A Privacy Partnership
Your privacy with respect to the use of this website results from a partnership between DOR and you, the user. At this website, we attempt to protect your privacy to the maximum extent possible. However, because some of the information that we receive through this website is subject to the Public Records Law, Massachusetts General Laws Chapter 66, Section 10, we cannot ensure absolute privacy. Information that you provide to us through this site may be made available to members of the public under that law. This policy informs you of the information that we collect from you at this site, what we do with it, to whom it may be disseminated, and how you can access it. Based on this information, you can make an informed choice about your use of this site. You can maximize the benefits of your privacy partnership with DOR by making informed choices about whether to share personally identifiable information with us through this site.
DOR provides this site as a public service. This site is monitored by automated security systems and, in some cases, by DOR's security staff, to ensure proper operation, and verify the functioning of applicable security features, auditing, and for other like purposes. Anyone using this site expressly consents to this automated monitoring. If you do not consent to monitoring, exit this site now. Unauthorized attempts to modify any information stored on this site, to defeat or circumvent security features, or to utilize this site for other than its intended purposes are prohibited.
Because this site does not encrypt incoming e-mail, you should not send information that you consider highly sensitive through this website. We use standard security measures to ensure that your personally identifiable information sent e-mail is not lost, misused, altered, or unintentionally destroyed. We also use software programs that monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Except for authorized law enforcement investigations, no attempts are made to identify individual users of the e-mail submission feature or the Commonwealth Conversations: Taxes, Revenue and Local Services - OpenDOR Blog or their usage habits.
Passwords, Password Protection
DOR has taken steps to ensure that password information remains well protected. Users of the site are solely responsible for monitoring the security of their password. DOR will not ask for your password in any unsolicited telephone call or e-mail.
Special Protections Against Misuse of Personally Identifiable Information Within Commonwealth Offices
In 2008, Governor Deval Patrick issued Executive Order 504, which enhanced the privacy protections given to any identifiable information about you held by the Executive Department of state government. Executive Order 504 limits the collection and dissemination of personally identifiable information within the Executive Department and requires Executive Department agencies to greatly enhance the security and integrity of such data. This site complies with Executive Order 504, so all of the personally identifiable information that you submit to this site is given the privacy and security protections set forth in Executive Order 504.
Personally Identifiable Information
We use the term "personally identifiable information" to mean any information that could reasonably be used to identify you, including your name, address, e-mail address, Social Security number, birth date, bank account information, or credit card information, or any combination of information that could be used to identify you.
Information Voluntarily Provided by You
This site collects voluntary information from you through the e-mails that you send through this site and the blog entries that you will make at this site. E-mails sent by you to this site and some blog entries that you make at this site will contain personally identifiable information, such as your name or e-mail address. In addition, data may be provided by you when using DOR's online applications (data transmissions other than e-mails used by taxpayers and businesses to submit data directly to DOR from their personal computers).
If you visit the DOR website to read or download information, such as tax forms or information about DOR initiatives: DOR collects and stores only the following information about you:
- the IP address from which you access the Internet;
- the operating system used to access our site;
- the date and time you access our site;
- the pages you visit on our site;
- if you linked to our site from another website, the address of that website.
We use this information to measure the number of visitors to the different sections of our site and to help us make our site more useful to our customers.
If you identify yourself by sending an e-mail or comment to anyone within DOR:
You may decide to send DOR personally identifiable information, for example, your home address or Social Security number, in an electronic mail message containing a comment. DOR may use personally identifiable information from customers to further our customer service activities. Users should be aware that electronic mail is not secure, and a third party can intercept any information included in an e-mail message. In order to maintain the confidentiality of your information, any DOR response containing sensitive information will be sent using DOR's secure e-mail system. The secure e-mail system is a web-based application that leverages strong encryption to protect taxpayer data.
If you identify yourself by submitting information through one of DOR's online applications:
DOR provides a growing number of online applications for various programs and tax processes. When used, these systems ask for personally identifiable information including, but not limited to, names, addresses, phone and fax numbers, and Social Security numbers. This information is used to process the request and may be incorporated into DOR's computer systems.
All DOR web applications that involve sensitive information use SSL (Secure Socket Layer), which uses 128-bit strong encryption, to protect taxpayer data. If this is the case, you will be asked to use a browser capable of 128-bit strong encryption in order to connect to our secure server. Servers that host encrypted web applications encrypt all of your personal information so that it cannot be read or changed as the information travels over the Internet. The encryption process takes the information you enter and converts it into bits of code that are securely transmitted over the Internet.
For more information about obtaining a 128-bit browser, please see:
There are two ways that you can determine whether you are using an encrypted application or an HTML application:
- By enabling the option that is built into every browser (typically found under the Options menu) that will flash a message on your screen when you are about to enter a secure site.
- By looking at the URL of the web page you are currently viewing. If the URL begins with 'https' then the page is secure. If the URL begins with 'http' then it is a regular HTML page and so it is not secure.
Information Automatically Collected and Stored by This Site
This site does not store cookies, but does collect and store indefinitely your Internet Protocol ("IP") address, which does not identify you as an individual, as well as information about the date and time of your visit, whether a file requested from your website exists, and how many bytes of information were transmitted to your browser from this site. We use your IP address to assess the frequency of visits to this site and the popularity of its various pages and functions. We will not attempt to match any personally identifiable information that you provide to us with your IP address, unless there are reasonable grounds to believe that doing so would provide information that is relevant and material to a criminal investigation.
Use of "Cookies" - DOR's applications are designed to use both persistent and non-persistent cookies to manage user sessions and preferences. The use of persistent cookies is not required; however, DOR uses persistent cookies to enhance website security features and provide a better overall user experience. Persistent cookies do not contain any personally identifiable information and they are encrypted. You may elect to disable the Persistent Cookies. Please be advised that disabling the Persistent Cookies may affect your ability to view or interact with this website. Non-persistent cookies are required for DOR's applications to function. If these cookies are disabled in the browser, DOR's applications will not work. Non-persistent cookies are stored only in memory and are deleted when the browser is shut down.
No sensitive information is stored in any DOR cookie.
Use of these cookies does not allow DOR to track sites you have visited outside of the DOR's.
- For more information about personal privacy on the Internet, please see:
DOR follows the Massachusetts Statewide Records Retention Schedule with respect to all personal data collected through the website. You may obtain a copy of the Schedule at http://www.sec.state.ma.us/arc/arcrmu/rmuidx.htm.
Dissemination of Your Personally Identifiable Information
DOR does not sell or rent any personally identifiable information collected through this website. However, once you voluntarily submit personally identifiable information to DOR through an e-mail or blog entry, its dissemination is governed by:
- The Public Records Law;
- Massachusetts General Laws Chapter 66A (Fair Information Practices Act);
- Executive Order 504 ;
- Massachusetts General Laws Chapter 62C, Section 21 (with respect to tax information);
- Massachusetts General Laws Chapter 62E, Section 8 (with respect to wage report information);
- Massachusetts General Laws Chapter 119A, Sections 5A and 5B (with respect to child support enforcement information); and
- Other applicable laws and regulations.
Although under the above laws most tax, wage reporting and child support information is confidential and is not a public record, to the extent that you provide DOR with information that is a "public record," this information must be disclosed to a member of the public in response to a public records request.
Information that you submit voluntarily through DOR's blog, Commonwealth Conversations: Taxes, Revenue and Local Services - OpenDOR Blog, including your name, city or town, and substance of anything that you post may be disseminated further by being posted online at this web site or be publicly discussed by a member of the administration. In addition, blog entries and part or all of the information you send us through e-mails may be provided to a member of the public in response to a public records request.
In addition, the information that you voluntarily submit will be disclosed to those DOR employees or officials with a "need to know" for purposes of fulfilling their job responsibilities, including, in some cases, DOR's security staff. They will only use the information to answer your questions, respond to any requests for assistance and fulfill DOR's legal and security obligations. Where appropriate and lawful, DOR may provide the information submitted by you via a blog entry or e-mail to the government agency responsible for the matters referred to in your communication. DOR may share or exchange information you provide in accordance with the above laws.
Your Access and Opportunity to Correct
The Public Records Law, the Fair Information Practices Act, Massachusetts General Laws Chapter 62C, § 21, Massachusetts General Laws Chapter 62E, Section 8, Massachusetts General Laws Chapter 119A, Sections 5A and 5B, and 106 CMR 105.000 and other applicable laws and regulations allow you access to certain information about you that is in our records. To learn more about the circumstances under which you can get and correct this information, please click on the above references to these laws.
Contact Information. For questions about your privacy while using this website, please contact Audrey Rushton, Tax Counsel at firstname.lastname@example.org.
An "Internet Protocol Address" or "IP Address" is a series of numbers that identifies each computer and machine connected to the Internet. An IP address enables a server on a computer network to send you the file that you have requested on the Internet. The IP address disclosed to us may identify the computer from which you are accessing the Internet or a server owned by your Internet Service Provider. Because it is machine-specific, rather than person-specific, an IP address is not, in and of itself, personally identifiable information.
"Weblog" or "Blog" A weblog or blog is a website, usually maintained by an individual with regular entries of commentary, descriptions of events, or other material such as graphics or video. Government blogs typically provide commentary and news on topics related to the government agency hosting the blog. A typical blog combines text, images, and links to other blogs, Web pages, and other media related to the topic, and enables readers to leave comments in an interactive format.