PIA - Electronic Data System
DEPARTMENT OF TRANSPORTATION
National Highway Traffic Safety Administration\
PRIVACY IMPACT ASSESSMENT
Electronic Data System (EDS)
December 2, 2003
Table of Contents
Overview of National Highway Traffic Safety Administration (NHTSA) privacy management process for EDS
Personally-identifiable information and EDS
Why EDS collects information
How EDS uses information
How EDS shares information
How EDS provides notice and consent
How EDS ensures data accuracy
How EDS provides redress
How EDS secures information
System of records
Overview of National Highway Traffic Safety Administration (NHTSA) privacy management process for EDS
National Highway Traffic Safety Administration (NHTSA), within the Department of Transportation (DOT), has been given the responsibility to carry out motor vehicle and highway safety programs. NHTSA is responsible for reducing deaths, injuries and economic losses resulting from motor vehicle crashes. In order to fulfill this mission, NHTSA works to understand crashes and their causes.
In order to manage and analyze the complex data associated with crash factors, NHTSA has developed the Electronic Data System (EDS). EDS is currently collection system for 5 subsystems: SCI, NASS-CDS, NASS-GES, NASS-LTCCS, and TPMS. EDS collects crash data for the first 4 subsystems, and it contains tire pressure monitoring system study data for TPMS. One more subsystem will be added by 2005. The EDS system is designed to collect information on motor vehicle crashes to aid in the development, implementation, and evaluation of highway safety countermeasures while still protecting the privacy of individuals involved in crashes.
Privacy management is an integral part of the EDS project. DOT/NHTSA has retained the services of privacy experts to help assess its privacy management program, utilizing proven technology, sound policies and procedures, and proven methodologies.
The privacy management process is built upon a methodology that has been developed and implemented in leading companies around the country and globally. The methodology is designed to help ensure that DOT and NHTSA will have the information, tools, and technology necessary to manage privacy effectively and employ the highest level of fair information practices while allowing NHTSA to achieve its mission of protecting and enhancing a most important U.S. transportation system. The methodology is based upon the following:
- Establish priority, authority, and responsibility. Appoint a cross-functional privacy management team to ensure input from systems architecture, technology, security, legal, and other disciplines necessary to ensure that an effective privacy management program is developed.
- Assess the current privacy environment. This involves interviews with key individuals involved in the EDS system to ensure that all uses of personally identifiable data, along with the risks involved with such use, are identified and documented.
- Organize the resources necessary for the project's goals. Internal DOT/NHTSA resources, along with outside experts, are involved in reviewing the technology, data uses and associated risks. They are also involved in developing the necessary redress systems and training programs.
- Develop the policies, practices, and procedures. The resources identified in the paragraph immediately above work to develop an effective policy or policies, practices and procedures to ensure that fair information practices are complied with. The policies effectively protect privacy while allowing DOT/NHTSA to achieve its mission.
- Implement the policies, practices, and procedures. Once the policies, practices, and procedures are developed, they must be implemented. This involves training of all individuals who will have access to and/or process personally identifiable information. It also entails working with vendors to ensure that they maintain the highest standard for privacy while providing services to the NHTSA project.
- Maintain policies, practices, and procedures. Due to changes in technology, personnel, and other aspects of any program, effective privacy management requires that technology and information be available to the privacy management team to ensure that privacy policies, practices, and procedures continue to reflect actual practices. Regular monitoring of compliance with privacy policies, practices, and procedures will be required.
- Manage exceptions and/or problems with the policies, practices, and procedures. This step involves the development and implementation of an effective redress and audit system to ensure that any complaints can be effectively addressed and corrections made if necessary.
Personally-identifiable information and EDS
The EDS system both contains Personally Identifiable Information (PII) and nonpersonally identifiable information pertaining to motor vehicle crashes. To be included in EDS, a person must have been involved in a crash of a motor vehicle. EDS contains descriptions of each reported crash.
Designated field researchers input into EDS basic information on recent crashes based on police accident reports or other similar sources. After an automated selection process, EDS identifies crashes for additional research. For those identified crashes, field researchers then research and/or input information on those crashes, including but not limited to name, contact information, address, medical records, Vehicle Identification Number (VIN), and driver license number. Field researcher may obtain data from police crash reports, medical records from hospitals and doctors, interviews with crash victims and witnesses, and other sources
EDS maintains two sets of records pertinent to privacy issues. The first set of records may contain PII and is accessible only to designated federal employees and contractors. The second set of records does not contain PII and is available to any individual on request, either through the EDS Internet Web sites[1] directly or through special request. For those individuals who request special reports, a designated NHTSA contactor collects name, mailing address, and other contact information for the purposes of fulfilling those requests.
NHTSA must also manage federal employee/contractor access to EDS. As a result, EDS also contains PII on federal government employees and contractors who require access to EDS.
Why EDS collects information
EDS collects PII in order to analyze crash data for statistical and clinical purposes. Field researchers use PII during their research process to find additional information and determine factors that may have been involved in the crash.
Individuals or organizations can request EDS data that do not include PII. The EDS Web site provides searchable access to EDS data, but it does not contain any PII. Individuals may also download and print a request form to fax or mail to a designated NHTSA contractor and request a report or series of reports. In these cases, requestors will voluntarily submit their PII to NHTSA for fulfillment purposes.
In addition, NHTSA uses PII to identify federal users with access to the EDS system and manage permissions.
How EDS uses information
NHTSA uses PII within EDS to link to other sources and find data important to statistical and clinical research on fatal crashes. NHTSA does not use PII to track individuals. NHTSA may use PII to contact victims and witnesses of motor vehicle crashes.
Also, individuals who request EDS reports are asked to provide postal address, telephone number, or fax number in order to allow a NHTSA contractor to fulfill the request. NHTSA does not share this PII with outside sources.
In addition, for those federal employees/contractors who require direct access to EDS, NHTSA uses PII on those individuals to manage and control access and permissions to EDS and its data.
How EDS shares information
NHTSA, through a searchable, Web-enabled functionality, provides access to EDS data that do not include PII. NHTSA also provides public access to standard reports through the Web. In order to protect privacy, only aggregate or non-personally identifiable EDS data are shared in this way.
In addition, individuals and organizations can request additional reports that do not contain PII through a special request. In these cases, a NHTSA contractor uses the voluntarily-provided PII of requestors to fulfill these requests. NHTSA does not share or use PII of requestors for any other purpose outside of fulfillment.
Only designated federal EDS employees and contractors have access to PII in the EDS system. In order to manage these accesses and permissions, NHTSA collects and maintains some PII on those individuals requiring access. NHTSA does not share any PII for persons requiring access to the system, nor does NHTSA share EDS PII in any other way.
How EDS provides notice and consent
Where applicable, the EDS system provides visible links to a Privacy Policy that describes privacy practices and information uses.
Federal EDS employee and contractor users, on registration with the system, must read and agree to a Terms and Conditions of Use, in which EDS monitoring and possible consequences are described.
How EDS ensures data accuracy
Quality Control is a vital system feature. EDS provides some automated internal consistency, field comparison, and completeness checks. In addition, manual reviews by experts occur on every set of crash reports. In addition, the EDS Web site provides an email address to which Web visitors can report errors or concerns.
Federal EDS users can contact their supervisors with requests to change their PII at any time.
How EDS provides redress
In addition, the EDS Web site posts a link to a Privacy Policy that describes privacy practices.
How EDS secures information
Physical access to the EDS system is limited to appropriate personnel through building key cards and room-access key pads. Personnel with physical access have all undergone and passed DOT background checks.
In addition to physical access, electronic access to PII in EDS is limited according to job function. NHTSA controls access privileges according to the following roles:
- Field Investigator
- Zone Center Coordinator, Case Reviewer, and GES Coder
- EDS Headquarters Staff
- Technical Support
The following matrix describes the privileges and safeguards around each of these roles as they pertain to PII.
Role | Access | Safeguards |
---|---|---|
Field Investigator | Creates case Accesses and change own case information Drops case with prior approval | Safeguards include the following: User-set email and password must include a combination of letters/number and at least one special characterPasswords must be a minimum of 8 characters Password must change at regular, set period |
Zone Center Coordinator, Case Reviewer, and GES Coder | Access rights vary according to job role and minimum necessary access. May view and change data pertaining to some or all cases | Safeguards include the following: User-set email and password must include a combination of letters/number and at least one special characterPasswords must be a minimum of 8 characters Password must change at regular, set period |
EDS Headquarters Staff | View access only. No changes are allowed. View access rights vary according to job role and minimum necessary access. May view all or some data. | Safeguards include the following: User-set email and password must include a combination of letters/number and at least one special characterPasswords must be a minimum of 8 characters Password must change at regular, set period |
Technical Support | Access rights vary according to job role and minimum necessary access. May view and/or change all or some data. | Safeguards include the following: User-set email and password must include a combination of letters/number and at least one special character |
Personnel with access to EDS receive tool training that includes some privacy direction. All users receive customized Terms and Conditions of Use and/or Rules of Behavior that describe privacy responsibilities.
System of records
EDS is not a system of records under the Privacy Act. NHTSA has certified and accredited EDS in accord with DOT requirements.