Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
5I. TRANSPORTATION AGENCIESâ USE OF INTELLIGENT TRANSPORTATION SYSTEMS AND OTHER METHODS TO COLLECT DATA A. Intelligent Transportation Systems ITS technology enables transportation agencies to collect a wide array of secure data and monitoring data, some of which have PII or could be used in combination with other means to obtain PII. Four- teen transportation agencies responding to the sur- vey reported that they are using ITS technologies.9 Fourteen agencies reported that they collect or maintain secure data,10 whereas two agencies stated that they do not.11 Thirteen transportation agencies reported that they are collecting or maintaining monitoring data,12 whereas three agencies said that they are not doing so.13 ITS may involve the use of roadside systems to measure traffic volume, speed, and congestion; road- side and vehicle-mounted speed and red light cam- eras and license plate readers; and electronic toll collection. ITS may utilize infrared sensors, weight and motion sensors, vehicle safety systems, radar, transponders, smart cards, cell phones, the Internet, radio, closed-circuit television (CCTV), Global Posi- tioning System (GPS) technology, onboard comput- ers, variable message signs, black boxes, emergency response systems, and video surveillance.14 The data collected may be used for planning and monitoring purposes; improving the safety, effi- ciency, and performance of transportation systems; and enforcing traffic regulations.15 Vehicle data may be used to provide traffic management centers with detailed, real-time information on traffic flow, speeds, and other conditions and to analyze driver behavior based on locational data, as well as for other purposes.16 Information collected by trans- portation agencies may be shared with members of the public to inform them about traffic flows and infrastructure,17 thereby assisting them in making better choices about their route of travel or alter- nate means of travel, such as walking, biking, or public transit.18 Vehicles may be tracked by electronic tolling and mass transit facilities. When a motorist obtains an electronic device such as an EZPass, the device typi- cally has access to the ownerâs name, vehicle num- ber, and credit card information. When the vehicle passes through a toll collection station, the place and time of the payment of the toll is recorded.19 An individualâs movements are tracked in mass transit systems through the use of Smart Cards that oper- ate in a manner similar to EZPass. The card con- tains PII and pairs it with specific financial, time, and locational data.20 The divisions of motor vehicles (DMV) in each state collect secure data, also referred to as âsensi- tiveâ data, on vehicle ownership and driversâ Social Security numbers, addresses, and medical informa- tion.21 The data are used by law enforcement agen- cies to locate a vehicleâs owner to enforce traffic vio- lations recorded by roadside cameras.22 As discussed in Section IV.C, the DMVâs data on individuals are protected by the DPPA23 and may not be used for purposes prohibited by the DPPA.24 9 Alabama DOT, Arizona DOT, District of Columbia DOT, Florida DOT, Indiana DOT, City of MinneapolisâPublic Works Dept., MoDOT, Montana DOT, North Dakota DOT, Ohio DOT, Oklahoma DOT, Oregon DOT, Rhode Island DOT, South Carolina DOT, and Utah DOT. The Ohio DOT did not respond to the survey questions directly, but provided infor- mation regarding data practices for its department. 10 Alabama DOT, Arkansas DOT, Arizona DOT, Florida DOT, Indiana DOT, City of MinneapolisâPublic Works Dept., MoDOT, Montana DOT, North Dakota DOT, Oklahoma DOT, Oregon DOT, Rhode Island DOT, South Carolina DOT, and Utah DOT. 11 District of Columbia DOT and Maine DOT. 12 Alabama DOT, Arkansas DOT, Arizona DOT, District of Columbia DOT, Florida DOT, Indiana DOT, City of MinneapolisâPublic Works Dept., MoDOT, Montana DOT, Ohio DOT, Oregon DOT, Rhode Island DOT, South Carolina DOT, and Utah DOT. 13 Maine DOT, Montana DOT, and North Dakota DOT. 14 Scassa, Chandler, and Judge, supra note 1, at 118. GPS technology may be used to track a particular vehicleâs movements. 15 Garry, Douma, and Simon, supra note 2, at 101; RITA, supra note 2; and Scassa, Chandler, and Judge, supra note 1, at 118. 16 See RITA, supra note 2, and http://www.its.dot.gov/ factsheets/overview_factsheet.htm (last accessed Oct. 12, 2015). See also Garry, Douma, and Simon, supra note 2, at 132â33; Scassa, Chandler, and Judge, supra note 1, at 118; and Glancy, supra note 4, at 301. 17 Garry, Douma, and Simon, supra note 2, at 13; Glancy, supra note 4, at 313. 18 RITA. 19 FHWA, Freeway Management and Operations Hand- book, 15.2.7.1 Automatic Vehicle Identification, available at http://ops.fhwa.dot.gov/freewaymgmt/publications/frwy_ mgmt_handbook/chapter15_02.htm (last accessed Oct. 12, 2015). 20 Id. 21 Garry, Douma, and Simon, supra note 2, at 134. See also Glancy, supra note 4, at 369. 22 Garry, Douma, and Simon, supra note 2, at 134â35. 23 Pub. L. No. 103-322, tit. XXX, 108 Stat. 2099. 24 Designated purposes include state-authorized release for public safety, prevention of car theft, prevention of fraud, claims investigations, and promotion of driver safety. See Reno v. Condon, 528 U.S. 141, 145 N 1, 120 S. Ct. 666, 669 N 1, 145 L. Ed. 2d 587, 592 N 1 (2000) (citing 18 U.S.C. § 2721(b)(1)-(10)). See also Garry, Douma, and Simon, supra note 2, at 134; Glancy, supra note 4, at 369.
6In sum, ITS, electronic tolling, and other tech- nology may be used to reduce congestion, improve mobility, save lives, and optimize the use of existing infrastructure;25 however, there are privacy issues associated with the use of technology to collect, use, disclose, or maintain secure data or monitoring data on members of the public.26 B. Secure Data Collected and/or Retained by Transportation Agencies Whether data are or should be secure depends on the purposes for which the data are being collected, with whom the data may be shared, the length of time the data are or may be retained, and whether and when the data are accessible by law enforce- ment agencies.27 Secure data are data of a âsensitiveâ nature that should not be shared or otherwise disclosed except as authorized by law or with an individualâs con- sent.28 The Consumer Privacy Bill of Rights, which was announced in February 2015 by the White House and is discussed in Section IV.F, defines âsensitive information as âpersonally identifiable information which, if lost, compromised, or dis- closed without authorization either alone or with other information, carries a significant risk of eco- nomic or physical harm.ââ29 Secure data include PII, such as names, addresses, Social Security numbers, credit card numbers, pin numbers, passwords, security codes, and precise geographical locational data.30 Secure data usually ârequire[s] heightened levels of data protection,â31 such as encryption and adequate security.32 Although the transportation agenciesâ responses to the survey identified the types of secure data they collect, the agencies specifically identified PII as being secure data.33 The Arizona Department of Transportation (DOT) defined PII to include driversâ license numbers, Social Security numbers, credit card numbers, financial account data, federal tax informa- tion, and health information. The agencies also reported having other kinds of secure data, including accident or crash data;34 data on bidders and contrac- tors;35 data relating to claims, litigation, and attorney work product;36 data collected in connection with eminent domain and right-of-way acquisition (e.g., appraisals);37 and data on employees, including infor- mation on disabilities, discrimination complaints, employee disciplinary matters, payroll, and Workerâs Compensation claims.38 Although stating that the data are confidential and not subject to disclosure, the Florida DOT defined secure data to include the departmentâs data relating to bidding and contract- ing (e.g., official cost estimates, financial statements, the DOTâs Bid Analysis and Monitoring System, and sealed bids or proposals); investigations; and security planning pursuant to Floridaâs Security of Data and Information Resources Act (e.g., plans, blueprints, and schematic drawings). C. Monitoring Data Collected and/or Retained by Transportation Agencies One method of data collection that seems to present a significant privacy concern is the use of technology that permits the location and positive identification of âindividual drivers at a particular moment in timeâ¦.â39 Thus, data that are or that may be linked to a person and/or vehicle also are considered to be secure data.40 However, monitor- ing data collected anonymously (i.e., not linked to an individual or used in a way to obtain PII) do not appear to come within the meaning of the term âsecure data.â 25 ITS sOcieTy, Legislative Outreach Brochure, avail- able at http://www.itsa.wikispaces.net/file/view/ITSA+G ovt+Affairs+Brochure_1.5.pdf/419564912/ITSA%20 Govt%20Affairs%20Brochure_1.5.pdf (last accessed Oct. 12, 2015). 26 Scassa, Chandler, and Judge, supra note 1, at 120 (e.g., âthrough traffic cameras, video, facial recognition, software, license plate identification, or other media and technologiesâ). 27 Garry, Douma, and Simon, supra note 2, at 99. 28 Id. at 114. 29 Nancy J. King and V.T. Raja, What Do They Really Know About Me in the Cloud? A Comparative Law Perspec- tive on Protecting Privacy and Security of Sensitive Con- sumer Data, 50 aM. BUs. L.J. 413, 424 (2013) [hereinafter King and Raja]. 30 Id. at 431. 31 Id. at 456 and 464. See also Garry, Douma, and Simon, supra note 2, at 107. 32 King and Raja, supra note 29, at 427. 33 Arizona DOT, Florida DOT (e.g., bank account and credit card numbers and data from electronic tolls); City of MinneapolisâPublic Works Dept.; Montana DOT (e.g., banking records, date of birth, driverâs records, Social Secu- rity numbers); North Dakota DOT (e.g., driverâs license numbers and records and vehicle owner records); Oregon DOT; and Utah DOT (tolling data). 34 Arkansas DOT, Florida DOT, MoDOT, Montana DOT (noting also property damage information), Oklahoma DOT, and Oregon DOT. 35 Oklahoma DOT. 36 Arkansas DOT, Florida DOT, and Oklahoma DOT. 37 Arkansas DOT and Florida DOT. 38 Alabama DOT, Florida DOT, Indiana DOT, Montana DOT (noting data concerning Americans with Disabilities Act), Oklahoma DOT, Oregon DOT, and Utah DOT. 39 Garry, Douma, and Simon, supra note 2, at 117. See also Glancy, supra note 4, at 296â97. 40 Garry, Douma, and Simon, supra note 2, at 106, 107.
