State of the ITS Industry

‹#›

U.S. Department of Transportation

Research and Innovative Technology Administration

√Implement “privacy by design” early in the process—note that all information can or should not have to be treated equally.

√Note that privacy is more than anonymity—it is also a set of clear, transparent, enforceable principles for how data will be collected, used, accessed, and/or stored.

√Fair Information Practice Principles (FIPPs): A solid example of how to best deal with information from both a privacy and information management perspective. FIPPs is a process for identifying the purpose of information collection and to determine if the correct information is being collected.

▪Good examples include: Department of Homeland Security (DHS), Health and Human Services (HHS), and the Organization for Economic Cooperation and Development (OECD).

µThe 2007 Privacy Principles for VII were based on the OECD principles.

Best Practices: Privacy


Technology and policy should be developed simultaneously.
	Avoid developing technology and then evaluating policy as an afterthought. If technical standards have been established early without considering governance, it becomes more difficult to integrate and implement a sound governance structure later in the process.
There is concern that having policy and governance as separate tracks and expecting to marry the two ideas at the end of the process could be difficult.
Consider what information is being collected and stored. This may warrant establishing a privacy and security working group. Examine questions such as: What information are you collecting? How long will it be stored? How is the consumer or public being informed? There needs to be “privacy by design” early in the process. It is important to understand that not all information can or should be treated equally.
	Identify and separate the types of information gathered (generic, androgynous, user specific, incentive-based) and determine if the governance structure will include the right to exclude access to certain information. Consider if collecting different types of information will result in different policy implementations.
Examine the end-to-end principle:
		In an ‘open network’, such as the Internet, there are very few control points in the network itself and it is based on simplicity and openness.
		The Internet is constantly leaking access / data, which spurs innovation, making it easy for entrepreneurs to gather data and generate new ideas. Leaking has positive aspects.
		Open standards and open access can be beneficial, but one should remain conscious of possible security issues.