National Academies Press: OpenBook

Liability of Transportation Entity for the Unintentional Release of Secure Data or the Intentional Release of Monitoring Data on Movements or Activities of the Public (2016)

Chapter: I. Transportation Agencies Use of Intelligent Transportation Systems and Other Methods to Collect Data

« Previous: Introduction
Page 5
Suggested Citation:"I. Transportation Agencies Use of Intelligent Transportation Systems and Other Methods to Collect Data." National Academies of Sciences, Engineering, and Medicine. 2016. Liability of Transportation Entity for the Unintentional Release of Secure Data or the Intentional Release of Monitoring Data on Movements or Activities of the Public. Washington, DC: The National Academies Press. doi: 10.17226/23586.
×
Page 5
Page 6
Suggested Citation:"I. Transportation Agencies Use of Intelligent Transportation Systems and Other Methods to Collect Data." National Academies of Sciences, Engineering, and Medicine. 2016. Liability of Transportation Entity for the Unintentional Release of Secure Data or the Intentional Release of Monitoring Data on Movements or Activities of the Public. Washington, DC: The National Academies Press. doi: 10.17226/23586.
×
Page 6

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

5I. TRANSPORTATION AGENCIES’ USE OF INTELLIGENT TRANSPORTATION SYSTEMS AND OTHER METHODS TO COLLECT DATA A. Intelligent Transportation Systems ITS technology enables transportation agencies to collect a wide array of secure data and monitoring data, some of which have PII or could be used in combination with other means to obtain PII. Four- teen transportation agencies responding to the sur- vey reported that they are using ITS technologies.9 Fourteen agencies reported that they collect or maintain secure data,10 whereas two agencies stated that they do not.11 Thirteen transportation agencies reported that they are collecting or maintaining monitoring data,12 whereas three agencies said that they are not doing so.13 ITS may involve the use of roadside systems to measure traffic volume, speed, and congestion; road- side and vehicle-mounted speed and red light cam- eras and license plate readers; and electronic toll collection. ITS may utilize infrared sensors, weight and motion sensors, vehicle safety systems, radar, transponders, smart cards, cell phones, the Internet, radio, closed-circuit television (CCTV), Global Posi- tioning System (GPS) technology, onboard comput- ers, variable message signs, black boxes, emergency response systems, and video surveillance.14 The data collected may be used for planning and monitoring purposes; improving the safety, effi- ciency, and performance of transportation systems; and enforcing traffic regulations.15 Vehicle data may be used to provide traffic management centers with detailed, real-time information on traffic flow, speeds, and other conditions and to analyze driver behavior based on locational data, as well as for other purposes.16 Information collected by trans- portation agencies may be shared with members of the public to inform them about traffic flows and infrastructure,17 thereby assisting them in making better choices about their route of travel or alter- nate means of travel, such as walking, biking, or public transit.18 Vehicles may be tracked by electronic tolling and mass transit facilities. When a motorist obtains an electronic device such as an EZPass, the device typi- cally has access to the owner’s name, vehicle num- ber, and credit card information. When the vehicle passes through a toll collection station, the place and time of the payment of the toll is recorded.19 An individual’s movements are tracked in mass transit systems through the use of Smart Cards that oper- ate in a manner similar to EZPass. The card con- tains PII and pairs it with specific financial, time, and locational data.20 The divisions of motor vehicles (DMV) in each state collect secure data, also referred to as “sensi- tive” data, on vehicle ownership and drivers’ Social Security numbers, addresses, and medical informa- tion.21 The data are used by law enforcement agen- cies to locate a vehicle’s owner to enforce traffic vio- lations recorded by roadside cameras.22 As discussed in Section IV.C, the DMV’s data on individuals are protected by the DPPA23 and may not be used for purposes prohibited by the DPPA.24 9 Alabama DOT, Arizona DOT, District of Columbia DOT, Florida DOT, Indiana DOT, City of Minneapolis–Public Works Dept., MoDOT, Montana DOT, North Dakota DOT, Ohio DOT, Oklahoma DOT, Oregon DOT, Rhode Island DOT, South Carolina DOT, and Utah DOT. The Ohio DOT did not respond to the survey questions directly, but provided infor- mation regarding data practices for its department. 10 Alabama DOT, Arkansas DOT, Arizona DOT, Florida DOT, Indiana DOT, City of Minneapolis–Public Works Dept., MoDOT, Montana DOT, North Dakota DOT, Oklahoma DOT, Oregon DOT, Rhode Island DOT, South Carolina DOT, and Utah DOT. 11 District of Columbia DOT and Maine DOT. 12 Alabama DOT, Arkansas DOT, Arizona DOT, District of Columbia DOT, Florida DOT, Indiana DOT, City of Minneapolis–Public Works Dept., MoDOT, Montana DOT, Ohio DOT, Oregon DOT, Rhode Island DOT, South Carolina DOT, and Utah DOT. 13 Maine DOT, Montana DOT, and North Dakota DOT. 14 Scassa, Chandler, and Judge, supra note 1, at 118. GPS technology may be used to track a particular vehicle’s movements. 15 Garry, Douma, and Simon, supra note 2, at 101; RITA, supra note 2; and Scassa, Chandler, and Judge, supra note 1, at 118. 16 See RITA, supra note 2, and http://www.its.dot.gov/ factsheets/overview_factsheet.htm (last accessed Oct. 12, 2015). See also Garry, Douma, and Simon, supra note 2, at 132–33; Scassa, Chandler, and Judge, supra note 1, at 118; and Glancy, supra note 4, at 301. 17 Garry, Douma, and Simon, supra note 2, at 13; Glancy, supra note 4, at 313. 18 RITA. 19 FHWA, Freeway Management and Operations Hand- book, 15.2.7.1 Automatic Vehicle Identification, available at http://ops.fhwa.dot.gov/freewaymgmt/publications/frwy_ mgmt_handbook/chapter15_02.htm (last accessed Oct. 12, 2015). 20 Id. 21 Garry, Douma, and Simon, supra note 2, at 134. See also Glancy, supra note 4, at 369. 22 Garry, Douma, and Simon, supra note 2, at 134–35. 23 Pub. L. No. 103-322, tit. XXX, 108 Stat. 2099. 24 Designated purposes include state-authorized release for public safety, prevention of car theft, prevention of fraud, claims investigations, and promotion of driver safety. See Reno v. Condon, 528 U.S. 141, 145 N 1, 120 S. Ct. 666, 669 N 1, 145 L. Ed. 2d 587, 592 N 1 (2000) (citing 18 U.S.C. § 2721(b)(1)-(10)). See also Garry, Douma, and Simon, supra note 2, at 134; Glancy, supra note 4, at 369.

6In sum, ITS, electronic tolling, and other tech- nology may be used to reduce congestion, improve mobility, save lives, and optimize the use of existing infrastructure;25 however, there are privacy issues associated with the use of technology to collect, use, disclose, or maintain secure data or monitoring data on members of the public.26 B. Secure Data Collected and/or Retained by Transportation Agencies Whether data are or should be secure depends on the purposes for which the data are being collected, with whom the data may be shared, the length of time the data are or may be retained, and whether and when the data are accessible by law enforce- ment agencies.27 Secure data are data of a “sensitive” nature that should not be shared or otherwise disclosed except as authorized by law or with an individual’s con- sent.28 The Consumer Privacy Bill of Rights, which was announced in February 2015 by the White House and is discussed in Section IV.F, defines “sensitive information as ‘personally identifiable information which, if lost, compromised, or dis- closed without authorization either alone or with other information, carries a significant risk of eco- nomic or physical harm.’”29 Secure data include PII, such as names, addresses, Social Security numbers, credit card numbers, pin numbers, passwords, security codes, and precise geographical locational data.30 Secure data usually “require[s] heightened levels of data protection,”31 such as encryption and adequate security.32 Although the transportation agencies’ responses to the survey identified the types of secure data they collect, the agencies specifically identified PII as being secure data.33 The Arizona Department of Transportation (DOT) defined PII to include drivers’ license numbers, Social Security numbers, credit card numbers, financial account data, federal tax informa- tion, and health information. The agencies also reported having other kinds of secure data, including accident or crash data;34 data on bidders and contrac- tors;35 data relating to claims, litigation, and attorney work product;36 data collected in connection with eminent domain and right-of-way acquisition (e.g., appraisals);37 and data on employees, including infor- mation on disabilities, discrimination complaints, employee disciplinary matters, payroll, and Worker’s Compensation claims.38 Although stating that the data are confidential and not subject to disclosure, the Florida DOT defined secure data to include the department’s data relating to bidding and contract- ing (e.g., official cost estimates, financial statements, the DOT’s Bid Analysis and Monitoring System, and sealed bids or proposals); investigations; and security planning pursuant to Florida’s Security of Data and Information Resources Act (e.g., plans, blueprints, and schematic drawings). C. Monitoring Data Collected and/or Retained by Transportation Agencies One method of data collection that seems to present a significant privacy concern is the use of technology that permits the location and positive identification of “individual drivers at a particular moment in time….”39 Thus, data that are or that may be linked to a person and/or vehicle also are considered to be secure data.40 However, monitor- ing data collected anonymously (i.e., not linked to an individual or used in a way to obtain PII) do not appear to come within the meaning of the term “secure data.” 25 ITS sOcieTy, Legislative Outreach Brochure, avail- able at http://www.itsa.wikispaces.net/file/view/ITSA+G ovt+Affairs+Brochure_1.5.pdf/419564912/ITSA%20 Govt%20Affairs%20Brochure_1.5.pdf (last accessed Oct. 12, 2015). 26 Scassa, Chandler, and Judge, supra note 1, at 120 (e.g., “through traffic cameras, video, facial recognition, software, license plate identification, or other media and technologies”). 27 Garry, Douma, and Simon, supra note 2, at 99. 28 Id. at 114. 29 Nancy J. King and V.T. Raja, What Do They Really Know About Me in the Cloud? A Comparative Law Perspec- tive on Protecting Privacy and Security of Sensitive Con- sumer Data, 50 aM. BUs. L.J. 413, 424 (2013) [hereinafter King and Raja]. 30 Id. at 431. 31 Id. at 456 and 464. See also Garry, Douma, and Simon, supra note 2, at 107. 32 King and Raja, supra note 29, at 427. 33 Arizona DOT, Florida DOT (e.g., bank account and credit card numbers and data from electronic tolls); City of Minneapolis–Public Works Dept.; Montana DOT (e.g., banking records, date of birth, driver’s records, Social Secu- rity numbers); North Dakota DOT (e.g., driver’s license numbers and records and vehicle owner records); Oregon DOT; and Utah DOT (tolling data). 34 Arkansas DOT, Florida DOT, MoDOT, Montana DOT (noting also property damage information), Oklahoma DOT, and Oregon DOT. 35 Oklahoma DOT. 36 Arkansas DOT, Florida DOT, and Oklahoma DOT. 37 Arkansas DOT and Florida DOT. 38 Alabama DOT, Florida DOT, Indiana DOT, Montana DOT (noting data concerning Americans with Disabilities Act), Oklahoma DOT, Oregon DOT, and Utah DOT. 39 Garry, Douma, and Simon, supra note 2, at 117. See also Glancy, supra note 4, at 296–97. 40 Garry, Douma, and Simon, supra note 2, at 106, 107.

Next: II. Transportation Agencies Use of ITS to Collect Data »
Liability of Transportation Entity for the Unintentional Release of Secure Data or the Intentional Release of Monitoring Data on Movements or Activities of the Public Get This Book
×
 Liability of Transportation Entity for the Unintentional Release of Secure Data or the Intentional Release of Monitoring Data on Movements or Activities of the Public
Buy Paperback | $39.00
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

TRB's National Cooperative Highway Research Program (NCHRP) Legal Research Digest 71: Liability of Transportation Entity for the Unintentional Release of Secure Data or the Intentional Release of Monitoring Data on Movements or Activities of the Public reviews the statutes, regulations, and common law regarding the release of data collected for transportation purposes. Included in this research are questions concerning the application of public records laws and the application of any constitutional, statutory, or common law privacy rights. The digest also researches and identifies statutes and common law dealing with the collection of data on the activities of the public, includes a literature search of topics addressing these issues, and also includes a search of state and federal laws focusing on this and similar topics.

Appendixes A through D provide background on the research effort.

READ FREE ONLINE

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!