Legal & Compliance

Legal & Compliance

The data acquired, assembled, evaluated, stored and/or disclosed by Data Driven Safety (the DDS Restricted Data) may be subject to legal restrictions governing its use and disclosure. This means that DDS may take specific actions to ensure the DDS Restricted Data is used correctly by its clients. DDS is committed to maintaining compliance with all applicable legal requirements.

In addition, DDS seeks to ensure that all information in its possession is used fairly, responsibly and ethically. This mission is advanced by our:

  • rigorous client vetting process;
  • proprietary data management and quality assurance;
  • adherence to transparent data privacy principles; and
  • robust data security program.

This page provides resources for DDS clients to ensure they properly handle DDS Restricted Data in compliance with applicable legal requirements. This information is not legal advice and DDS clients should consider seeking legal counsel before obtaining DDS Restricted Data.

 

Driver’s Privacy Protection Act

The Driver’s Privacy Protection Act (DPPA) is a federal law designed to protect the privacy of motorists’ personal information (PII) from unauthorized disclosure. The DPPA only allows certain DMV agencies to release PII (e.g., name and address) to organizations that have permissible use(s) for the protected data. Some states have enacted similar laws that restrict disclosure of motorists’ PII.

DDS obtains PII from numerous DMV agencies in support of our Envision driver monitoring service and MVA reCOUP health care recovery program, along with several custom Prism solutions, based on one or more of the following permissible uses:

  • relating to motor vehicle and driver safety,
  • relating to identity verification,
  • relating to litigation,
  • relating to research,
  • relating to insurance support organizations,
  • relating to CDL driver monitoring, and/or
  • with the motorist’s consent.

DDS maintains motorists’ PII to ensure that all records are:

  • clearly identified in our source management system;
  • contain a compulsory data field that indicates the specific use restrictions;
  • housed in databases that employ full disk encryption and active logging;
  • available only to DDS employees with a documented need-to-know; and
  • correctly cataloged and appropriately transfer-restricted.

 

Fair Credit Reporting Act

The Fair Credit Reporting Act (FCRA) is a federal law designed to (1) prevent the misuse of sensitive consumer report information by limiting recipients to those who have a legitimate need for it; (2) improve the accuracy and integrity of consumer reports; and (3) promote the efficiency of the nation’s banking and consumer credit systems. It requires all consumer reporting agencies (CRAs) to adopt reasonable procedures for providing information that bears on a person’s ability to obtain/maintain insurance and employment. The FCRA also imposes requirements on users of consumer reports, including the obligation to provide adverse action notices in certain circumstances. The Federal Trade Commission (FTC) and other regulators actively enforce the FCRA.

DDS’s eLUMINATE and Envision products are consumer reports that have the potential to adversely affect the employment status of certain employees, such as a childcare worker recently convicted of assault on a child or a driver whose license has been suspended as a result of a second DUI conviction.

DDS’s Prism services are also consumer reports that have the potential to adversely affect the availability and/or pricing of automotive and/or life insurance for certain persons.

Following are links to a series of resources from the FTC that can be consulted to assess the obligations surrounding the disclosure and use of consumer reports.

FTC Publications for DDS Clients as Users of Consumer Reports

FTC Publications for Consumers

 

FCRA Consumer Reporting and Disputes

Consumer Report Request and Notice of Consumer Dispute Instructions

To help Data Driven Safety process your request and/or investigate your dispute as quickly as possible, please click on the appropriate button below and follow the instructions. In order to avoid any delays, please read all of the instructions before proceeding.

Additional Information

View the Summary of Your Rights under the FCRA

If you believe you are the victim of identity theft, a copy of the FTC’s publication “Remedying the Effects of Identity Theft” may be found directly at: Remedying the Effects of Identity Theft.

 

Anti-Discrimination Laws

The Equal Employment Opportunity Commission (EEOC) is a federal agency tasked with enforcing employees’ federal rights against discrimination in the workforce under Title VII of the Civil Rights Act, the Age Discrimination in Employment Act, the Worker Adjustment and Retraining Notification Act, and the Americans with Disabilities Act.

Criminal record information obtained from DDS should only be obtained when the information relates to the employee’s job duties. Following are links to a series of resources from the EEOC that can be consulted to assess the obligations surrounding the disclosure and use of criminal record information.

 

Health Information Privacy

The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) established a set of national standards for the protection of confidential health information. The U.S. Department of Health and Human Services (HHS) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

A major goal of the Privacy Rule is to assure that health information is properly protected while allowing the flow of health information needed to protect the public’s health and well-being. The Privacy Rule strikes a balance that permits important uses of information in a manner that is sensitive to the privacy interests of persons who seek care and healing. The Privacy Rule regulates the use and disclosure of individuals’ health information—called “protected health information” by organizations subject to the Privacy Rule — called “Covered Entities,” and, by extension, their contractors which are referred to as “Business Associates.”

DDS is a Business Associate to Covered Entities when it receives protected health information to perform its MVA reCOUP service offering. DDS routinely enters Business Associate Agreements with its customers that are Covered Entities and complies with contractual obligations necessary to comply with the Privacy Rule.

 

DDS Policies