Privacy Policy

Email Subscriptions and Updates

The Department maintains several lists of subscribers who have asked to receive periodic email updates. Any recipient of a Department email may unsubscribe from future messages via a link at the bottom of each email message. We do not sell, rent, exchange, or otherwise disclose our list subscribers to persons or organizations outside the Department.

Our email analytics provider, GovDelivery, also offers the capability to view some data, such as whether a mass email was opened, at an individual level for 30 days after an email was sent; as a matter of policy and practice this data is only viewed on an aggregate basis.

The Department’s websites may contain links to websites created and maintained by other public or private organizations. We provide these links as a service to visitors to our site. When you follow a link to an external site, you are leaving the Department and are subject to the privacy and security policies of the external site.

Links to External Sites

The Department’s websites may contain links to websites created and maintained by other public or private organizations. We provide these links as a service to visitors to our site. When you follow a link to an external site, you are leaving the Department’s website and are subject to the privacy and security policies of the external site.

Security

For site security purposes and to ensure that this service remains available to all users, the Department’s information systems, and information systems operated by contractors on behalf of the Department, employ software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Anyone using these information systems expressly consents to such monitoring and is advised that if such monitoring reveals evidence of possible abuse or criminal activity, such evidence may be provided to appropriate law enforcement officials. Unauthorized attempts to upload or change information on these information systems are strictly prohibited and may be punishable by law, including the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act of 1996.

Additionally, DOJ information systems, and information systems operated by contractors on behalf of the Department, may be protected by EINSTEIN cybersecurity capabilities under the operational control of the U.S. Department of Homeland Security Cybersecurity & Infrastructure Security Agency (CISA). Electronic communications with DOJ may be scanned by government-owned or contractor equipment to look for network traffic indicating known or suspected malicious cyber activity, including malicious content or communications.

Electronic communications within DOJ will be collected or retained by CISA only if they are associated with known or suspected cyber threats. CISA will use the information collected through EINSTEIN to analyze the known or suspected cyber threat and help DOJ and other agencies respond and better protect their computers and networks.

For additional information about EINSTEIN capabilities, please see the EINSTEIN program-related Privacy Impact Assessments available on the U.S. Department of Homeland Security cybersecurity privacy website along with other information about the federal government’s cybersecurity activities.

Vulnerability Disclosure Policy (VDP)

The Department is committed to ensuring the security of the American public by safeguarding their digital information. The Vulnerability Disclosure Policy (VDP) provides guidelines for the cybersecurity research community and members of the general public (hereafter referred to as researchers) on conducting good faith vulnerability discovery activities directed at public facing DOJ websites and services. The VDP also instructs researchers on how to submit discovered vulnerabilities to the DOJ’s Office of the Chief Information Officer (OCIO), within the Justice Management Division.