NHTSA PIA ARTEMIS

NHTSA: People Saving People; www.nhtsa.dot.gov

DEPARTMENT OF TRANSPORTATION
National Highway Traffic Safety Administration

PRIVACY IMPACT ASSESSMENT

ARTEMIS

December 3, 2003

Table of Contents

Overview of National Highway Traffic Safety Administration (NHTSA) privacy management process for Artemis
Personally-identifiable information and Artemis
Why Artemis collects information
How Artemis uses information
How Artemis shares information
How Artemis provides notice and consent
How Artemis ensures data accuracy
How Artemis provides redress
How Artemis secures information
System of records

Overview of National Highway Traffic Safety Administration (NHTSA) privacy management process for Artemis

The National Highway Traffic Safety Administration (NHTSA), within the Department of Transportation (DOT), has been given the responsibility to carry out motor vehicle and highway safety programs. NHTSA is responsible for reducing deaths, injuries, and economic losses resulting from motor vehicle crashes. One of the information systems that helps NHTSA fulfill this mission is Artemis, a system that helps NHTSA with the early identification of serious safety-related defects, and ultimately the ability to require more timely recalls.

The Artemis system provides a central repository of data on motor vehicles and motor vehicle equipment defects. Receiving information from consumers through the Hotline, public website, manufacturers, safety investigators and screeners, and other government agencies, Artemis stores complaints, recalls, safety defect investigations, and early warning reporting information from manufacturers of applicable equipment/motor vehicles. Designated officials use Artemis in the course of their jobs. Also, some Artemis data is made available to the public through individual requests or through a public Web site.[1]

Privacy management is an integral part of the Artemis system. DOT/NHTSA has retained the services of privacy experts to help assess its privacy management program, utilizing proven technology, sound policies and procedures, and proven methodologies.

The privacy management process is built upon a methodology that has been developed and implemented in leading companies around the country and globally. The methodology is designed to help ensure that DOT and NHTSA will have the information, tools, and technology necessary to manage privacy effectively and employ the highest level of fair information practices, while allowing NHTSA to achieve its mission of protecting and enhancing the public safety while traveling on the nation’s roads and highways. The methodology is based upon the following:

Establish priority, authority, and responsibility. Appoint a cross-functional privacy management team to ensure input from systems architecture, technology, security, legal. and other disciplines necessary to ensure that an effective privacy management program is developed.
Assess the current privacy environment. This involves interviews with key individuals involved in the Artemis system to ensure that privacy risks are identified and documented.
Organize the resources necessary for the project’s goals. Internal DOT/NHTSA resources, along with outside experts, are involved in reviewing the technology, data uses, and associated risks. They are also involved in developing the necessary redress systems and training programs.
Develop the policies, practices, and procedures. The resources identified in the paragraph immediately above will work to develop effective policies, practices, and procedures to ensure that Artemis complies with fair information practices. The policies will effectively protect privacy while allowing DOT/NHTSA to achieve its mission.
Implement the policies, practices, and procedures. Once the policies, practices and procedures are developed, they must be implemented. This involves training of all individuals who will have access to and/or process personally identifiable information. It also entails working with vendors to ensure that they maintain the highest standard for privacy while providing services to NHTSA.
Maintain policies, practices, and procedures. Due to changes in technology, personnel, and other aspects of any program, effective privacy management requires that technology and information be available to the privacy management team to ensure that privacy policies, practices, and procedures continue to reflect actual practices. Regular monitoring of compliance with privacy policies, practices, and procedures will be conducted by the privacy management team.
Manage exceptions and/or problems with the policies, practices, and procedures. This step involves the development and implementation of an effective redress and audit system to ensure that any complaints can be effectively addressed and corrections made if necessary.

Personally-identifiable information and Artemis

The Artemis system contains both Personally Identifiable Information (PII) and non-personally identifiable information pertaining to safety-related defects and alleged safety –related defects. NHTSA receives this information directly from manufacturers and complainants, as well as through federal government officially-provided notes and data. Raw data may enter Artemis when an individual inputs data directly or scans a paper document. NHTSA requests data in several ways. First, NHTSA solicits safety defect data through Web-enabled forms, an Auto Safety Hotline, and mail (all found at (http://www-odi.nhtsa.dot.gov/ivoq/). NHTSA also provides a similar e-mail version of the Hotline through its Web site, at http://www-odi.nhtsa.dot.gov/contact.cfm. A data entry staff member inputs the information, plus any pertinent notes, into Artemis. PII that a consumer may provide includes: name, postal address, e-mail address, telephone number, and similar information.[2] Consumers who call the NHTSA Auto Safety Hotline number or write to/email NHTSA may voluntarily also submit other PII, including but not limited to social security number, driver license number, VIN, medical information and notes, and disability information. As designated federal safety investigators and personnel follow up on complaints and take action on safety issues, these individuals may also enter into Artemis notes and additional data. Manufacturers associated with an investigation or recall may also submit data to NHTSA. These data may be in the form of paper-based documents, which appropriate personnel scan and save in Artemis. This type of PII may include but is not limited to name, contact information, social security number, driver license number, death certificate, VIN, medical information and notes, and photos. In addition, Artemis receives information from insurance companies and the Center for Auto Safety, a private organization.

Why Artemis collects information

Artemis collects PII in order to track and manage automobile defect and recall data. Artemis PII allows appropriate federal agencies and staff to research and validate complaints, quantify scope of safety issues, identify safety trends, contact individuals involved in complaints, and effect recalls.

How Artemis uses information

Artemis stores PII and non-PII and makes these data available to appropriate personnel involved in safety and defect tracking. These staff members may use Artemis PII to conduct further research, contact individuals associated with a defect complaint or investigation, and review trends and scope in automobile defect and recall issues.

Artemis also aggregates data and provides reports without PII to the public and individuals requesting such information.

How Artemis shares information

Designated, approved federal employees and contractors have access to Artemis PII according to job roles and responsibilities for use in their jobs. In addition, consumers may provide express consent for NHTSA to share their PII with manufacturers, and in the future, with the public, including other individuals experiencing similar problems.[3] NHTSA does not share PII without this express, opt-in consent.

Data that do not contain any PII, except in some cases VINs, can be searched for and obtained through a public Web site:

http://www-odi.nhtsa.dot.gov/cars/problems/complain/complaintsearch.cfm.

In some cases, consumers may also call, e-mail, or write to request Artemis data. In these cases, NHTSA provides only non-PII data, with the exception of some VINs.

NHTSA does not share Artemis PII in any other way.

How Artemis provides notice and consent

The NHTSA Web site provides a link to a privacy policy at the point of PII collection. Consumers may also opt-in to their PII being shared with manufacturers, and in the future, with the public, including other individuals experiencing similar problems.[4]

How Artemis ensures data accuracy

Artemis receives PII from complainants and manufacturers directly. Artemis provides some automated checks for completeness and internal consistency. Also, Artemis flags some records for additional manual Quality Assurance review. An audit trail of changes in Artemis provides safeguards for improper modification of data.

How Artemis provides redress

NHTSA provides Web site access to a privacy officer who addresses privacy concerns and questions.

How Artemis secures information

Artemis data files are maintained in a secure contractor building. All Artemis staff and contractors are briefed on Artemis security requirements and their responsibilities.

Artemis staff and contractors with access to Artemis data receive basic security training with some privacy components. These users also annually read and sign a Non-Disclosure Agreement containing privacy provisions and penalties for unauthorized disclosure of data. Artemis does not provide Artemis-specific privacy training to other users.

In addition to physical access, electronic access to Artemis PII is limited according to job function. NHTSA controls access privileges according to a documented roles matrix, with each individual receiving the minimum necessary access to PII and permissions. Many Artemis users receive read-only access to all or some of the data.

In addition, access to Artemis PII requires first access to a secure LAN, and then requires a second Artemis user ID and password with the following protections:

Passwords expire after a set period.
Accounts are locked after a set period of inactivity.
Minimum length of passwords is eight characters.
Passwords must be a combination of letters and numbers.
Accounts are locked after a set number of incorrect attempts.

Publicly accessible Artemis data are housed on a separate server from PII, and they are accessible through a Web interface. No user names or passwords are required for this access.

System of records

Artemis as a whole is not a system of records subject to the Privacy Act, though two forms subject to the Paperwork Reduction Act: Vehicle Owner’s Questionnaire, HS-Form 350 (Rev 5-92), OMB No. 2127-0008; and Child Safety Seat Questionnaire, HS-Form 350 (4/97), OMB No. 2127-0008.

NHTSA has certified and accredited Artemis in accordance with DOT requirements.

[1] www-odi.nhtsa.dot.gov

[2] https://www-odi.nhtsa.dot.gov/ivoq/Consumer.cfm

[3] https://www-odi.nhtsa.dot.gov/ivoq/Consumer.html

[4] https://www-odi.nhtsa.dot.gov/ivoq/Consumer.cfm#PrivacyAct