Back to Case Studies

CMS: Using Tealium Tag Management to Increase Customer Privacy


Overview

As part of its commitment to protecting user privacy, Healthcare.gov – the flagship site for the Affordable Care Act – was seeking ways to bolster the privacy and information-sharing tools available to their customers.  In addition to giving users more control over the information shared across their site, Healthcare.gov wished to have a stronger mechanism in place for honoring Do Not Track (DNT).

CMS HomepageDNT is a technology available for protecting online privacy, specifically addressing the challenge of pervasive online web tracking. Theoretically, if a user has enabled DNT in their browser settings, then the ability of a web application to track a user should be disabled, but that is not always the case. This was a significant concern for HealthCare.gov, who wanted to provide the highest possible level of security to their users.

Challenge

Although HealthCare.gov met the privacy standards, they wanted to provide their customers with an extra layer of security in addition to DNT. This extra security would ensure that DNT tracking was being honored, and offer their customers further peace of mind that their information was secure.

Also, in order for DNT to successfully work, users need to both be aware that DNT exists, and take steps to locate and enable this functionality within their specific browser settings. Even if a user takes the initiative to enable DNT, it does not guarantee that a third party will respect the DNT signal.

Theoretically, a third party website could match up information unknowingly provided to them by a referring website with an already extensive amount of information they have collected about a user. This could result in a detailed profile of a user’s online reading habits, buying preferences, medical conditions, salary, etc. and HealthCare.gov wanted to ensure this did not happen to their customers.

Solution

To meet the security standards set by HealthCare.gov, Blast Analytics & Marketing recommended the use of the Tealium iQ tag management. By migrating all site tags from Google Tag Manager (GTM) to the Tealium iQ tag management solution, HealthCare.gov could give users control over what tracking and data collection takes place during their visit. Leveraging Tealium iQ capabilities and a Tealium Privacy Extension option, a new Privacy Manager was built and implemented across both the English and Spanish sites.

When opted out of specific tracking categories, the Privacy Manager blocks third-party tools from ever loading, regardless of your cookie settings, preventing cookies, web beacons, and local storage objects from being placed on a user’s device. This provides users with an additional layer of privacy, and HealthCare.gov retains a user’s desired settings for 3 years from the date of their most recent visit.

The Privacy Manager is also unique in that it provides users with the choice to opt-in or opt-out of entire classifications of tags, rather than individual tags. The three classification categories of third-party tools used by HealthCare.gov that can now be managed by users are:

  • Advertising: Will block the use of digital advertising tools such as web beacons.
  • Social Media: Will block the ability to track a user sharing content on Facebook, Twitter, or other social media accounts.
  • Web Analytics: Will block the ability to use tools to count, track, and analyze visits.

CMS Privacy Wizard

Furthermore, Tealium does not see, collect, or store a user’s data either. By building a set of instructions for the browser to execute, the management and routing of data is completed within the browser itself, rather than through the Tealium servers. User IDs stored in its cookies are different on each website, and they do not use any sort of browser fingerprinting or supercookies. These safeguards make it virtually impossible for Tealium to track HealthCare.gov users.

Lastly, users who have turned on the DNT feature in their browser will have advertising-related tracking disabled by default.

Results

Through their partnership with Blast, and implementation of Tealium technology, HealthCare.gov was able to improve privacy across the site, including a new privacy policy, easy privacy controls for users, and a commitment to honoring the DNT browser setting.

CMS Privacy Policy


Download

Interested in Working with Blast?

Ask a Question or Request More Information

Project Overview

Goals

  • Provide the highest possible level of security to CMS users

Approach

  • Recommended the use of Tealium iQ Tag Management to give users control over tracking and data collection
  • Built privacy manager to block third-party tools
  • Provided ability to opt-in or opt-out of entire classifications of tags

Strategic Guidance

  • Guided a Privacy Impact Assessment
  • Provided stakeholder education to help them understand current tracking landscape and privacy risks
  • Educated on value and need for governance and process enforcement

Results

  • Became first US government site to implement extra layer of security
  • Easy privacy controls for users
  • Clear commitment to Do Not Track browser setting

Services

AnalyticsAnalytics
Tag ManagementTag Management


Goal Driven Marketing & Analytics Consulting Company
Copyright © 1999-2017 Blast Analytics & Marketing

Privacy  |  Terms