A portion of the data acquired, assembled, evaluated, stored and/or disclosed by Data Driven Safety (the DDS Restricted Data) is subject to a number of legal restrictions. This means that DDS is required by statute and/or contract to take specific actions to ensure the DDS Restricted Data is used correctly. DDS is committed to maintaining compliance with all federal, state, local and contractual legal requirements.
In addition to meeting the minimum legal requirements imposed on us by law, DDS is proud to ensure that all information in its possession is used fairly, responsibly and ethically, as further described in Our Data. This mission is advanced by our:
rigorous client vetting process;
proprietary data management and quality assurance;
adherence to transparent data privacy principles; and
robust data security program.
While our team of in-house attorneys is not permitted to provide legal guidance to our customers (or anyone else, since we are not a law firm), below is additional information that may be of use to those affected and protected by DDS Restricted Data.
Important Laws, Notices and Policies:
Each of DDS’s product offerings adheres to the federal DPPA (and all related state laws. While only one permissible use must be demonstrated for data obtained under the DPPA, it is common for our services to meet several of these statutory exceptions simultaneously. All DDS services satisfy one or more of the following permissible uses authorized specifically by 18 U.S. Code § 2721(b):
- (2) – relating to motor vehicle and driver safety,
- (3) – relating to identity verification,
- (4) – relating to litigation,
- (5) – relating to research,
- (6) – relating to insurance support organizations,
- (9) – relating to CDL driver monitoring and/or
- (13) – with operator’s consent.
Beyond our legal right to obtain PII data from DMVs, DDS relies on a combination of substantive and procedural safeguards to ensure all data is maintained in a DPPA-compliant manner. In fact, all DPPA-restricted records are:
clearly identified in our source management system;
contain a compulsory data field that indicates the specific use restrictions;
housed in databases that employ full disk encryption and active logging;
available only to DDS employees with a documented need-to-know; and
correctly cataloged and appropriately transfer-restricted.
The FTC has worked for years to bring predictability to the complex legal issues found in the FCRA. In so doing, it has developed easy-to-understand materials that were designed to assist persons and organizations that are affected by the FCRA. Some of those documents are included below for your convenience. The full information is available at www.ftc.gov.
FTC Publications for Consumers
FTC Publications for DDS Clients
Additional FTC Publications Adhered to by DDS
The Equal Employment Opportunity Commission (EEOC) is a federal agency tasked with enforcing employees’ federal rights under Title VII, the Age Discrimination in Employment Act, the Worker Adjustment and Restraining Notification Act, and the Americans with Disabilities Act. This organization seeks to ensure (among other things) that criminal record information is not used in a discriminatory manner by employers.
Background Checks: What Employers Need to Know (joint publication between EEOC and FTC)
The Standards for Privacy of Individually Identifiable Health Information (Privacy Rule) established a set of national standards for the protection of confidential health information. The U.S. Department of Health and Human Services (HHS) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
A major goal of the Privacy Rule is to assure that health information is properly protected while allowing the flow of health information needed to protect the public’s health and well-being. The Privacy Rule strikes a balance that permits important uses of information in a manner that is sensitive to the privacy interests of persons who seek care and healing. It is designed to be both flexible and comprehensive so that it can adequately cover the variety of uses for which health data is needed.
The Privacy Rule regulates the use and disclosure of individuals’ health information—called “protected health information” by organizations subject to the Privacy Rule — called “Covered Entities,” and, by extension, their contractors which are referred to as “Business Associates.” DDS is a Business Associate to Covered Entities when it receives protected health information to perform its MVA reCOUP service offering.
DDS does not provide traditional background screening (e.g., eLUMINATE only delivers recent criminal convictions acquired from judicial data sources, and Envision is a forward-monitoring driver application). As a result, many state-specific laws that apply to background screening CRAs are inapplicable to our services (e.g., CRS § 12-14.3-105.3(1)(e), GA Code § 35-3-34(3)(b), Nevada Revised Statutes 598C.150(2), etc.). However, the following are examples of legislative mandates to which DDS complies at the state level.
- Alaska: DDS adheres to the spirit of AS §12.62.160(b)(8), which limits the disclosure by governmental agencies of non-conviction criminal justice information.
- California: DDS adheres to CA Civil Code §1786 et seq. (the ICRAA) and assists its clients in their continued compliance with the ICRAA. Upon proper verification and the payment of any necessary copying fees, employees and volunteers enrolled in the eLUMINATE and/or Envision programs may view the specific information (if any) submitted to their employer by requesting it from us by phone, through mail or by coming to our offices, during normal business hours. If you come in person, another person can come with you, so long as that person can show proper identification. The employees at DDS will be pleased to assist you in understanding the public record data that we have on file that relates to an offense reported by DDS to your employer. In addition, all such information is required to be shared with you by your employer in a timely manner, per the contractual terms of DDS’s agreement with your employer.
- Hawaii: DDS provides active filtering based on job responsibility in its eLUMINATE service to assist its clients in complying with HI Revised Statutes 2003 § 378-2.5(a)(b), which requires that a reported conviction bear a “rational relationship to the duties and responsibilities of the position.”
- Kentucky: DDS adheres to KRS Chapter 367.00 § 310, which prohibits a CRA from maintaining non-conviction information from judicial cases.
- Massachusetts: DDS adheres to M.G.L. Chapter 151 § 4(9) and assists its clients in their continued compliance with this statute by ensuring that its employment services do not provide either non-conviction information or first convictions to any of the following misdemeanors: drunkenness, simple assault, speeding, minor traffic violation, affray, or disturbance of the peace.
- Michigan: DDS does not provide non-conviction information for disposed cases to its clients in Michigan in an effort to assist them in adhering to Michigan Compiled Laws Act 453 of 1976 § 37.2205(a)(1).
- Minnesota: DDS adheres to Minnesota Statutes 2003 § 13.02(2) and assists its clients in their continued compliance with this statute by notifying you that you have the right to get from your employer a complete and accurate disclosure of the nature and scope of the consumer report report prepared by DDS, if any.
- New Mexico: DDS adheres to New Mexico Statute § 55-3-6, which (among other things) limits the reporting by CRAs of arrest-based information to the period of time that the case is pending before the applicable court.
- New York: DDS adheres to New York State Consolidated Laws Article 25 § 380-j, which (among other things) limits the reporting by CRAs of arrest-based information to the period of time that the case is pending before the applicable court. DDS also complies with New York City’s Fair Chance Act which requires (among other things) that employees be provided with a copy of New York’s law relating to how employers can treat persons previously convicted of a criminal offense. If you work in New York and have not received a copy of this law, feel free to view it here: New York Correction Law 23-A.
- Oklahoma: 24 OK Stat. § 24-148 requires the requestor or user of a consumer report to first provide written notice to the person who is the subject of the consumer report. This notice is required to inform the consumer that a consumer report will be used. It must contain a box that the consumer may check to receive a copy of the consumer report. When checked, the consumer is entitled to receive the report at no cost. DDS requires that such notification be previously provided by our clients to all persons prior to enrollment into our Envision and eLUMINATE programs.
For those of you that read through all of our legal terms and conditions and still want more:
DDS Website Terms and Conditions of Use
Envision Interface Terms and Conditions of Access
eLUMINATE Standard Terms
Intellectual Property Notification
Data Security Policy
Data Dissemination and Retention Policy