Security Policy

As part of our continuing commitment to the security of electronic content as well as the electronic transmission of information, the Commonwealth has taken steps to safeguard the submission of information by implementing detailed technology and security policies. These policies can be viewed at the Office of Administration, Office for Information Technology website.

Security measures have been integrated into the design, implementation, and day-to-day operations of the entire operating environment as part of our continued commitment to the security of electronic content as well as the electronic transmission of information. Tools, policies, and protocols are used to safeguard the submission of information through Commonwealth websites.

For services requiring online financial or sensitive transactions, PA.gov and other Commonwealth managed websites uses the Secure Sockets Layer (SSL) encryption protocol to safeguard sensitive personally identifiable information (PII), during online transactions. Information is encrypted from your computer to the servers processing the request. To further secure privacy, do not divulge any passwords or sensitive information (e.g. credit card number) to anyone in a phone call or e-mail. When finished with applications that are password protected or required the input of your credit card information or other (PII), it is recommended to close or otherwise quit the web browser.

In certain instances, a password may be generated to access or submit PII. Do not divulge this password to anyone. The Commonwealth will never ask for the password in an unsolicited phone call or e-mail. When completed with browsing any commonwealth websites, it is strongly recommended that the user logout (where applicable) and quit the web browser to remove temporary data that may have been stored in the web browser.

When contacting the Commonwealth through any method of communication (phone call, email, web form, etc.), determine whether the method of communication is adequately secure to provide any PII or other confidential information. Any PII or confidential information sent by the user is sent at the user’s own risk.

Updated: May 2024