Privacy and Security


The OCC is committed to maintaining the privacy of your personal information and protecting the technical infrastructure through which you communicate with us.

 

Privacy
Our privacy policy explains the information we capture when you visit our CRE Web site and how we will handle this information.

If you browse through our Web site, read pages, or download information, we automatically gather and store certain information about your visit. This information does not identify you personally. The OCC stores the following information about your visit:

 

·  The Internet domain from which you access the Internet (for example, aol.com, if you are connecting from an America Online account, or princeton.edu, if you are connecting from Princeton University’s domain);

·  The IP (Internet Protocol) address from which you access our site. An IP address is a number automatically assigned to your computer whenever you are connected to the Internet;

·  The type of browser and operating system (for example, Netscape or Internet Explorer) used to access our site;

·  The date and time you access our site;

·  The pages you visit;

·  The address of the Web site you visited immediately prior to visiting the CRE; and,

·  The action that you tried to perform (for example, download a document) and whether or not you were successful

 

CRE Registration and User Profile

During registration for CRE access we collect information that identifies you personally. This information is provided specifically and knowingly by your in-house administrator (CRE Regulatory Agency Administrator) and submitted to your CRE representative (OCC CRE Content Administrator). You have the ability to edit this information once CRE access is granted. We may use the information sent to us in various ways. Your information may be made available to OCC employees, such as our OCC CRE Content Administrator or our Complaint Specialists, having a business reason to see it. In other limited circumstances, including requests from congressional committees or pursuant to subpoenas or other legal process, we also may disclose the information submitted to us.

 

Use of Web Forms or Electronic Messages

Registered users may contact us electronically by emailing CAGNetHouston@occ.treas.gov or by submitting electronic comments within each referral. Before doing so, there are a few things that registered users should know. We collect information that identifies you personally only if it is provided specifically and knowingly by you. We may use the information you send us in various ways. When you send us information that identifies you (e.g., in an electronic mail message containing a question or comment), we use this information to respond to your request. Your information may be made available to OCC employees, such as our OCC CRE Content Administrator or our Complaint Specialists, having a business reason to see it. In other limited circumstances, including requests from congressional committees or pursuant to subpoenas or other legal process, we also may disclose the information submitted to us.

 

Website Security

For site security purposes and to ensure that this service remains available to all users, we employ software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Unauthorized attempts to upload or change information, or otherwise cause damage, on this server are strictly prohibited and may be punishable under federal law.

The Office of the Comptroller of the Currency (OCC) operates its Internet-facing computer systems in a manner consistent with best practices in information security. The OCC maintains a system of firewalls, proxies and routers to limit detect and protect against hostile traffic. The OCC configures and operates hosts and networks in a manner that meets or exceeds industry standards. The OCC reviews its applications for the appropriate setting of security controls. The OCC performs penetration tests and network monitoring to provide an on-going assessment of security status. Information and assets are protected as required by statute and regulation, including, but not limited to, the Privacy Act, the Trade Secrets Act, the Right to Financial Privacy Act, and the Federal Information Security Management Act.