ITS Fair Information and Privacy Principles
Members of ITS America's Legal Issues Committee have worked hard to develop
the following Guiding Principles to help address many of the issues that
accompany the application of technology to save time, lives and money. The
following information was taken directly from the
January 11, 2001, the Board of Directors gave final approval to ITS America's
Fair Information and Privacy Principles, which provide guidance to companies and
jurisdictions developing and deploying Intelligent Transportation Systems. These
principles recognize the public's interest in privacy by providing an opt-in
standard for the collection of personally identifiable information and an
opt-out standard for the collection of anonymous information.
Intelligent Transportation Systems
Fair Information and Privacy Principles
These fair information and privacy principles were prepared in
recognition of the importance of upholding individual privacy in implementing
Intelligent Transportation Systems (ITS). The principles represent values and
are designed to be flexible and durable to accommodate a broad scope of
technological, social and cultural change. ITS America may, however, need to
revisit them periodically to assure their applicability and effectiveness.
These principles are advisory, intended to educate and guide
transportation professionals, policy makers, companies, organizations, and the
public as they develop fair information and privacy guidelines for specific
intelligent transportation projects. Initiators of ITS projects are urged to
publish the fair information and privacy principles that they intend to follow.
Parties to ITS are urged to include enforceable provisions for safeguarding
privacy in their contracts and agreements.
1. INDIVIDUAL CENTERED. Intelligent Transportation Systems must
recognize and respect the individual's interests in privacy and information use.
ITS Systems create value for both
individuals and society as a whole. Central to the ITS vision is the creation of
ITS Systems that will fulfill our national goals. The primacy focus of
information use is to improve travelers' safety and security, reduce travel
times, enhance individuals' ability to deal with highway disruptions and improve
air quality. Travel information is collected from many sources, some from the
infrastructure and some from vehicles, while other information may come from the
transactions -- such as electronic toll collection -- that involve interaction
between the infrastructure and vehicle. That information may have value in both
ITS and non-ITS applications. The individual's interest in privacy must be
respected. This requires disclosure and the opportunity for individuals to
express choice if personal identification is collected.
2. VISIBLE. Intelligent Transportation Information Systems will be
built in a manner "visible" to individuals.
ITS may create data on
individuals. Individuals should have a means of discovering how the data flows
operate. "Visible" means to disclose to the public the type of data
collected, how it is collected, what its uses are, and how it will be
distributed. The concept of visibility is one of central concern to the public,
and, consequently, this principle requires assigning responsibility for
3. COMPLY. Intelligent Transportation Systems will comply with
applicable state and federal laws governing privacy and information use.
Privacy law is a patchwork of
federal and state statutes, as well as federal and state judicial opinions. The
"right" to privacy as a matter of law in the context of transportation
on public roads and other facilities is limited. Intelligent Transportation
Systems should provide, at a minimum, privacy protections in conformity with the
law of respective jurisdictions.
4. SECURE. Intelligent Transportation Systems will be
ITS databases may contain
information on where travelers go, the routes they use, and when they travel,
and therefore must be secure. All ITS information systems will make use of data
security technology and audit procedures appropriate to the sensitivity of the
information. ITS systems should use technological and administrative safeguards
to assure that access to personally identifiable information is restricted to
duly authorized individuals.
5. LAW ENFORCEMENT. Intelligent
Transportation Systems have an appropriate role in enhancing travelers' safety
and security interests, but absent consent, statutory authority, appropriate
legal process, or emergency circumstances as defined by law, information
identifying individuals will not be disclosed to law enforcement.
ITS has the potential to make it
possible for traffic management agencies to know where individuals travel, what
routes they take, and travel duration. Therefore, ITS can increase the
efficiency of traffic law enforcement by providing aggregate information
necessary to target resources. States may legislate conditions under which ITS
information will be made available to law enforcement agencies. Absent
government authority, however, ITS systems should not be used as a surveillance
means for enforcing traffic laws, nor used as a tool of criminal investigation.
Although individuals are concerned about public safety, persons who voluntarily
participate in ITS programs or purchase ITS products should be informed of how
information they are providing is used.
6. RELEVANT. Intelligent Transportation Systems will only collect
personal information that is relevant for ITS purposes.
ITS, respectful of the
individual's interest in privacy, will only collect information that contain
individual identifiers that are needed for the ITS service functions.
Furthermore, ITS information systems will include protocols that call for the
purging of individual identifier information that is no longer needed to meet
7. ANONYMITY. Where practicable, individuals should have the ability
to utilize Intelligent Transportation Systems on an anonymous basis.
Certain ITS applications
(commercial vehicle operations or "mayday") require personally
identifiable information to function. Others (such as automated fee payment) may
be designed to enable use by individuals without identifying themselves (through
anonymous debit accounts) or with identifiers for convenience (credit cards).
Unless provision of identifiers is required by the ITS application, users should
be provided with the opportunity to choose anonymity.
8. COMMERCIAL OR OTHER SECONDARY USE. Intelligent Transportation
Systems information stripped of personal identifiers may be used for non-ITS
American consumers want
information used to create economic choice and value, but also want their
interest in privacy preserved. ITS information is predictive of goods and
services that interest consumers, for example, the right location for stores,
hospitals and other facilities. However, personally identifiable information
collected by ITS surveillance technologies is extremely sensitive. Therefore,
the following practices should be followed:
ITS information absent personal identifiers may be used for ITS and other
Generally, data collectors should assure that ITS information provided to
private organizations for secondary uses is stripped of personal identifiers.
Individuals, however, may contract to allow use of personal identifiers
for secondary use if full disclosure in the intended use is made and informed
9. FOIA. Federal and State Freedom of Information Act (FOIA)
obligations require disclosure of information from government maintained
databases. Database arrangements should balance the individual's interest in
privacy and the public's right to know.
In determining whether to
disclose ITS information, governments should, where possible, balance the
individual's right to privacy against the preservation of the basic purpose of
the Freedom of Information laws to open agency action to public scrutiny. ITS
travelers should be presumed to have reasonable expectations of privacy for
personal identifying information. Pursuant to the individual's interest in
privacy, the public/private framework of organizations collecting data should be
structured to resolve problems of access created by FOIA.
10. OVERSIGHT. Jurisdictions and companies deploying and operating
Intelligent Transportation Systems should have an oversight mechanism to ensure
that such deployment and operation complies with their Fair Information and
and companies should implement proper procedures to ensure that they protect the
individual user's right to privacy, at a minimum, to the extent outlined in
these principles. This mechanism may include internal directives, the
appointment of a privacy officer, and/or penalties for violations. Governments
and companies should have the flexibility to tailor such a system to their
respective needs or circumstances.
If you have any questions concerning these guiding principles, send us an
email. If we can’t answer your questions, we’ll tell you who can.
(see the home page for contact