CMS: Using Tealium Tag Management to Increase Customer Privacy
As part of its commitment to protecting user privacy, Healthcare.gov – the flagship site for the Affordable Care Act – was seeking ways to bolster the privacy and information-sharing tools available to their customers. In addition to giving users more control over the information shared across their site, Healthcare.gov wished to have a stronger mechanism in place for honoring Do Not Track (DNT).
DNT is a technology available for protecting online privacy, specifically addressing the challenge of pervasive online web tracking. Theoretically, if a user has enabled DNT in their browser settings, then the ability of a web application to track a user should be disabled, but that is not always the case. This was a significant concern for HealthCare.gov, who wanted to provide the highest possible level of security to their users.
Although HealthCare.gov met the privacy standards, they wanted to provide their customers with an extra layer of security in addition to DNT. This extra security would ensure that DNT tracking was being honored, and offer their customers further peace of mind that their information was secure.
Also, in order for DNT to successfully work, users need to both be aware that DNT exists, and take steps to locate and enable this functionality within their specific browser settings. Even if a user takes the initiative to enable DNT, it does not guarantee that a third party will respect the DNT signal.
Theoretically, a third party website could match up information unknowingly provided to them by a referring website with an already extensive amount of information they have collected about a user. This could result in a detailed profile of a user’s online reading habits, buying preferences, medical conditions, salary, etc. and HealthCare.gov wanted to ensure this did not happen to their customers.
To meet the security standards set by HealthCare.gov, Blast Analytics & Marketing recommended the use of the Tealium iQ tag management. By migrating all site tags from Google Tag Manager (GTM) to the Tealium iQ tag management solution, HealthCare.gov could give users control over what tracking and data collection takes place during their visit. Leveraging Tealium iQ capabilities and a Tealium Privacy Extension option, a new Privacy Manager was built and implemented across both the English and Spanish sites.
When opted out of specific tracking categories, the Privacy Manager blocks third-party tools from ever loading, regardless of your cookie settings, preventing cookies, web beacons, and local storage objects from being placed on a user’s device. This provides users with an additional layer of privacy, and HealthCare.gov retains a user’s desired settings for 3 years from the date of their most recent visit.
The Privacy Manager is also unique in that it provides users with the choice to opt-in or opt-out of entire classifications of tags, rather than individual tags. The three classification categories of third-party tools used by HealthCare.gov that can now be managed by users are:
- Advertising: Will block the use of digital advertising tools such as web beacons.
- Social Media: Will block the ability to track a user sharing content on Facebook, Twitter, or other social media accounts.
- Web Analytics: Will block the ability to use tools to count, track, and analyze visits.
Furthermore, Tealium does not see, collect, or store a user’s data either. By building a set of instructions for the browser to execute, the management and routing of data is completed within the browser itself, rather than through the Tealium servers. User IDs stored in its cookies are different on each website, and they do not use any sort of browser fingerprinting or supercookies. These safeguards make it virtually impossible for Tealium to track HealthCare.gov users.
Lastly, users who have turned on the DNT feature in their browser will have advertising-related tracking disabled by default.