Data Privacy
High Level ViewMedium Level ViewDetailed View Strategic Initiatives Business Processes Information Flows Systems and Services Technology Infrastructure Security and Privacy
 

Click here to download the full Data Privacy document (.doc format)

 
Executive Summary
Program Overview
BTR Privacy Policy and Operational Security
Frequently Asked Questions
 

Executive Summary

The Bureau of Temporary Relocation (BTR) is committed to protecting the personal information of its customers and employees.

 

This document outlines the policy and practices that BTR employs to ensure compliance with all applicable laws regarding personal privacy as well as its overall commitment to ensuring the protection of personal information.  This policy covers all aspects of the handling of protected customer information from all sources including interviews, applications or collected via the Internet.

 

Program Overview

The Bureau of Temporary Relocation (BTR) shall follow these privacy principles in the collection, use, sharing and security of customer information, no matter how it is collected. The BTR shall:

 

  • Provide you NOTICE of our customer information practices.

  • Give you CHOICES about how your data may be used when allowable by applicable federal, state and local laws.

  • Provide you the opportunity to UPDATE or CORRECT your personal information.

  • Use information SECURITY safeguards.

  • Limit the SHARING of your information.

  • Commit to COMPLYING with applicable privacy requirements (as governed by applicable laws).

  • Provide you with means to CONTACT US about privacy-related issues.

 

BTR values the relationship we have with our customers and are committed to responsible information-handling practices. Great care is taken to safeguard personal information and in complying with all applicable federal, state and local privacy laws and our own internal standards and best practices.  In addressing the privacy of users, the following regulations must be considered.

  • Privacy Act of 1974, as amended, 5 U.S.C. 552a (the Privacy Act"), Public Law 93-579;

  • Computer Security Act of 1987, Public Law 100-235, 40 USC §759;

  • Clinger-Cohen Act of 1996, Public Law 104-106;

  • Paperwork Reduction Act of 1995, 44 U.S.C. 3501, et seq., as amended;

  • Freedom of Information Act, 5 U.S.C. 552 (2000)

The Department of Homeland Security (DHS) is the parent agency of the BTR, and as such, any information provided to any employee, facility or web site owned or operated by BTR, may be combined or shared between current or future DHS entities. The BTR operates facilities, support offices and web sites which may be used to collect personal information.

 

Each member of BTR and each web site established by a member of the BTR support network will follow the privacy policies outlined below. Users of BTR infrastructure must be aware of times when information may be shared with third parties.  These include the American Red Cross or healthcare providers.  Information provided to these organizations will be limited to information required for a specific purpose and will not include all information on the customer in the BTR database.  In addition, information regarding the customer may be shared with the individuals’ home state.


 BTR Privacy Policy and Operational Security

The following Privacy Policy describes the information and privacy practices and operational security for the BTR facilities, support offices, the BTR web site and all other locations, occasions or events where your personal information is collected by, or on behalf of BTR. When you provide us your personal information, you consent to the information practices described in this policy. Information can be collected by a an application completed at one of the BTR sites, via a telephone interview with a BTR associate or completed online via the Internet.

 

This Privacy Policy does not apply to web sites that are accessible through the BTR operated sites. BTR web sites contain links to third party sites, including but not limited to third-party sites that display the BTR logos. Users should read the privacy policies of those other sites to learn how they collect, use, secure and share information.

 

The data collected from the customer is limited to the information required to provide services to the customer.  The information collected is outlined under the Frequently Asked Questions on page 9 of this document.  The information will be used to:

  • Fulfill requests for products, services or information

  • Administer background checks (identify criminals and/or sex offenders)

  • Credit checks

  • Provide customer services

  • Provide benefits to customers

Some information will be shared with third parties as required to provide services to the customer. Third parties will be limited to healthcare providers, Red Cross and the customer’s home state.

 

Data submitted via the Internet are input via a 128-bit Secure Socket Layer (SSL) connection.  All customers will be provided a secure user ID and password.  The customer may access only their personal data and no other information.  The customer will be able to use their user ID and password to access the system to view or update their information.

 

Access to the data is granted in accordance with National Institute for Standards and Technology (NIST) Level 2 Assurance Level.  Exposure of the data via the Internet is highly restricted and controlled in several layers to protect the data.  The customer's request for his specific record passes through three firewalls and the request is serviced by a trusted account behind the third firewall.  The single record results are then passed back to the user, thus protecting the database.  Each firewall serves to prevent unauthorized intruders from gaining access to systems behind that firewall.  BTR has implemented a series of these protection zones, which require successive penetration of each firewall to gain access to the subsequent one unless an authorized account is used.

 

Unauthorized attempts to access the system for other than intended purposes will result in denial of service. Unauthorized accesses to obtain, alter, damage, or destroy information, or otherwise to interfere with information is prohibited. Such acts will be disclosed to law enforcement authorities and result in criminal prosecution under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act of 1996 (Pub. L. 104-294), (18 U.S.C. 1030), or other applicable criminal laws.

 

Cookies are used on the BTR website to allow applications to function correctly. Information collected is not retained after the online transaction is completed. BTR's use of cookie technology is not otherwise designed, intended or used to collect, store or analyze information pertaining to Internet users.

 

The servers used by BTR (application, database and web servers) are hosted at a DHS data center.  The servers are hosted at a DHS data center instead of at the BTR site since it provides an additional level of server and facility security, which provides stability in BTR’s operation.

 

The data center is a 24 x 7 x 365 managed operation.  This allows BTR and users to access the information at all times.  There is dedicated fast Ethernet connectivity between the data center and the BTR sites which runs across the providers IP backbone.

 

The primary data center is replicated to a second data center.  This provides full redundancy of the data and operations.

 

Frequently Asked Questions:

 

To assist you with reading through our Privacy Policy, we have provided questions and answers below that you may find helpful in understanding our privacy practices:

 

What information does BTR COLLECT from me?

When does BTR COLLECT information from me?

How is my information used?

Do I have CHOICES regarding the use of my information?

What information is PROVIDED to BTR from others?

Does BTR collect information from CHILDREN?

How does BTR SECURE my personal information?

How does BTR handle security intrusion and detection?

Does BTR share my personal information with others?

Do BTR websites use COOKIES, OTHER TECHNOLOGIES or THIRD PARTIES to collect information about me?

How can I UPDATE my information?

Whom may I CONTACT if I have questions or concerns about the privacy or security of my information?

Disaster Relief Victims (DRV) Debit Card Processing

Will this PRIVACY POLICY change?

 

What information does BTR COLLECT from me?

We may collect personal information such as:

·        Prefix or title

·        Last name, first name and middle initial

·        Suffix

·        Language

·        Name of spouse and/or dependents.

·        Home State

·        Social Security Number

·        Driver’s license number

·        Other Identification (passport)

·        Physical address before relocation

·        Phone number before location

·        Cell phone or second phone number.

·        Email address

·        Medical Insurance Yes/No

·        Medical provider

·        Your personal preferences

o       disability accommodation

o       smoker/non-smoker

o       visibility in BTR directories

o       dietary needs

 

When and how does BTR COLLECT information from me?

BTR collects information from customers in three methods:

  •  Applicants can enter their information via the BTR portal.  The address is WWW.BTR.GOV

  • Applicants can call BTR and provide the information to a BTR employee over the phone.  The phone number is 1-888-BTR-HELP.  Select option 1.

  • Applicants can complete an application at a BTR facility.

The applicant is asked the same questions under all three methods.
 

How is my information USED?

We use the information you provide in order to:

  • Fulfill requests for products, services or information

  • Administer background checks (identify criminals and/or sex offenders)

  • Credit checks

  • Provide customer services

  • Provide benefits to customers

  • Provide selected information to other organizations in order to assist the customer

Do I have CHOICES regarding the use of my information?

Some information is required in order to utilize BTR services and facilities. Excluding required information, BTR does allow customers to opt-out of the use of some personal information after providing it to BTR (such as listings in a public directory).  You always have the ability to opt-in or opt-out of use of optional information requested by BTR.

To opt-out of or opt-in, please take one of the following actions:

1) Send an email to the Privacy Manager at privacy.manager@btr.gov.


2) Call 1-888-BTR-HELP and provide your current contact information.

3) Use the online forms on our web portal.


4) Or, send a request with your current information to:
Bureau of Temporary Relocation
Attn: Privacy Manager
Washington, DC 20935

If you send an e-mail or letter request, please be sure to include your full name, address, phone number and e-mail address and indicate specifically what type of optional information you wish to have de-listed. This will ensure we identify you correctly in our systems and accurately process your request.

BTR will take appropriate steps to implement your request to opt-out of or opt-in. Please note that due to production, mailing and system timelines, in order to remove you from our systems, it may take up to:

 

·        10 business days for e-mails or online forms

·        30 days for phone calls

·        6 weeks for direct mail


Also, please note that even though you may have opted out of certain uses of your information, the mandatory information you provide to BTR will not be removed from our systems, or shall BTR discontinue use of such information as deemed appropriate by BTR and all applicable laws.

 

What information is PROVIDED to BTR from others?


Information From/About Family and Associates
If you provide us information about others, or if others give us your information, we will only use that information for the specific reason it was provided.


Information From Third Parties
BTR obtains a myriad of information from third-party providers (such as other federal agencies, medical practitioners and law enforcement entities) in order to improve the accuracy of our customer database and to increase our ability to provide services to our customers.

 

Does BTR collect information from CHILDREN?

BTR is committed to protecting the privacy of children.  We will only collect information from children in accordance with all applicable laws.  Information regarding children should be collected from legal guardians or parents, and will only be done when necessary (such as to provide entry into a BTR facility or to make health benefits available).  We will not knowingly or intentionally collect personal information online from children under the age of 13.

 

How does BTR SECURE my personal information?

Whether you provide information online or in facilities, we have security measures in place and take reasonable precautions to protect against the loss, misuse and unauthorized access of your personal information under our control. BTR cannot ensure or warrant the security of any information you transmit to us by e-mail, and you do so at your own risk.  BTR employs the best data security products available as chartered by the BTR security program.
 

How does BTR handle security intrusion and detection?

Unauthorized attempts to defeat or circumvent security features; to use the system for other than intended purposes; to deny service to authorized users; to access, obtain, alter, damage, or destroy information; or otherwise to interfere with the system or its operation is prohibited. Evidence of such acts may be disclosed to law enforcement authorities and result in criminal prosecution under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act of 1996 (Pub. L. 104-294), (18 U.S.C. 1030) or other applicable criminal laws.

 

  • For site security purposes and to ensure that this service remains available to all users, this government computer system employs software programs to monitor host and network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage.  This includes using 128 bit secured socket layer security.  Also, firewalls are used to prevent intrusions into the system.

 

  • Except for authorized law enforcement investigations, no other attempts are made to identify individual users or their usage habits. Raw data logs are used for no other purposes and are scheduled for regular destruction in accordance with National Archives and Records Administration guidelines.

 

  • Unauthorized attempts to upload information or change information on this service are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act.

 

Does BTR SHARE my personal information with others?

 

BTR does not sell or rent your personal information to third parties.
We may need to share your personal information with certain third parties such as our agents, service providers and other representatives acting on our behalf for limited purposes. For example, we may share personal information with third parties to perform services on our behalf such as:

  • Fulfilling our customers' benefits requests

  • Delivering services

  • Conducting research, analysis or administering surveys about BTR operations

  • Processing background checks

  • Processing credit checks

Information provided to the third party is limited to the information needed for the intended purpose.  At no time will a third party be given access to the entire BTR database.

The third parties with whom we conduct business are only authorized to use your information to perform the service for which they were hired. As part of our agreement with them, they are required to follow the privacy guidelines we provide them and to take reasonable measures to ensure your personal information is secure.

 

From time to time, we may be required to share personal information in response to a valid court order, subpoena, government investigation, or as otherwise required by law. We also reserve the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful. We may share certain personal information when we believe that such release is reasonably necessary to protect the rights, property and safety of others and ourselves. We may also transfer personal information in the event of a change in BTR alignment within the government (such as a change in responsibility for BTR to process a request to another agency).

 

Do BTR web sites use COOKIES, OTHER TECHNOLOGIES or THIRD PARTIES to collect information about me?

 

Cookies
A cookie is a small data file that a Web site or e-mail may send to your browser, which may then be stored on your hard drive. Our Web sites use cookies to create a more personalized experience for visitors to our site. Cookies simulate a continuous connection — they let us "remember" information about your preferences and session, and allow you to move within areas of our Web sites without reintroducing yourself.

BTR does place cookies on your computer to collect non-personally identifiable information. Although our cookies may contain a unique user ID, they do not collect or store any of your personally identifiable information.

You may choose to set your web browser to not accept cookies, but your customized experience may be altered or you may not be able to complete certain transactions.

Third-Party Providers
No third party is allowed to collected information about you when they access the BTR web site.
 

How can I UPDATE my information?

BTR wants your information preferences to be accurate and complete. We provide several different methods for you to update your personal information. To update your information:

1) If you’ve created an account on the BTR web portal, you can update your information after logging into your account

2) Call: 1-888-BTR-HELP, option 2

3) Send an email to customerinformation manager@btr.gov

4) Send a request to:
Bureau of Temporary Relocation
Attn: Customer Information Manager
Washington, DC 20935

If you send an e-mail or letter request, please be sure to indicate your current information and the requested changes you would like made.

 

The required time to make changes is dependent on the method selected.

  • Instantaneous for Internet changes

  • 2 business days for e-mails or online forms

  • 2 days for phone calls

  • 2 weeks for direct mail

Whom may I CONTACT if I have questions or concerns about the privacy or security of my information?

Please contact our Privacy Manager to report any known or suspected privacy or security breaches or to submit privacy or security-related questions or complaints. After receiving your inquiry, we will respond within five business days. You may contact us in the following ways:

1) Call: 1-888-BTR-HELP

2) Send a communication via the BTR web portal.

3) Send a letter to:
Bureau of Temporary Relocation
Attn: Privacy Manager
Washington, DC 20935

 

Disaster Relief Victims (DRV) Debit Card Processing

 

In order to apply for a DRV Debit Card, you will need to provide:

 

  • Your Social Security number.

  • Current and pre-disaster address.

  • A telephone number where you can be contacted.

  • Insurance information.

  • Total household annual income

  • A routing and account number from your bank (only necessary if you want to have disaster assistance funds transferred directly into your bank account)

  • A description of your losses that were caused by the disaster.

  • After you've completed your application for assistance, you will receive a BTR-DRV application number.

  • Write down this number and keep it for future reference.

 

BTR is required by law to provide you with a copy of this privacy policy.

 

The information you give to BTR will be used to refer you to disaster assistance programs. It may be shared with your bank, insurance company, or other assistance providers to ensure there is no duplication of benefits. It may also be shared with state and local governmental agencies to help reduce future disaster losses.

 

Failure to provide this information will result in a delay or a rejection of your request. You authorize BTR and the state to verify the information that is entered.

 

If you knowingly make false statements to obtain disaster aid, it is a violation of Federal and state laws that carry penalties including severe fines or imprisonment up to 5 years, or both.

 

The BTR-DRV registration process requires you to agree to the statements provided in the privacy policy above.

  

Will this Privacy Policy CHANGE?

Because BTR will continue to implement new technologies and improve the services and features we provide, this policy is subject to change. If there are changes or additions to this Privacy Policy, we will post those changes to our web portal or in other formats for you to review. If we change our information practices or this Privacy Policy in such a way that your personal information may be used or shared in a different manner, we will give you the opportunity to opt-out of having your information used or shared in that new manner in accordance with all applicable laws.  Information will not be changed between optional and mandatory without notice to the customer and adjustment to the documentation associated with the process that collects this information

Changes: The policy clarified the addition of credit checks in accordance with the new DRV Debit Card.

Last revision date: March 24, 2006

 

© 2006 BTR/SU - all rights reserved