DEPARTMENT OF TRANSPORTATION
Federal Highway Administration
PRIVACY IMPACT ASSESSMENT
Mileage-Based Road User Charge System (NEMBRUCS)
May 29, 2009
TABLE OF CONTENTS
Overview of Federal Highway Administration (FHWA) Privacy Management Process for Mileage-Based Road User Charge System
Personally Identifiable Information (PII) and Mileage-Based Road User Charge System
Why Mileage-Based Road User Charge System Collects Information
How Mileage-Based Road User Charge System Uses Information
How Mileage-Based Road User Charge System Will Share Information
How Mileage-Based Road User Charge System and System Initialization Provide Notice and Consent
How Mileage-Based Road User Charge System Ensures Data Accuracy
How Mileage-Based Road User Charge System Provides Redress
How Mileage-Based Road User Charge System Secures Information
How Long the Mileage-Based Road User Charge System Retains Information.
System of Records
Overview of Federal Highway Administration (FHWA) Privacy Management Process for Mileage-Based Road User Charge System
The Federal Highway Administration (FHWA), within the Department of Transportation (DOT), has been given the responsibility for enhancing the movement of people and goods from one place to another, while also ensuring the safety of the traveling public, promoting the efficiency of the transportation system, and protecting the environment.
Section 1919 of The Safe, Accountable, Flexible, Efficient Transportation Equity Act: A Legacy for Users of 2005 (SAFETEA-LU) calls for a study and long-term pilot of a new mechanism for collecting revenues to fund State and Federal highway programs. This would be an alternative to the fuel tax that currently supports highway construction programs. The legislation specifies that the study include an analysis of a long-term pilot of an approach to assessing highway user fees based upon actual mileage driven by a vehicle equipped with an on-board computer for the purpose of calculating highway mileage traversed.
The legislation requires DOT to submit annual reports and a final report on the results of the study and long-term pilot project to the Treasury, the Committee on Transportation and Infrastructure and the Committee on Ways and Means of the House of Representatives, and the Committee on Environment and Public Works and the Committee on Finance of the Senate.
To accomplish the study, FHWA is creating the Mileage-Based Road User Charge System to serve as the repository for all data collected over the course of the study. The data collection and analysis will be conducted by FHWAs contractor, the University of Iowa. The study involves a 2-year pilot test of assessing the technology, systems, and driver opinions on a method to collect highway user fees based upon actual mileage driven. Data will be collected by use of an onboard computer installed in the participants vehicle. The onboard computer will collect vehicle mileage information by jurisdictions and types of highways on which travel occurred.
This assessment will be conducted through analysis of information collected from members of the public who volunteer to serve as pilot test participants. A sample of approximately 2,700 participants will be recruited over a 2-year period to participate in two 1-year pilot tests. The pilot tests are designed to provide information that can be used to evaluate an approach to assess highway user fees based upon actual mileage driven in multiple jurisdictions.
Study participants will be drawn from six different sites across the nation: Baltimore, Maryland; the Chapel Hill, Durham, and Raleigh areas of North Carolina; Eastern Iowa (predominantly rural areas); Austin, Texas; Boise, Idaho; and San Diego, California. Those selected to participate will attend training on the survey and the installation of vehicle on-board devices.
Participant vehicles will be equipped with on-board computer systems, including a Global Positioning Satellite (GPS) component that receives location information from satellites, for collecting and transmitting information on vehicle miles traveled by jurisdiction. Due to the use of this technology, the study will include an assessment of user acceptance of the privacy aspects of three elements of the program: (1) mileage data collected, (2) transmission of that data to the data collection center, and (3) transmission of statements to the user containing summarized vehicle mileage information and what road use charges might be under a mileage-based road user fee system.
The protection of driver privacy is a priority for FHWA. Therefore, privacy management is an integral part of the Mileage-Based Road User Charge System. Privacy management utilizes proven technology, sound policies and procedures, and proven methodologies. The FHWA and DOT Privacy Offices and FHWA Information System Security Officer (ISSO) have been involved in on-going privacy and security reviews of the current study environment. This involves interviews with key individuals involved in the Mileage-Based Road User Charge System to ensure that all uses of personally identifiable data, along with the risks involved with such use, are identified, documented, and managed securely.
The information gathered by and supporting the Mileage-Based Road User Charge System requires Office of Management and Budget (OMB) approval under the Paperwork Reduction Act. FHWA has obtained the OMB approval (#2125-0618).
The Mileage-Based Road User Charge System will contain Personally-Identifiable Information (PII) pertaining to vehicle drivers who volunteer to participate in the study. The data will fall into three categories and reside at the data collection center at the University of Iowa:
- Participant Contact and Other Information: This category includes data collected during the recruitment phase of the study. The data includes full name, home mailing address, home telephone number, alternate phone number, email address, date-of-birth, gender, employment status, country of residence, citizenship, race, preferred language spoken in the home, highest level of education attained, occupation, and household income range. When an individual chooses to enroll in the study, he or she will provide this information via an on-line application form or initial recruitment questionnaire, over the telephone, or by mailing the application form to the University of Iowa study team. Those selected to participate in the study will receive training on the study and installation of the on-board technology. To verify eligibility requirements, participants will be required to present a valid driver's license and proof of automobile insurance (valid insurance card or vehicle registration) for visual inspection when they take the training. No information will be collected or stored from the documents presented for eligibility other than the individual met or did not meet the requirement.
- GPS Vehicle Location Information: This includes information such as vehicle make, vehicle model, vehicle year, and vehicle class. This also may include complete trip details for all travel during the billing statement cycle, such as total miles traveled, date and time of travel, and jurisdiction and roadway identification. The data will be automatically collected from the participant vehicle on an opportunistic basis using the on-board computer and GPS positioning technology and transmitted to the data collection center located at the University of Iowa.
- Periodic Survey Information: At the time of enrollment and once the computer systems are installed and operational in the volunteer vehicles, participants will be asked to complete six surveys on a periodic basis covering a range of driver, driving environment, and behavior information, as well as attitudinal information. This information will include opinions on sample billing statement structure detail, motor vehicle fuel taxes, and highway financing more generally. The information collected over the course of the pilot tests will provide the basis for analysis and evaluation of a mileage-based road user charge structure.
FHWA must collect information on vehicle drivers in order to accomplish the mandate under Section 1919 of SAFETEA-LU, which calls for a study and long-term pilot of a new mechanism for collecting revenues to fund State and Federal highway programs. As stated above, the legislation specifies that the study include an analysis of a long-term pilot of an approach to assessing highway user fees based upon actual mileage driven by a vehicle equipped with an on-board computer for the purpose of calculating highway mileage traversed. The Mileage-Based Road User Charge System does not use PII for any secondary purposes that might require consent unless otherwise authorized by law.
The Mileage-Based Road User Charge System will be used primarily as a repository for, and to facilitate the flow of, information on drivers who participate in the study. The information contained in the system will be used solely by authorized members of the project team at the University of Iowa and DOT in order to perform the study required by Section 1919 of SAFETEA-LU. The study data will come into the system via three paths:
- Recruitment Data Collection Path: This information includes contact information collected from those applying and selected to participate in the study. The information will be used to mail compensation for completing the six surveys on-line to the individuals, as well as sample billing statements that will be generated on a monthly basis. In general, the sample billing statements will reflect the vehicle's total mileage and fees for travel during the statement cycle. The information will also be used to mail the survey forms to individuals opting to complete a paper survey form, or telephoning those who opt to complete the survey by phone, rather than completing it on-line.
- Vehicle Data Collection Path: This includes information that will be obtained through the vehicle on-board computer and GPS positioning technology. This data will be used to generate the sample billing statements. The details contained in the sample billing statements will be varied to gauge participant opinions on data privacy issues. At the least detailed extreme, only the vehicle's total mileage and fees for travel during the statement cycle will be collected. At the other, most detailed, extreme, complete trip detail for all travel during the statement cycle will be collected. The level of vehicle travel detail collected will determine what information a participant will have on the fee statement for that statement period. Participant opinion about the two extremes and the trade-off between privacy protection, and audit ability, are among the many issues to be assessed in the study.
- Participant Data Collection Path: This includes information that will be obtained through an initial recruitment questionnaire and six bi-monthly surveys and used for:
- Quota sampling for each pilot test area (e.g., Baltimore, Maryland), the study team will select a participant panel that approximates the demographic profile of that area, based on Census statistics. Information to be used for this purpose includes date-of-birth, employment status, country of residence, citizenship, race, preferred language spoken in the home, gender, highest level of education attained, occupation, and household income range. This sampling will help the study team gain an initial understanding of the issues that might arise with the imposition of a user road fee, and the technical and administrative challenges that might arise in national implementation.
- National inference drawing. the study team will combine the results from the six pilot test areas with national level attitudinal surveys containing the same demographic information to indicate how the results of the study's limited geographic coverage might be applied at a national level. This includes self classification of political views on a scale ranging from extremely liberal to extremely conservative. The national level surveys employed in this effort will include publically available information collected for government purposes, academic studies, or other available sources.
In order to preserve privacy, for each participant, these survey data will be tied to a unique Participant ID number (i.e., an 8-character randomly generated numeric code), that cannot be related to any of the identifying personal data of participants.
The Mileage-Based Road User Charge System will not share PII in any way with external agencies or entities, except as described above or as may be required by law. Only approved FHWA staff and contractors will have regular access to the system.
In addition to the above notice methods, for individuals choosing to apply by telephone or by mail, notice will be provided by an Informed Consent document executed during participant training.
FHWA and the University of Iowa will ensure data accuracy in the following ways:
- Participant Contact and Other Information: During the participant selection process, the study team will receive data directly from the study participants via telephone, hard copy, or an on-line application process. It is the responsibility of the applicant to ensure that all data submitted is accurate and complete. For those submitting the form online, the system will provide automated checks to ensure that all required fields have been completed on the form.
- GPS Vehicle Location Information: Data uploaded from participant vehicles will undergo routine consistency checks by the study team to assess data validity. The on-board computer will collect odometer distance, speed, and time information from the vehicle on-board diagnostics (OBD) system and distance information from the GPS receiver. Comparing OBD odometer distance, GPS distance, and distance calculated from OBD speed and time information provides a three way check for consistency of the data being collected. The GPS distance provides the additional detail of jurisdiction of travel.
- Bi-Monthly Survey Information: As with the initial application/recruitment form, it is the responsibility of the participant to ensure that all survey data submitted is accurate and complete. For those completing the surveys online, the system will provide automated checks to ensure that all required fields have been completed on the form.
FHWA will make no decisions about individuals who volunteer to participate in the study. As stated previously, each participant's survey data will be tied to a unique Participant ID number that cannot be related to his/her PII in the system, and PII will be used only for administrative purposes (e.g., to send monthly billing statements to the participant or otherwise communicate with the participant during his/her participation in the study). Accordingly, redress rights are provided only with respect to the administrative records in the system, as those are the only records in the system that will be keyed to individuals.
A participant can obtain access to, contest the accuracy of and seek correction of his/her administrative records in the system by making a request in writing to the FHWA FOIA Office. The request must include the requester's name, mailing address, telephone number and/or e-mail address, a description and, if possible, the location of the records requested, and verification of the requester's identity (such as, a statement under penalty of perjury that the requester is the individual who he or she claims to be).
The system will store PII (applicant and participant data) in a separate database from study data. FHWA and the University of Iowa study team will take security measures to safeguard all data contained in the Mileage-Based Road User Charge System. Physical access to the servers that house the Mileage-Based Road User Charge System will be limited to appropriate personnel through building key cards and room-access keypads. The server will be located at the FHWA contractor site at the University of Iowa. Personnel with physical access have all undergone and passed DOT and University of Iowa Institutional Review Board security checks. Access to data in the system is limited according to job function.
The study team will apply DOT security standards, including, but not limited to, routine scans and monitoring, back-up activities, and the above-mentioned background security checks. The system has been certified and accredited in accordance with DOT requirements. The study web site will use Secure Socket Layer encryption and session tracking to ensure that applicant data submitted on-line remains secure. The Mileage-Based Road User Charge System will control access privileges according to the minimum necessary rule.
In addition, the data uploads from vehicles also will be done in a secure fashion. Road user data uploads only will be identifiable by a Device ID over a secure network connection.
A schedule with the proposed retention of records stored in the Mileage-Based Road User Charge System has been specified on a SF-115, Request for Records Disposition Authority, and it is currently under review by FHWA and National Archives and Records Administration (NARA). The proposed retention is for permanent status for the research data collected via on-board computer and through participant questionnaire responses, as these data have value in future research. The PII collected is solely for participant contact purposes and has no research value. The proposed retention schedule for this PII data is for deletion upon the individual's exit from the study.
The Mileage-Based Road User Charge System is a system of records subject to the Privacy Act with respect to the administrative records in the system, which are the only records that will be keyed to individuals. Accordingly, FHWA will publish a System of Records Notice in the Federal Register for this system. As stated previously, the information collection is subject to the Paperwork Reduction Act and FHWA has obtained the required OMB approval.