Statement of Purpose
This Privacy and Security Policy (the "Policy") sets forth the privacy and security practices of the Office of the Secretary of State ("SOS") with respect to information collected from visitors to the website of the SOS, and all specific websites beginning with such domain (collectively referred to herein as, the "SOS Website"). The Policy contains information about the types of data collected and how such data is used by the SOS.
This Policy only applies to the SOS Website. This Policy does not apply whenever visitors leave the SOS Website by clicking on and following a link to another website, including the websites of other state agencies and local governments. The privacy and security policies of the websites visited outside of the SOS Website should be reviewed to determine how each site owner addresses the issue of disclosure of personally identifiable information.
The Information Technology Division of the SOS maintains the SOS Website as a public service. This Policy may be updated periodically. The Information Technology Division of the SOS approved the current version of this Policy on January 29, 2004.
"Personally identifiable information" means information that could be used to name or distinguish an individual conducting business on the SOS Website from others such individuals. Personally identifiable information includes, but is not limited to: name; address; Social Security Number; credit card, debit card, or bank account information numbers; driver's license number, professional license number, occupational license number, tax identification numbers; and e-mail address.
Collection of Information
For transactions conducted on the SOS Website, including via the SOSDirect and Texas Register websites, individuals will be requested to enter certain information about themselves and/or the organization with which they are affiliated. When personally identifiable information is requested, there will be an indication of whether the disclosure of such information is mandatory or optional to continue the transaction. The type of information requested will vary based upon the type of transaction. SOS collects this information in the same manner and for the same reasons as if the transaction were performed in person, over the telephone, or through the mail with SOS. Additional information may be requested if required by law, if such information is necessary to verify an individual's identity and secure the transaction, or if the visitor would like updates regarding new features offered by the SOS Website. Information regarding SOS Website features will only be sent to visitors if they explicitly choose to receive it.
For all other browsing, visitors are not asked for personally identifiable information, and none will be collected.
Use of Information
Information collected in the course of transactions via the SOS Website are used for the following purposes:
Transaction and Information Facilitation
- To conduct online transactions between a visitor and SOS via the SOS Website;
- To send an e-mail to a visitor using the online service provided via the SOS Website confirming the transaction; or
- To provide information about new features offered by the SOS
Website to visitors who have elected to opt-in to receive such
For site management functions, information is collected for analysis and statistical purposes. This information is not reported or used in any manner that would reveal personally identifiable information. E-mail addresses will not be released to outside parties unless we are required to do so in connection with law enforcement investigations, legal proceedings, or as otherwise required by applicable state or federal law.
We use log analysis tools to create summary statistics, which are used for purposes such as assessing what information is of most interest to visitors, determining technical design specifications, and identifying system performance or problem areas. The following information is collected for this analysis:
- User Client hostname - The hostname (or IP address if DNS is disabled) of the user/client requesting access;
- HTTP header, "user-agent" - The user-agent information includes the type of browser, its version, and the operating system it's running on;
- HTTP header, "referrer" - The referrer specifies the page from which the client accessed the current page;
- System date - The date and time of the user/client request;
- Full request - The exact request the user/client made;
- Status - The status code the server returned to the user/client;
- Content length - The content length in bytes of the document sent to the user/client;
- Method - The request method used;
- Universal Resource Identifier (URI) - The location of a resource on the server;
- Query string of the URI - Anything after the question mark in a URI; and
- Protocol - The transport protocol and version used.
Without the affirmative consent of an affected individual, SOS is prohibited from disclosing the e-mail addresses of members of the public that have communicated electronically with it. Personally identifiable information contained in a question or comment sent electronically to SOS in an e-mail message or submitted in an online form is only used by SOS to respond to the question or comment. SOS reserves the right to redirect any e-mail message to another government agency or person who is in a better position to answer an issue raised in an e-mail.
SOS may be required by law enforcement or judicial authorities to provide personally identifiable information to appropriate governmental authorities. SOS will cooperate with law enforcement agencies in identifying those who appear to be using its services for illegal activities. SOS reserves the right to report to law enforcement agencies any activities that officials of SOS in good faith believe to be unlawful.
Personally Identifiable Information
Except as otherwise provided by applicable state or federal law, SOS does not sell or release personally identifiable information. Please note that information provided to SOS is generally public information subject to disclosure pursuant to the Texas Public Information Act or applicable federal legislation unless a specific statutory exception applies. Information about the Texas Public Information Act is available from the Office of the Attorney General (PDF, 1.63mb), and at Texas Government Code, Chapter 552.
The SOS Website uses Secure Sockets Layer ("SSL") for secure transmissions. SSL applies encryption between two computers, in this case the individual's personal computer and the SOS Website server. The SOS Website utilizes 128-bit encryption, which is the strongest encryption currently standard in the marketplace. As a minimum, the following information will be protected when transmitted via the SOS Website:
- Social Security Number;
- All credit, debit, and charge card numbers;
- Bank account and electronic check information;
- Transaction payment information; " Personal identification numbers (PIN) and passwords; and
- E-mail addresses.
A web browser will automatically activate the appropriate security features when initiating a transaction via the SOS Website. On most browsers, an unbroken key or locked padlock graphic at the bottom of the browser screen indicates that a secure connection is established.
A cookie file contains unique information a web site can use to track such things as passwords, lists of pages previously visited by a particular visitor, and the date when a particular visitor last looked at a specific page. In addition, a cookie file may identify a visitor's specific session at a particular web site. A cookie is often used in commercial sites to identify the items selected for a specific shopping cart application. Cookies come in several types, primarily session or persistent. A persistent cookie is information from a Web site that lasts longer than the immediate connection. A session cookie lasts for the duration of the connection.
You should note that cookies obtained via the SOS Website neither contain nor collect personally identifiable information about visitors. Moreover, SOS will not match visitor activities with personally identifiable information.
If you have questions or concerns about this policy, please feel free to contact our general counsel. If you have questions or concerns about how other state agencies or local government bodies handle personally identifiable information, please contact those governmental bodies directly.