DEPARTMENT OF TRANSPORTATION
Research & Innovative Technology Administration
PRIVACY IMPACT ASSESSMENT
Everbridge Mass Notification System (EMNS)
November 17, 2010
The Everbridge Mass Notification System (EMNS), through Everbridge Inc., will provide mass communication to Volpe Center employees in the event of a crisis, emergency, or issue which necessitates mass notification (weather, power, etc). The methods of communication may include email, telephone, cellular phone, and paging device numbers. The system is located at multiple hosting facilities and is managed and secured by Everbridge, Inc.
Information, Including Personally Identifiable Information (PII), in the System
Current Volpe Center employees contact information records, including email, telephone, cellular phone, and paging device numbers. Home addresses will not be contained in the system.
Why EMNS Collects Information
Information is collected by EMNS to facilitate mass notification of incidents and/or emergency events that have taken place at the Volpe Center. The PII collected allows the Senior Management to quickly notify all employees with detailed instructions.
How the EMNS Uses Information
The employee contact information, which includes PII, will be used to send out mass notification messages, alerting to a potential threat, emergency or center-wide bulletin.
How the EMNS Shares Information
EMNS will not share PII in any way with other external agencies or entities.
How the EMNS Provides Notice and Consent
Employees may decline to provide information and not participate in this service. The use of this information is for the sole purpose of mass notification in the case of a center-wide event.
How the EMNS Ensures Data Accuracy
Data is collected directly from the Project Managers and entered into the system. Accuracy is based upon the data provided by the user.
How the EMNS Provides Redress
Individuals wishing to modify data, within their records, may make a request to the Project Managers.
How the EMNS Secures Information
Access to Everbridge's network is secured by controlling user access via login credentials, session time-outs, lockouts, and concurrent session restrictions. Access to Everbridge servers (web servers or database servers) is controlled though use of access control lists.
All transactions between the client and the Everbridge application are transmitted using a secured transfer protocol (HTTPS) and a 128-bit encrypted Secure Sockets Layer (SSL) certificate. SSL precludes unauthorized persons from gaining access to user information and protects against the loss, misuse, and alteration of user information.
How Long the EMNS Retains Information
A user's account will be disabled immediately after the employee or contractor leaves, transfers, or terminates employment from Center.
System of Records Notice
A System of Records Notice was published by OST in the Federal Register on November 9, 2010 and identified as DOT/ALL 22.