HHS Approval Form for Tealium Customer Data Hub Tier 3
Proposed Use of a Multi-Session Web Measurement and Customization Technology that Collects Personally Identifiable Information Form
Per Office of Management and Budget (OMB) instructions found in Memorandum 10-22 Guidance for Online Use of Web Measurement and Customization Technologies (June 25, 2010), the following information serves as public notice for the proposed use by the United States Department of Health & Human Services of a Tier 3 multi-session Web measurement and customization technology that collects personally identifiable information.
The HHS Senior Agency Official for Privacy (SAOP) will post this notice for public comment on the Department’s Open Government Webpage (www.hhs.gov/open) for 30 days from the date of the posting.
Comments
The 30-day comment period is from Tuesday, January 5, 2021 through Thursday, February 4, 2021. Comments about the proposed use can be submitted electronically to: [email protected].
| OPDIV | Centers for Medicare and Medicaid Services (CMS) |
| Date posted for public comment | 01/05/2021 |
| The purpose of the Web measurement and/or customization technology | The Tealium Customer Data Hub technology’s purpose is to improve the user experience. The Tealium Customer Data Hub will be used to collect information across customer touch-points in order to gain a unified customer view of visitors to CMS websites. Tier-3 usage of customization technology requires an opt-in decision by the user. The action of opting in means the user is agreeing to specified data being collected in order to improve the user experience. The action of opting in will be accompanied by a notification with examples of what data may be collected and what benefits are offered to the user. The Tealium platform will analyze the information collected in order to create segments of customers and to combine these segments into audiences. For example, on the Medicare.gov website, there are multiple types of users who may visit Medicare.gov based on whether they are receiving, shopping for or caring for someone with Medicare. These segments are grouped into audiences; beneficiary, coming-of-ager and caregiver. These audiences will be used to enrich the capabilities of the website and provide personalized customer experiences for these site visitors. Tealium’s audience segmentation and Customer Data Hub technology is in use today at a Tier 2 level. Planned Tier 3 usage: If a user has opted-in to Tier 3 usage, the Tealium Customer Data Hub will enable one-to-one personalization and help close the feedback loop for marketing. For example, when a user visits the Medicare.gov website and is unable to achieve their goal, they are then prompted with a Qualtrics survey. The user completes the survey and indicates the “bad visit”. Using automation, the Tealium platform sorts that user into an audience based on the feedback they provided and the challenge they had on the website. That audience is shared with Granicus (i.e. GovDelivery), the email marketing solution, and a follow up email with recommended solutions is sent to the user. The user is able to review the solutions provided and complete their goal on the Medicare.gov website. If a user opts-out of Tier 3 usage, CMS is able to personalize at a Tier 2 usage level, which would prevent the use of personally identifiable information. |
| The usage tier (i.e., Tier 1, 2, or 3) | Tier 3 |
| Session Type (multi-session or single session) | Multi-Session |
| Information about the technology used | The Tealium Customer Data Hub may collect data, including personally identifiable information (PII), as described below from CMS customers. The Tealium platform uses that information to create real-time profiles of customers and integrate with CMS digital marketing platforms to provide personalized experiences for users. The Tealium Customer Data Hub performs rule based analysis, as defined by CMS and its staff and contractors, on the information collected from CMS websites, in order to create segments of customers. These segments are used to enrich the capabilities of the website and correlate data across various customer-consumer touch points. This enables CMS to make the most relevant content available to their customers and improve the online experience. |
| Describe the nature of the information collected | Data Collected Automatically by the Technology: Technical information such as internet protocol (IP) address, browser type and version, time zone setting, location and other information on the devices the visitor uses to access a CMS website. Data Collected Based on User Behavior and Input: Profile information such as the visitor’s interests, preferences, and feedback (for example behavioral engagement on the website, language preference, and survey feedback). Usage information about how a visitor uses CMS websites, products, and services. Marketing and communications information such as visitor preferences and data used to identify visitors such as numeric user identifiers and one-way encrypted email address identifiers to link the visitor’s communication preferences. Medical and beneficiary personal health information will not be collected and stored in the Tealium Customer Data Hub. The data collected by Tealium will not be linked to medical or beneficiary data or systems. The PII is collected to provide for an enriched and personalized user experience. A primary consideration of this technology is the ability to identify the same user across multiple devices and across multiple sessions. To achieve this, a common user identifier must be captured. Behavioral data from one session/device is leveraged to provide an improved and consistent user experience in future sessions/devices. |
| Describe the purpose and use of the information | The Tealium Customer Data Hub will be used to analyze the information collected from a website in order to create segments of customers and to combine these segments into audiences. For example, on the Medicare.gov website, there are multiple types of users who may visit Medicare.gov based on whether they are receiving, shopping for or caring for someone with Medicare. These segments are grouped into audiences: beneficiary, coming of ager, and caregiver. These audiences will be used to help gain a unified customer view to enrich the capabilities of the website, help CMS analyze points of friction, and provide personalized customer experiences for these website visitors. |
| Describe whether and to whom the information will be disclosed | The information collected will be sent to Tealium’s Private Cloud server, which is a single-tenant environment. The data within the Tealium Customer Data Hub are available only to CMS managers, teams who implement CMS programs, members of the CMS communications and web teams, and other designated federal staff and contractors who need this information to perform their duties. |
| Describe the privacy safeguards applied to the information | All data transmitted from the client-side browser, is encrypted over HTTPS (SSL). PII information will be securely captured, transmitted, and stored. The information will be stored on Tealium’s Private Cloud solution, which is a single-tenant environment that provides data isolation and security compliance. All data is encrypted at rest in Tealium’s Private Cloud solution. Tealium’s Private Cloud has achieved a pedigree of 3rd party security and privacy certifications: HIPAA, ISO 27001 and 27018 and SSAE18 SOC 2 Type II. PII data within Tealium’s Customer Data Hub will be labeled “restricted,” which provides additional control over the flow of this data. |
| Describe the data retention policy for the information | General Records Schedule (GRS) 6.5, Item 10, Disposition Authority: DM-GRS-2017-0002-0001. Records from operations such as a customer call center or service center providing services to the public. Services may address a wide variety of topics including but not limited to: incoming requests and responses, system data including customer ticket numbers and visit tracking, evaluations and feedback about customer services, reports generated from customer management data, customer feedback and satisfaction surveys, including survey instruments, data, and reports. CMS may retain records 1 year after resolved, or when no longer needed for business use, whichever is appropriate. The data retention policy is 13 months for the Tealium Customer Data Hub. CMS is able to connect to the Tealium platform to export this data to a CMS managed data warehouse. |
| Name of the Privacy Impact Assessment associated with the Website or application using the Web measurement and/or customization technology | Tealium - https://www.hhs.gov/sites/default/files/cms-tealium.pdf Please note that this link is for the Third-Party Website or Application (TPWA) Privacy Impact Assessment (PIA) for the current use of Tealium, not the Tier 3 use being proposed. The draft Tier 3 TPWA PIA is available on hhs.gov/open. |
| Name of the System of Records Notice associated with the Website or application using the Web measurement and/or customization technology (if applicable) | N/A |
| Describe whether or not the technology is enabled by default; and if so, why | The Tealium Customer Data Hub technology is enabled by default; however, personally identifiable information will not be captured unless there is explicit consent obtained through an opt-in process. When the technology is enabled without opt-in consent at the Tier-3 level, it will operate at a Tier-2 level and use anonymized data (unless the visitor has expressed their choice for Tier-2 usage opt out). |
| Describe how to opt-out or opt-in to the Web measurement and/or customization technology | The Tealium Customer Data Hub technology is leveraged in both a Tier-2 and Tier-3 state, based on the type of information being collected. In a Tier-2 state, a visitor can opt out of the ‘Web Analytics’ category at any time through the CMS website’s Privacy Settings. A decision to opt-out at the Tier-2 usage level will also opt a user out of Tier-3, regardless of their expressed consent as described below. In a Tier-3 state, this requires an opt-in decision by the user. The default state is that users will NOT be opted in and will stay at the Tier-2 usage level (unless the visitor also opts out of that usage). The following opt-in flows are examples as they are not yet built out: The user will be able to select an unchecked (by default) box to indicate consent through any email signup forms as well as through the account sign up process and user profile management screens. The action of opting in means the user is agreeing to specified data being collected in order to improve the user experience. The action of opting in will be accompanied by a notification with information explaining what the decision means, examples of what data may be collected and what benefits are offered to the user. The opt-in decision will be stored in the GovDelivery tool and in the appropriate CMS user profile database (for user-login based identification). The user may also change their opt-in decision in both data locations as well. The GovDelivery tool is used as CMS’ email and SMS based marketing initiatives and has its own TPWA PIA: https://www.hhs.gov/sites/default/files/ahrq-govdelivery.pdf |
| Describe how a member of the public can access comparable information or services if they choose to opt-out of the Web measurement and/or customization technology | If a member of the public does not opt-in for this customization technology, there will be no impact to the accessibility of website tools and features. The technology is used to improve the user experience. |
| Identities of all third-party vendors involved in the measurement and/or customization process | Tealium is used in concert with Qualtrics as the only third-party vendors designated to store Tier-3 level personally identifiable information. Data within Tealium is not accessible by personnel from Qualtrics and vice versa. Only designated federal staff and contractors who need this information to perform their duties have access to this data. No other third party organization will have access to the information collected. |
