RSPA PIA HMIS

RSPA: Research and Special Programs Administration

DEPARTMENT OF TRANSPORTATION
Research and Special Programs Administration (RSPA)

PRIVACY IMPACT ASSESSMENT

Hazardous Materials Information System (HMIS)

November 25, 2003

Table of Contents

Overview of Research and Special Programs Administration (RSPA) privacy management process for HMIS
Personally-identifiable information and HMIS
Why HMIS collects information
How HMIS uses information
How HMIS shares information
How HMIS provides notice and consent
How HMIS ensures data accuracy
How HMIS provides redress
How HMIS secures information
System of records

Overview of Research and Special Programs Administration (RSPA) privacy management process for HMIS

The Research and Special Programs Administration (RSPA), within the Department of Transportation (DOT), has been given the responsibility to carry out vital safety and research programs that do not fit into more narrowly-focused DOT agencies. RSPA is responsible for:

Advancing intermodal transportation research and technology
Conducting transportation research
Protecting the public from the dangers inherent in the transportation of hazardous materials
Assuring that the safety and environmental risks of pipeline transportation are addressed
Providing civil sector preparedness for the Nation's transportation emergencies
Delivering training and technical assistance in transportation safety

As part of this mission, RSPA is tasked with protecting the Nation against the risks to life and property that are inherent in the transportation of hazardous materials in commerce. [49 U.S.C. 5101]. It is the task of RSPA's inspection and enforcement staff to determine compliance with the safety and training standards by inspecting entities that offer hazardous materials for transportation; and that manufacture, re-qualify, rebuild, repair, recondition, or retest packaging (other than cargo tanks and tank cars) used to transport hazardous materials. RSPA's hazardous materials inspection and enforcement program is carried out by the Office of Hazardous Materials Enforcement (OHME), which is under the general direction of the Associate Administrator for Hazardous Materials Safety. OHME also enforces the following requirements: (1) to have valid authority when operating under a DOT exemption or approval; (2) to be registered with RSPA as a shipper or carrier of hazardous materials; and (3) to submit a telephonic and/or written report (DOT Form 5800.1) following the unintentional release of hazardous materials in transportation.

In order to manage and analyze the complex data associated with these responsibilities, RSPA has developed a Hazardous Material Information System (HMIS). HMIS maintains, analyzes, and provides access to data pertaining to hazardous materials. Types of information fall within one of the following categories: incidents involving hazardous materials, approvals and exemptions pertaining to safety regulations, enforcement of hazardous materials regulations, and registration of carriers/shippers.

Privacy management is an integral part of the HMIS project. DOT/RSPA has retained the services of privacy experts to help assess its privacy management program, utilizing proven technology, sound policies and procedures, and proven methodologies.

The privacy management process is built upon a methodology that has been developed and implemented in leading companies around the country and globally. The methodology is designed to help ensure that DOT and RSPA will have the information, tools, and technology necessary to manage privacy effectively and employ the highest level of fair information practices while allowing RSPA to achieve its mission of protecting and enhancing a most important U.S. transportation system. The methodology is based upon the following:

Establish priority, authority, and responsibility. Appoint a cross-functional privacy management team to ensure input from systems architecture, technology, security, legal, and other disciplines necessary to ensure that an effective privacy management program is developed.
Assess the current privacy environment. This involves interviews with key individuals involved in the HMIS system and the development of a data flow map to ensure that all uses of personally identifiable data, along with the risks involved with such use, are identified and documented.
Organize the resources necessary for the project’s goals. Internal DOT/RSPA resources, along with outside experts, are involved in reviewing the technology, data uses and associated risks. They are also involved in developing the necessary redress systems and training programs.
Develop the policies, practices, and procedures. The resources identified in the paragraph immediately above work to develop an effective policy or policies, practices and procedures to ensure that fair information practices are complied with. The policies effectively protect privacy while allowing DOT/RSPA to achieve its mission.
Implement the policies, practices, and procedures. Once the policies, practices, and procedures are developed, they must be implemented. This involves training of all individuals who will have access to and/or process personally identifiable information. It also entails working with vendors to ensure that they maintain the highest standard for privacy while providing services to the RSPA project.
Maintain policies, practices, and procedures. Due to changes in technology, personnel, and other aspects of any program, effective privacy management requires that technology and information be available to the privacy management team to ensure that privacy policies, practices and procedures continue to reflect actual practices. Regular monitoring of compliance with privacy policies, practices, and procedures will be required.
Manage exceptions and/or problems with the policies, practices, and procedures. This step involved the development and implementation of an effective redress and audit system to ensure that any complaints are effectively addressed and corrections made if necessary.

Personally-identifiable information and HMIS

The HMIS system both contains Personally Identifiable Information (PII) and nonpersonally identifiable information pertaining to the hazardous materials activities listed previously. This means all individuals with PII in HMIS have been involved in a hazardous materials incident, registered as a carrier/shipper, applied for an approval or exemption, or been the subject of an enforcement activity. HMIS includes the following PII: name, contact information, credit card number (Registration program only), medical notes, and death certificate information (incident reports only).

RSPA receives HMIS data in several ways. First, carriers (currently only carriers report) are required to report a hazardous materials incident. These individuals or organizations typically fill out a paper form and send titto RSPA for data entry. In these cases, the HMIS contains name and contact information for the individual reporting the incident.

In addition, designated RSPA HMIS staff and support contractors enter data into HMIS directly. Finally, HMIS receives National Response Center data pertaining to incidents involving hazardous materials.

RSPA must also manage federal, State, and local government employee/contractor access to HMIS. As a result, HMIS also contains PII on federal, State, and local government employees and contractors that require access to HMIS. Using the HMIS network or dial-up interface, these users may:

Set up a password for continued access to the HMIS.
Access any of their own provided PII and change profile information, including changing contact information. Registration customers access information online, while other users contact RSPA for additions and changes.

Why HMIS collects information

HMIS collects PII in order to analyze hazardous materials data, as well as to perform and track approval/exemption/enforcement/registration activities pertaining to hazardous materials. Federal, State, and local officials use HMIS as part of normal official activities. In addition, RSPA provides some reports to individuals or organizations through the Web site: http://hazmat.dot.gov . These reports may include contact information.

Individuals and organizations may request incident reports from RSPA. In these cases, RSPA collects contact name and information in order to fulfill the request.

In addition, RSPA uses PII to identify federal, State, and local users with access to the HMIS system and manage permissions.

How HMIS uses information

RSPA uses PII within HMIS to contact individuals to fulfill requests and meet regulatory requirements. RSPA also uses HMIS to perform risk analyses, create aggregated reports, create summary reports with no PII, and provide to businesses incident reports pertaining to that business. HMIS facilitates registration of carriers and shippers, including the payment process through credit card.

RSPA also uses contact information of individuals or organizations requesting specialized reports in order to fulfill the request.

In addition, for those federal, State, and local employees/contractors who require direct access to HMIS, RSPA uses PII on those individuals to manage and control access and permissions to HMIS.

How HMIS shares information

RSPA shares HMIS data through its Web site: http://hazmat.dot.gov. These reports do not include PII. Individuals or organizations can request incident reports from RSPA. These incident reports include name and contact information. Designated federal, State, and local officials access HMIS data to perform job functions and meet regulatory requirements. RSPA HMIS Head Quarters staff access data to detect trends and perform regulatory requirements. HMIS users access HMIS through the HQ network, DOT WAN, or dial-up capability.

In addition, individuals and organizations can request additional reports that do not contain PII through a special request. In these cases, RSPA uses the voluntarily-provided PII of requestors to fulfill these requests. RSPA does not share or use PII of requestors for any other purpose outside of fulfillment.

Only designated federal, State and local officials have access to PII in the HMIS system, which is provided through a password-protected network server. Only HMIS headquarters staff has access to National Response data.

In order to manage these accesses and permissions, RSPA collects and maintains some PII on those individuals requiring access. RSPA does not share any PII for persons requiring access to the system, nor does RSPA share HMIS PII in any other way.

How HMIS provides notice and consent

The HMIS system provides visible links to a Privacy Policy that describes privacy practices and information uses (http://hazmat.dot.gov/warning.htm). In the future, HMIS may provide links to Web sites outside of DOT/RSPA. In these cases, HMIS will provide a pop-up window that informs a user that he or she is leaving the site and that different privacy practices may apply.

Federal and State HMIS users, on login to the system, must read a Terms and Conditions of Use, in which HMIS monitoring and possible consequences are described.

How HMIS ensures data accuracy

HMIS provides some internal field validation functionality, and it forces some fields to be completed. Data entry representatives are responsible for ensuring data accuracy.

Registration customers can request PII changes through a separate online system. HMIS users may request changes to PII through RSPA.

How HMIS provides redress

At any time, a federal, State or local HMIS user may request information on or change to profile information by contacting RSPA HMIS headquarters staff. Individuals on whom HMIS may contain PII due to involvement in RSPA related activities (i.e. incidents, approvals, exemptions, registration, enforcement actions) must contact RSPA HMIS headquarters staff to address data accuracy or privacy concerns. The Web site additionally provides privacy contact information.

How HMIS secures information

The HMIS system is currently housed in the Volpe National Transportation Systems Center, Cambridge, MA Physical access to the HMIS system is limited to appropriate personnel through building key cards and room-access key pads. Personnel with physical access have all undergone and passed DOT background checks.

In addition to physical access, electronic access to PII in HMIS is limited according to job function. RSPA verifies and authenticates new users before providing HMIS access by requiring written or email verification of an official source of the request. RSPA manages privileges according to the following roles:

Federal/State/Local HMIS users
HMIS Headquarters and Regional Staff
HMIS IT Support

The following matrix describes the privileges and safeguards around each of these roles as they pertain to PII.

ROLE	ACCESS	SAFEGUARDS
Federal/State/Local HMIS Staff	Changes own password Views data according to job privileges	User-set email and password must be 6 characters Password changes every 6 months. Privileges approved by HMIS headquarters staff and set by HMIS IT Support
HMIS Headquarters Staff	Changes own password Views and changes data pertaining to his or her location and job privileges	User-set email and password must be 6 characters Password changes every 6 months. Privileges approved by HMIS headquarters staff manager and set by HMIS IT Support
HMIS IT Support	Changes own password Views and changes data pertaining to his or her location and job privileges	User-set email and password must be 6 characters Password changes every 6 months. Privileges approved by HMIS headquarters staff manager and set by HMIS IT Support

System of records

HMIS is a system of records subject to the Privacy Act. RSPA has certified and accredited HMIS in accord with DOT requirements.