website as part of a user profile or personalization profile. If you are a child under the age of 13, you can use these services only if used together with your parents or guardians. Seek guidance from your parents or guardians if you are under the age of 13.

If we decide to begin collecting personal information from children under the age of 13, we will notify parents that it is being requested, disclose the reasons for collecting it, and disclose our intended use of it. We will seek verifiable parental consent before collecting any personally identifiable information. If we do collect such information, parents may request information on the type of data being collected, view their child's information, and, if they choose, prohibit us from making further use of their child's information. We will not provide personal information about children to third parties.

Use of Information

Information collected during an online transaction is used for the following purposes:

  • To complete online transactions with the appropriate state agency or local government (such as the payment of sales tax or the renewal of a license or permit) and with the payment method selected during the transaction;
  • To send an email to or otherwise contact the individual using the online service confirming the transaction or identifying and resolving problems that may have resulted during the transaction, including in connection with the payment methods; or
  • To provide information about state agencies, local governments, or Texas.gov to visitors who elect to receive this notification service.

Metrics from Texas.gov server logs and persistent cookies are used for the following purposes:

  • Assessing the usability of Texas.gov
  • Determining what information is of most interest to Texas.gov visitors
  • Establishing technical design specifications
  • Measuring Texas.gov system performance
  • Identifying potential issues associated with the interface or operation of Texas.gov.

Texas.gov works with contractors to provide various products and services required for the operation of Texas.gov. Personally identifiable information may be shared with these contractors if necessary in connection with the transactions, in connection with maintenance and improvements to the Texas.gov site, and to support the services and applications offered on Texas.gov. Contractors and subcontractors of Texas.gov are prohibited by contract from selling information from or about the users of Texas.gov. Except as otherwise provided in this policy: (1) Texas.gov will not disclose the email addresses of members of the public who have communicated electronically with a governmental body without the affirmative consent of the affected individual; and (2) Personally identifiable information contained in a question or comment sent to Texas.gov in an email message or submitted in an online form is only used by Texas.gov to respond to the question or comment. Texas.gov may redirect the message to a specific state agency or local government if Texas.gov staff believes that the state agency or local government may be more qualified to respond.

The Department of Information Resources may be required by law enforcement or judicial authorities or applicable law to provide personally identifiable information to the appropriate governmental authorities. Additionally, Texas.gov will cooperate with law enforcement agencies in identifying those who appear to be using our services for illegal activities. Texas.gov reserves the right to report any information to law enforcement agencies, including personally identifiable information, in connection with activities that it, in good faith, believes to be unlawful.

Texas.gov does not sell and does not generally release (other than as provided in this policy) personally identifiable information to third parties; however, information provided to any governmental body may be subject to disclosure pursuant to the Texas Public Information Act and applicable federal and state legislation. Information about the Texas Public Information Act is available from the Office of the Attorney General and at Texas Government Code, Chapter 552. Additionally, certain state agencies or local governments whose sites are accessible through Texas.gov may have different policies concerning the sale or release of personally identifiable information. Upon leaving Texas.gov and linking to an external site, the policies governing Texas.gov no longer apply and users are subject to the external site’s policies. Questions and concerns regarding the information or services provided by a linked site must be directed to the entity or individual responsible for that site, rather than to Texas.gov. In addition, postings from the public on Texas.gov social media sites become public records and may be posted on Texas.gov, and once posted, are available to be viewed and copied by other users. This information may be subject to public information requests. Neither Texas.gov, nor its licensors or contractors performing services in connection with the social media sites are responsible for any actions of third parties who access information posted on any Texas.gov social media site.

For more information about public information requests, please refer to the Texas.gov Public Information Requests policy.

Security

To protect the security of its employees, Texas.gov users, and hosted applications and services, Texas.gov complies with the following standards and codes as applicable:

Government Agency Title
ISO 27002 International Organization for Standardization
COBIT 4.1 Control Objectives for Information and related Technology
PCI DSS Payment Card Industry Data Security Standards
FFIEC Federal Financial Institutions Examination Council
GLB Gramm-Leach-Bliley Act
HIPAA Health Insurance Portability and Accountability Act
SOX 404 Sarbanes-Oxley Act Section 404
TAC 202 Texas Administrative Code Title 1, Part 10, Chapter 202
FERPA Family Education Rights and Privacy Act (34 Code of Federal Regulations Part 99)
IRS 1075 Internal Revenue Service Publication 1075: “TAX INFORMATION SECURITY GUIDELINES FOR FEDERAL, STATE AND LOCAL AGENCIES AND ENTITIES”
OWASP Top 10 Open Web Application Security Project Top 10 Vulnerabilities

In addition, Texas.gov uses Secure Sockets Layer (SSL) for secure transmissions, which are identified as such on the site. SSL applies encryption between two computers, in this case the individual’s personal computer and the Texas.gov server.Texas.gov utilizes 128-bit encryption, which is one of the stronger standard encryptions currently in the marketplace. At a minimum, the following information will be encrypted when transmitted to Texas.gov during a secure transmission:

  • Name
  • Social Security Number
  • All credit, debit, and charge card numbers
  • Bank account and electronic check information
  • Transaction payment information
  • Driver license number
  • Personal identification numbers (PIN) and passwords
  • Email addresses

A web browser will automatically activate the appropriate security features when initiating a transaction on Texas.gov. On most browsers, an unbroken key or locked padlock icon at the bottom of the browser screen indicates that a secure connection is in place.

Cookies

Some of the services hosted on Texas.gov use cookies. A cookie is a small text file that a website stores on a visitor’s personal computer to track specific information about that visitor’s interaction with the website. The services hosted on Texas.gov use both session cookies and persistent cookies. A session cookie is temporary and only exists during a single session during which a visitor uses Texas.gov. Texas.gov session cookies are used to keep track of a particular online transaction and are destroyed after successful completion of a transaction, after a few minutes of inactivity, or when the browser is closed.

Persistent cookies continue to exist after a few minutes of inactivity, after the browser is closed, or after a visitor completes a single session. Texas.gov uses persistent cookies to track visitor activity on the site to structure content and make the Texas.gov websites easy to use. All persistent cookies from Texas.gov will expire within twenty-five months.

Texas.gov cookies do not contain or collect personal identifiable information about visitors. Moreover, Texas.gov will not match visitor activities with personally identifiable information, unless required by law or by law enforcement agencies, or as necessary to enforce the terms of use of the site. If an individual's web browser does not accept cookies, he or she may not be able to conduct online transactions on Texas.gov. However, this will not hinder normal browsing of the website. Texas.gov does not currently utilize web bugs or any other technology to track user activity other than those stated in this policy. However, as technology evolves, Texas.gov may change the technology in use, and will post changes to this policy on the site from time to time to reflect any such changes.

Texas.gov Privacy and Security Contact Information

If you have any questions or concerns about the Texas.gov Privacy and Security Policy, please contact us at txgov@dir.texas.gov. If you have any questions or concerns about how state agencies and local governments handle personal information, please contact them directly.

Return to policies page »

Top of Page