U.S. Department of Transportation Office of the Chief Information Officer (OCIO) Privacy Threshold Assessment (PTA) National Highway Traffic Safety Administration Office of Behavioral Safety Research Rearview Video Training for Older Drivers signed KARYN Digitally by KARYN MARIE MARIE GORMAN Date: 2023.03.13 GORMAN 16:26:42 -04'00' 1 U.S. Department of Transportation Privacy Threshold Assessment (PTA) The Privacy Threshold Assessment (PTA) is an analytical tool used to determine the scope of privacy risk management activities that must be executed to ensure that the Department’s initiatives do not create undue privacy risks for individuals. The Privacy Threshold Assessment (PTA) is a privacy risk management tool used by the Department of Transportation (DOT) Chief Privacy Officer (CPO). The PTA determines whether a Department system 1 creates privacy risk for individuals that must be further analyzed, documented, or mitigated, and determines the need for additional privacy compliance documentation. Additional documentation can include Privacy Impact Assessments (PIAs), System of Records notices (SORNs), and Privacy Act Exemption Rules (Exemption Rules). The majority of the Department’s privacy risk emanates from its direct collection, use, storage, and sharing of Personally Identifiable Information (PII), 2 and the IT systems used to support those processes. However, privacy risk can also be created in the Department’s use of paper records or other technologies. The Department may also create privacy risk for individuals through its rulemakings and information collection requirements that require other entities to collect, use, store or share PII, or deploy technologies that create privacy risk for members of the public. To ensure that the Department appropriately identifies those activities that may create privacy risk, a PTA is required for all IT systems, technologies, proposed rulemakings, and information collections at the Department. Additionally, the PTA is used to alert other information management stakeholders of potential risks, including information security, records management and information collection management programs. It is also used by the Department’s Chief Information Officer (CIO) and Associate CIO for IT Policy and Governance (Associate CIO) to support efforts to ensure compliance with other information asset requirements including, but not limited to, the Federal Records Act (FRA), the Paperwork Reduction Act (PRA), the Federal Information Security Management Act (FISMA), the Federal Information Technology Acquisition Reform Act (FITARA) and applicable Office of Management and Budget (OMB) guidance. Each Component establishes and follows its own processes for developing, reviewing, and verifying the PTA prior to its submission to the DOT CPO. At a minimum the PTA must be reviewed by the Component business owner, information system security For the purposes of the PTA the term “system” is used throughout document but is not limited to traditional IT systems. It can and does refer to business activity and processes, IT systems, information collection, a project, program and/or technology, and proposed rulemaking as appropriate for the context of the assessment. 2 The term “personally identifiable information” refers to information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc. 1 1 U.S. Department of Transportation manager, general counsel, records officers, and privacy officer. After the Component review is completed, the Component Privacy Office will forward the PTA to the DOT Privacy Office for final adjudication. Only PTAs watermarked “adjudicated” and electronically signed by the DOT CPO are considered final. Do NOT send the PTA directly to the DOT PO; PTAs received by the DOT CPO directly from program/business owners will not be reviewed. If you have questions or require assistance to complete the PTA please contact your Component Privacy Officer or the DOT Privacy Office at privacy@dot.gov. Explanatory guidance for completing the PTA can be found in the PTA Development Guide found on the DOT Privacy Program website, www.dot.gov/privacy. 2 U.S. Department of Transportation PROGRAM MANAGEMENT SYSTEM name: Rearview Video Training for Older Drivers Cyber Security Assessment and Management (CSAM) ID: N/A SYSTEM MANAGER CONTACT Information: Name: Kathy Sifrit Email: Kathy.sifrit@dot.gov Phone Number: 202-366-0868 Is this a NEW system? ☐ Yes (Proceed to Section 1) ☐ No ☒ Renewal ☐ Modification Is there a PREVIOUSLY ADJUDICTED PTA for this system? ☐ Yes: Date: <> ☒ No 1 SUMMARY INFORMATION 1.1 System TYPE ☐ Information Technology and/or Information System Unique Investment Identifier (UII): Click here to enter text. Cyber Security Assessment and Management (CSAM) ID: Click here to enter text. ☐ Paper Based: Click here to enter text. ☐ Rulemaking Rulemaking Identification Number (RIN): < > Rulemaking Stage: ☐ Notice of Proposed Rulemaking (NPRM) ☐ Supplemental NPRM (SNPRM): ☐ Final Rule: Federal Register (FR) Notice: < > 3 U.S. Department of Transportation ☒ Information Collection Request (ICR)3 ☐ New Collection ☒ Approved Collection or Collection Renewal ☒ OMB Control Number: 2127-0731 ☒ Control Number Expiration Date: 8/31/2021 1.2 ☐ Other: < > System OVERVIEW: NHTSA's OBSR proposes to collect information for a new research to determine the effectiveness of a training video on proper use of a rear vision system (RVS) in passenger vehicles in improving backing performance. This research effort entails collecting driving data using an instrumented vehicle on a closed course from 120 participants evenly distributed across two age groups: 60-69 and 70+, and sex, who reside in the New River Valley and Roanoke Valley Areas of Virginia. Measures of backing performance and eye glance behaviors of participants who complete the training video will be compared to that of participants who view a similar-length traffic safety video unrelated to backing or Rear Video Systems (RVS) use. The study will also document participants’ opinions about the RVS technology using a brief post-experimental questionnaire. TransAnalytics will conduct this study under a Time and Materials task order on an IDIQ contract (693JJ921D000035/693JJ922F00137N) with NHTSA. NHTSA contracted with TransAnalytics to conduct the project, and TransAnalytics subcontracted to Virginia Tech Transportation Institute (VTTI) to provide vehicle instrumentation, the closed roadway, recruiting, and data collection support. TransAnalytics will oversee subcontractors’ work, ensure the protection of participants’ data and privacy of the participants, conduct final analyses, interpret the findings, and prepare a final report describing the research findings to NHTSA. In addition to the naturalistic data, there are two (paper) collection instruments that will be used for the study: a participant screening questionnaire and a consent form. Eligibility The eligibility data from the screening questionnaire will be used to identify eligible participants for this study; results from this questionnaire will not be kept or analyzed. Participants will be recruited from the New River Valley and Roanoke Valley areas of Virginia. Potential participants in the study will apply by responding to a published advertisement appearing in print media and social media. Other potential participants will be contacted using VTTI’s proprietary database consisting of previouslyconsented participants. 3 See 44 USC 3501-3521; 5 CFR Part 1320 4 U.S. Department of Transportation VTTI will contact candidate participants by phone, email, or other electronic means. To qualify for this study, participants must fall into one of two age groups: 1) ages 60-69; and 2) ages 70 and older. Screening questionnaires will ask about the following to ensure that respondents meet inclusion criteria: • Year of birth, age, sex, and race • COVID-19 vaccination status (if required by VTTI at the moment of the study) • Valid Driver license • Experience with rearview video systems • Driving habits (e.g. 3 driving trips per week at a minimum) • Health questions/conditions and medications that would affect their ability to drive the study vehicle safely. • Name, address, email, and phone number of those who meet the eligibility requirements Individuals who do not meet the eligibility requirements will be excluded because they may not safely participate in a test-track experiment. In this study, participants will drive a study-provided vehicle equipped with a console-mounted RVS display to complete a series of backing tasks. Researchers will install a data acquisition system (DAS) in the vehicle to collect driving data as participants complete a series of backing tasks that an earlier study showed were difficult for older drivers. Participants will also complete a post-experimental questionnaire about their opinions regarding the technology. Study This research effort entails collecting driving data using an instrumented vehicle on a closed roadway, with 120 participants, evenly distributed by across 2 age groups: 6069 and 70+ and across sex. Eligible participants will go to the study office (on-site at the closed course) where half (balanced across age and sex) will be assigned to a training group and the remainder to a control group. Training group members will view the RVS training video developed in the previous study and control group members will view an unrelated traffic safety video of the same length as the training video. Before data collection begins, each participant will be afforded time driving the test vehicle to become familiar with its handling characteristics and controls; this will include practice (i.e., not scored) maneuvers using the RVS. Next, an experimenter riding in the passenger seat, will provide instructions to guide the participant from task to task during data collection. After completing the driving tasks, each participant will complete a post experiment questionnaire regarding their opinions about the technology. At this time, participants will receive incentive payments and the research team will answer any participant questions. Social Security Number will be collected only for the purpose of processing the participant’s payment and will not be included in any part of the study. Data Collection 5 U.S. Department of Transportation Screening data will be collected via a paper form. The backing data collection platform will consist of a full-size sedan from VTTI’s instrumented vehicle fleet with a passenger-side secondary brake that the experimenter can use to stop the vehicle if necessary to ensure safe vehicle operation. VTTI mounted their data acquisition system (VTTI DAS) securely and inconspicuously in the test vehicle, and the VTTI DAS provided the following sources of data: five video camera views that include the driver’s face, forward roadway, rear roadway/parking space, and the left and right sides of the vehicle; precise vehicle and target locations using GPS; Multiaxis accelerometers that document hard braking or acceleration; and timing information. At the end of the study, NHTSA will receive deidentified and aggregated data, and a report from the study through a Secure File Transfer Protocol (SFTP) site. Data consists of vehicle instrumentation data and the data analysis. All data are deidentified with no PII. The data are submitted along with the report so that NHTSA has the option to process it differently than the contractor, and develop new graphs/tables to address other questions that arise in the future. Statistical comparisons will focus on comparing the treatment and control groups in terms of driver positioning errors, instances of contacting an obstacle or other object, and proportion of glances toward the RVS, rearview mirrors, and over the shoulder. A second series of analyses will examine potential differences by age and sex. Additionally, the data will provide NHTSA a basis from which to help drivers use this technology safely but does not and is not intended to provide guidance to the agency. Video recordings are kept for a pre-determined length of time agreed by VTTI and Virginia Tech Transportation Institute’s internal Institutional Review Board (IRB). Any paper copies will be kept in a locked filing cabinet in a locked office. Electronic copies are stored on limited access, password protected computer system. All video, hard copies and electronic copies will be destroyed 7 years after completion of the study. 2 INFORMATION MANGEMENT 2.1 SUBJECTS of Collection Identify the subject population(s) for whom the system collects, maintains, or disseminates PII. (Check all that apply) ☒ Members of the public: ☒ Citizens or Legal Permanent Residents (LPR) ☐ Visitors ☐ Members of the DOT Federal workforce ☐ Members of the DOT Contract workforce 6 U.S. Department of Transportation 2.2 ☐ System Does Not Collect PII. If the system does not collect PII, proceed directly to question 2.3. What INFORMATION ABOUT INDIVIDUALS will be collected, used, retained, or generated? Screening questionnaires will collect the folling information: • Citizenship, Age, sex • COVID-19 vaccination status • Driver license status, including any license restrictions • Involvement in motor vehicle crashes, injuries sustained and traffic violations • Health Issues that would limit their overall ability to drive or affect their ability to drive the study vehicle safely including use of medications that cause drowsiness or otherwise impair their ability to drive the study vehicle. • Vision status • Social Security Number • Name, address, email, and phone number 2.3 Does the system RELATE to or provide information about individuals? ☒ Yes: The questionnaire will ask about participants’ knowledge, attitudes, behavior and driving behaviors while driving a vehicle equipped with RVS technology. ☐ No If the answer to 2.1 is “System Does Not Collect PII” and the answer to 2.3 is “No”, you may proceed to question 2.10. If the system collects PII or relate to individual in any way, proceed to question 2.4. 2.4 Does the system use or collect SOCIAL SECURITY NUMBERS (SSNs)? (This includes truncated SSNs) ☒ Yes: Authority: Social security number is required for participant compensation purposes. 7 U.S. Department of Transportation Purpose: Social security number is required for participant compensation purposes. All participants will receive financial compensation only if they qualify and actively participate in the study. Social security numbers or VT employee ID will be collected in a W-9 form for payment purposes only. SSN or any subset will not be included as study data. 2.5 ☐ No: The system does not use or collect SSNs, including truncated SSNs. Proceed to 2.6. Has an SSN REDUCTION plan been established for the system? ☐ Yes: ☐ No: << A system without an SSN reduction plan is in violation of the Privacy Act. Explain why a reduction plan has yet to be completed and provide an anticipated completion date.>> 2.6 Does the system collect PSEUDO-SSNs? ☐ Yes: << Describe how the pseudo-SSNs are used to accomplish the authorized purpose and why they are necessary as opposed to lower-risk identifiers.>> 2.7 ☒ No: The system does not collect pseudo-SSNs, including truncated SSNs. Will information about individuals be retrieved or accessed by a UNIQUE IDENTIFIER associated with or assigned to an individual? ☒ Yes Is there an existing Privacy Act System of Records notice (SORN) for the records retrieved or accessed by a unique identifier? ☐ Yes: SORN: < > ☒ No: Explanation: Each individual will be assigned a participant ID for use in all data collection forms, data analysis, and reporting to track the progress of the individual’s participation throughout the study. The participant ID will not be included in the final report to NHTSA. This study is not about the individuals, but about their ability to use and opinions toward RVS systems. Expected Publication: < > 2.8 ☐ Not Applicable: Proceed to question 2.9 Has a Privacy Act EXEMPTION RULE been published in support of any Exemptions claimed in the SORN? ☐ Yes 8 U.S. Department of Transportation Exemption Rule: << Provide the full Exemption Rule Name, the Federal Register SORN citation, and the URL.>> ☐ No Explanation: << An explanation must be provided for failure to comply with all of the requirements of the Privacy Act without an Exemption Rule.>> Expected Publication: << List the expected date of publication for an Exemption Rule that will bring the system into compliance with the Privacy Act.>> 2.9 ☒ Not Applicable: SORN does not claim Privacy Act exemptions. Has a PRIVACY IMPACT ASSESSMENT (PIA) been published for this system? ☒ Yes: Office of Behavioral Safety Research (OBSR) Research Studies - June 10, 2019 https://www.transportation.gov/individuals/privacy/nhtsa-office-behavioral-safetyresearch-obsr-research-studies ☐ No: << If a previous PTA required a PIA as part of adjudication, and a PIA was not published, provide an explanation. If this is a new system, write “New System.”>> 2.10 ☐ Not Applicable: The most recently adjudicated PTA indicated no PIA was required for this system. Does the system EXCHANGE (receive and/or send) DATA from another INTERNAL (DOT) or EXTERNAL (non-DOT) system or business activity? ☐ Yes: <
> ☒ No 2.11 Does the system have a National Archives and Records Administration (NARA)-approved RECORDS DISPOSITION schedule for system records? ☐ Yes: Schedule Identifier: << Identify the relevant NARA schedule, including the schedule number, title, section, and URL.>> Schedule Summary: << Provide a synopsis of the relevant portion(s) of the schedule.>> ☒ In Progress: DAA-0416-2021-0003 Submitted to NARA on 6/8/21 ☐ No: Click here to enter text. 9 U.S. Department of Transportation 3 SYSTEM LIFECYCLE 3.1 3.2 The systems development life cycle (SDLC) is a process for planning, creating, testing, and deploying an information system. Privacy risk can change depending on where a system is in its lifecycle. Was this system IN PLACE in an ELECTRONIC FORMAT prior to 2002? The E-Government Act of 2002 (EGov) establishes criteria for the types of systems that require additional privacy considerations. It applies to systems established in 2002 or later, or existing systems that were modified after 2002. ☐ Yes: < > ☐No ☒Not Applicable: System is not currently an electronic system. Proceed to Section 4. Has the system been MODIFIED in any way since 2002? ☐ Yes: The system has been modified since 2002. ☐ Maintenance. ☐ Security. ☐ Changes Creating Privacy Risk: << Describe any modification that may introduce new privacy risk, including but not limited to: paper to electronic conversions, changing anonymous information into information in identifiable form, significant system management changes (including application of new technologies), significant system or data merging, use of new authentication technologies in support of public access, commercial data sources, new interagency uses, changes in internal flow or data collection, or alternation of data characterization.>> ☐ Other: << Describe >> 3.3 ☐ No: The system has not been modified in any way since 2002. Is the system a CONTRACTOR-owned or -managed system? ☐ Yes: The system is owned or managed under contract. Contract Number: < > 3.4 Contractor: << Contractor Name >> ☐ No: The system is owned and managed by Federal employees. Has a system Security Risk CATEGORIZATION been completed? The DOT Privacy Risk Management policy requires that all PII be protected using controls consistent with Federal Information Processing Standard Publication 199 (FIPS 199) moderate confidentiality standards. The OA Privacy 10 U.S. Department of Transportation Officer should be engaged in the risk determination process and take data types into account. ☐ Yes: A risk categorization has been completed. Based on the risk level definitions and classifications provided above, indicate the information categorization determinations for each of the following: Confidentiality: Integrity: Availability: ☐ Low ☐ Low ☐ Low ☐ Moderate ☐ Moderate ☐ Moderate ☐ High ☐ High ☐ High ☐ Undefined ☐ Undefined ☐ Undefined Based on the risk level definitions and classifications provided above, indicate the information system categorization determinations for each of the following: Confidentiality: Integrity: Availability: 3.5 ☐ Low ☐ Low ☐ Low ☐ Moderate ☐ Moderate ☐ Moderate ☐ High ☐ High ☐ High ☐ Undefined ☐ Undefined ☐ Undefined ☐ No: A risk categorization has not been completed. Provide date of anticipated completion. Click here to enter text. Has the system been issued an AUTHORITY TO OPERATE? ☐ Yes: Date of Initial Authority to Operate (ATO): Anticipated Date of Updated ATO: < > ☐ No: < > ☐ Not Applicable: System is not covered by the Federal Information Security Act (FISMA). 4 COMPONENT PRIVACY OFFICER ANALYSIS The Component Privacy Officer (PO) is responsible for ensuring that the PTA is as complete and accurate as possible before submitting to the DOT Privacy Office for review and adjudication. COMPONENT PRIVACY OFFICER CONTACT Information Name: Jose R. Delgado-Forastieri Email: j.delgado-forastieri@dot.gov 11 U.S. Department of Transportation Phone Number: 202-366-7491 COMPONENT PRIVACY OFFICER Analysis This collection is to study the participants knowledge, attitudes, behavior and driving behaviors while driving a vehicle equipped with RVS technology. Each individual will be assigned a participant ID only to track the progress of the individual’s participation throughout the study. This ID will not be used in any other way after the data collection and analysis is concluded and will not be included in the final deliverable to NHTSA. NHTSA is unable to retrieve PII in the final deliverable by personal identifier. Therefore, the system is not a a system of records as defined by the Privacy Act. Individuals consent to participate in the study. While the participants share their SSN for the purposes of renumeration and limited health information for eligibility purposes, the privacy risk for this collection is low because the information concerns driving attitudes and analysis of activities during a closed course simulation. The subcontractor will not share the PII it collects with NHTSA’s contractor. NHTSA’s contractor will submit deidentified data to NHTSA and responses will not be associated with individual respondents. Participants will consent to participate by signing a consent that is consistent with NHTSA’s Human Subject Testing Order and subject to NCC approval. OBSR already has a PIA which covers this kind of collection. A Record Disposition Schedule was submitted to NARA on 6/8/21. 5 COMPONENT REVIEW Prior to submitting the PTA for adjudication, it is critical that the oversight offices within the Component have reviewed the PTA for completeness, comprehension and accuracy. Component Reviewer Name Review Date Business Owner Kathy Sifrit 1/19/2023 General Counsel Andrew DiMarsico 3/2/2023 Information System Security Manager (ISSM) Nurdan Logan 2/28/2023 Privacy Officer Jose R. Delgado-Forastieri 3/2/2023 LeErnest Wells 3/2/2023 Records Officer Table 1 - Individuals who have reviewed the PTA and attest to its completeness, comprehension and accuracy. 12 U.S. Department of Transportation Control # AP-1 Control Name Authority to Collect Primary PTA Question Satisfied 1.2 - Overview Other than satisfied X N/A Component PO Assessment A renewal request to OMB is already in progress. POA&M Issue: OMB renewal control number required. Requirement: submit PRA package. Timeline: prior to collection. Note: OMB authorization required prior to commencement of study. DOT CPO Assessment Concur POA&M Issue: OMB renewal control number required. Requirement: submit PRA package. Timeline: prior to collection. Note: OMB authorization required prior to commencement of study. AP-2 Purpose Specification 1.2 - Overview X Contractor will obtain IRB approval to collect data. Purposed defined. AR-1 Governance and Privacy Program Common Control X Addressed by DOT CPO. Concur AR-2 Privacy Impact and Risk Assessment Program Management X Concur AR-3 Privacy Requirements for Contractors and Service Providers Privacy Monitoring and Auditing 3.3 - Contractor System X PTA sufficient. OBSR already has a PIA which covers this kind of collection. No PIA required. Standard contract language. Common Control X Addressed by DOT CPO. Concur AR-5 Privacy Awareness and Training Common Control X Addressed by DOT CPO. Concur AR-6 Privacy Reporting Common Control X Addressed by DOT CPO. Concur AR-4 1 Concur Concur U.S. Department of Transportation Control # Control Name Primary PTA Question Satisfied X Other than satisfied N/A Component PO Assessment DOT CPO Assessment Concur X SSN is required only for participant compensation purposes. SSN will not be collected for the purpose of the study. SSN or any subset will not be included as study data. Not maintained in SOR. Data Quality issued addressed in IRB. Concur Activity does not constitute sharing covered by the CMA. Concur AR-7 Privacy-Enhanced System Design and Development 2.5 - SSN Reduction AR-8 Accounting of Disclosures 2.7 - SORN DI-1 Data Quality 1.2 - System Overview DI-2 Data Integrity and Data Integrity Board 3.4 - Security Risk Categorization DM-1 Minimization of PII 2.2 – Information About Individuals X Data collection consistent with purpose. Concur DM-2 Data Retention and Disposal 2.11 - Records Disposition Schedule X Records Schedule was submitted to NARA and is waiting approval. Note: records must be treated as permanent until NARA approves the new records schedule. System not used for testing, training, research. Concur DM-3 X X Concur Note: records must be treated as permanent until NARA approves the new records schedule. 2.2 – Information About Individuals X IP-1 Minimization of PII Used in Testing, Training, and Research Consent 2.7 - SORN X Not maintained in SOR. Concur IP-2 Individual Access 2.8 – Exemption Rule X Not maintained in SOR. Concur 2 Concur U.S. Department of Transportation Control # Control Name Primary PTA Question IP-3 Redress 2.7 - SORN IP-4 Complaint Management Common Control SE-1 Inventory of PII SE-2 Satisfied Other than satisfied N/A X Component PO Assessment DOT CPO Assessment Not maintained in SOR. Concur X Addressed by DOT CPO. Concur Common Control X Not IT system under FISMA. Concur Privacy Incident Response Common Control X Addressed by DOT CPO. Concur TR-1 Privacy Notice 2.7 - SORN X Not maintained in SOR. Concur TR-2 System of Records Notices and Privacy Act Statements 2.7 - SORN X Not maintained in SOR. Concur TR-3 Dissemination of Privacy Program Information Common Control X Addressed by DOT CPO. Concur UL-1 Internal Use 2.10 - Internal and External Use X Information not authorized for disclosure beyond DOT/DOTcontractors. Concur UL-2 Information Sharing with Third Parties 2.10 - Internal and External Use X Information not authorized for disclosure beyond DOT/DOTcontractors. Concur 3
File Type | application/pdf |
File Title | PTA Template November 2019 |
Author | Shams-Ramsey, Maria CTR (OST) |
File Modified | 2023-03-13 |
File Created | 2023-03-13 |