The data acquired, assembled, evaluated, stored and/or disclosed by Data Driven Safety (the DDS Restricted Data) may be subject to legal restrictions governing its use and disclosure. This means that DDS may take specific actions to ensure the DDS Restricted Data is used correctly by its clients. DDS is committed to maintaining compliance with all applicable legal requirements.
In addition, DDS seeks to ensure that all information in its possession is used fairly, responsibly and ethically. This mission is advanced by our:
- rigorous client vetting process;
- proprietary data management and quality assurance;
- adherence to transparent data privacy principles; and
- robust data security program.
This page provides resources for DDS clients to ensure they properly handle DDS Restricted Data in compliance with applicable legal requirements. This information is not legal advice and DDS clients should consider seeking legal counsel before obtaining DDS Restricted Data.
Driver’s Privacy Protection Act
The Driver’s Privacy Protection Act (DPPA) is a federal law designed to protect the privacy of motorists’ personal information (PII) from unauthorized disclosure. The DPPA only allows certain DMV agencies to release PII (e.g., name and address) to organizations that have permissible use(s) for the protected data. Some states have enacted similar laws that restrict disclosure of motorists’ PII.
DDS obtains PII from numerous DMV agencies in support of our Envision driver monitoring service and MVA reCOUP health care recovery program, along with several custom Prism solutions, based on one or more of the following permissible uses:
- relating to motor vehicle and driver safety,
- relating to identity verification,
- relating to litigation,
- relating to research,
- relating to insurance support organizations,
- relating to CDL driver monitoring, and/or
- with the motorist’s consent.
DDS maintains motorists’ PII to ensure that all records are:
- clearly identified in our source management system;
- contain a compulsory data field that indicates the specific use restrictions;
- housed in databases that employ full disk encryption and active logging;
- available only to DDS employees with a documented need-to-know; and
- correctly cataloged and appropriately transfer-restricted.
Fair Credit Reporting Act
The Fair Credit Reporting Act (FCRA) is a federal law designed to (1) prevent the misuse of sensitive consumer report information by limiting recipients to those who have a legitimate need for it; (2) improve the accuracy and integrity of consumer reports; and (3) promote the efficiency of the nation’s banking and consumer credit systems. It requires all consumer reporting agencies (CRAs) to adopt reasonable procedures for providing information that bears on a person’s ability to obtain/maintain insurance and employment. The FCRA also imposes requirements on users of consumer reports, including the obligation to provide adverse action notices in certain circumstances. The Federal Trade Commission (FTC) and other regulators actively enforce the FCRA.
DDS’s eLUMINATE and Envision products are consumer reports that have the potential to adversely affect the employment status of certain employees, such as a childcare worker recently convicted of assault on a child or a driver whose license has been suspended as a result of a second DUI conviction.
DDS’s Prism services are also consumer reports that have the potential to adversely affect the availability and/or pricing of automotive and/or life insurance for certain persons.
Following are links to a series of resources from the FTC that can be consulted to assess the obligations surrounding the disclosure and use of consumer reports.
FTC Publications for DDS Clients as Users of Consumer Reports
- Background Checks: What Employers Need to Know
- Using Consumer Reports: What Employers Need to Know
- Consumer Reports: What Insurers Need to Know
- Using Consumer Reports for Credit Decisions
- Disposing of Consumer Report Information
- Background Screening Reports and the FCRA
FTC Publications for Consumers
The Equal Employment Opportunity Commission (EEOC) is a federal agency tasked with enforcing employees’ federal rights against discrimination in the workforce under Title VII of the Civil Rights Act, the Age Discrimination in Employment Act, the Worker Adjustment and Retraining Notification Act, and the Americans with Disabilities Act.
Criminal record information obtained from DDS should only be obtained when the information relates to the employee’s job duties. Following are links to a series of resources from the EEOC that can be consulted to assess the obligations surrounding the disclosure and use of criminal record information.
- Background Checks: What Employers Need to Know (joint publication between EEOC and FTC)
- EEOC Enforcement Guidance: Consideration of Arrest and Conviction Records in Employment Decisions
- What You Should Know About the EEOC and Arrest and Conviction Records
Health Information Privacy
The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) established a set of national standards for the protection of confidential health information. The U.S. Department of Health and Human Services (HHS) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
A major goal of the Privacy Rule is to assure that health information is properly protected while allowing the flow of health information needed to protect the public’s health and well-being. The Privacy Rule strikes a balance that permits important uses of information in a manner that is sensitive to the privacy interests of persons who seek care and healing. The Privacy Rule regulates the use and disclosure of individuals’ health information — called “protected health information” by organizations subject to the Privacy Rule — called “Covered Entities,” and, by extension, their contractors which are referred to as “Business Associates.”
DDS is a Business Associate to Covered Entities when it receives protected health information to perform its MVA reCOUP service offering. DDS routinely enters Business Associate Agreements with its customers that are Covered Entities and complies with contractual obligations necessary to comply with the Privacy Rule.