Download:
pdf |
pdfPrivacy Impact Assessment
for the
Boating Accident Report Database
November 12, 2009
Contact Point
Susan Tomczuk
United States Coast Guard
Office of Auxiliary and Boating Safety
Boating Safety Division
202-372-1103
Reviewing Official
Mary Ellen Callahan
Chief Privacy Officer
Department of Homeland Security
(703) 235-0780
�Privacy Impact Assessment
United States Coast Guard
Boating Accident Report Database
Page 2
Abstract
The Coast Guard is submitting a Privacy Impact Assessment (PIA) for the Boating Accident Report Database
(BARD). The database serves as a receptical for boating accident report data submitted by each of the 56
state and territorial reporting authorities as required by 46 USC § 6102. A PIA is required because the
database contains personally identifiable information.
Overview
The mission of the Coast Guard Recreational Boating Safety (RBS) program is to reduce the number
of deaths and injuries on the nation’s waterways by improving recreational boating safety. The broader
mission of the National RBS Program is “to ensure the public has a safe, secure, and enjoyable recreational
boating experience by implementing programs that minimize the loss of life, personal injury, and property
damage while cooperating with environmental and national security efforts.” To that end, the purpose of
the BARD system is to store data to generate metrics on boating safety for safety regulations, studies and
publications. The database also exists so that the public can request boating accident records through the
Freedom of Information Act.
Under federal regulations 1 the operator of any uninspected numbered vessel or an uninspected
vessel that was used for recreational purposes is required to file a Boating Accident Report (BAR) when, as a
result of an occurrence that involves the vessel or its equipment; a person dies, a person disappears from
the vessel under circumstances that indicate death or injury, a person is injured and requires medical
treatment beyond first aid, damage to vessels and other property totals $2,000 or more, and/or there is a
complete loss of any vessel. Boat operators or owners must submit these reports within 48 hours of an
occurrence if at least one of the following circumstances is met: 1) a person dies within 24 hours of the
occurrence; 2) a person requires medical treatment beyond first aid; and/or 3) a person disappears from
the vessel. Reports of incidents involving a death that occurred after 24 hours of the accident or property
damage only must be submitted within 10 days of the accident. If the aforementioned conditions are met,
the federal regulations state that the operator or owner must report the accident to a reporting authority.
The reporting authority can be either in the state where the accident occurred or the state in which the
vessel was registered. The owner must submit the report if the operator is deceased or unable to file the
report 2 .
Knowledge of the aforementioned reporting requirements stems largely from state and
organization efforts to educate boaters through classes, online resources, and in publications. The
organizations may include government agencies, non-profit and for-profit organizations. These
organizations range from carbon monoxide awareness advocates to Coast Guard Auxiliarists who teach
boating safety courses to businesses that offer on-the-water training. It is through these resources or at the
1
46 USC § 6102 and is further outlined in 33 CFR 173, 33 CFR Part 173; Subpart C – Casualty and Accident
Reporting.
2
The minimum reporting requirements are set by Federal regulation while states are allowed to have stricter
requirements. For example, some states have a lower threshold for reporting damage to vessels and other property.
Federal Regulations (33 CFR 174.121) require accident report data to be forwarded to Coast Guard headquarters
within 30 days of receipt by a state.
�Privacy Impact Assessment
United States Coast Guard
Boating Accident Report Database
Page 3
scene of an accident that many boaters are made aware of reporting time frames and are given boating
accident report forms.
The requirements of a report of a boating accident are outlined in 33 CFR 173.57. The U.S. Coast
Guard has a version of the report form that state reporting authorities may use. Many state reporting
authorities chose to use their own boating accident report form (BAR form) which may have more fields
than what is required in the CFR. Many state reporting authorities also collect information on forms
designed for accident investigators. Such forms may include more fields than those required in the CFR as
well as spaces for diagramming. Once the state reporting authority receives a BAR form or information
from an investigator, state officials review it for completeness and accuracy and determine the overall cause
of the accident. State officials then use the BARD system to enter the information.
Regarding the set up of the BARD system, there are two applications through which state reporting
authorities can enter information about accidents. The most widespread application is an internet
application called BARD-Web, which facilitates the near real-time transfer of accident report data from each
state reporting authority to the Coast Guard. After logging onto the HTTPS protocol website with 128-bit
SSL based encryption, state reporting authority users are presented with their state-specific configuration.
Each state reporting authority has the ability to enter accident reports with a function called “Accident
Management.” Using this function, a user can create a new record for each paper boating accident report
that it has received. A user clicks on a link called “New accident report” and five tabbed forms appear.
Each tab relates to a group of like information. The “Accident” tab relates to overview information of the
accident including the date/time/location of the accident, the weather conditions, and the cause and type
of accident. The user is able to tab through fields to type in data and save the tab. Then, he/she moves
onto the other remaining tabs. The “Vessel” tab contains information that pertains to the vessels and
includes descriptions of the vessels involved in the accident as well as the boating safety instruction level
and experience of operators involved. The “People” tab contains information that is pertinent to the people
involved in the accident including operators, occupants, and witnesses. Information about casualty victims
includes the type of injury/cause of death, role of the victim (i.e., operator, occupant, water skier, etc), and
whether a propeller strike was involved. The “Other information” tab contains a text box where a user can
type in a narrative for the accident. Finally, the “Human Error Coding” tab contains phrases used to
describe the role that humans played in the accident. A user can link these phrases with each vessel if
human error was a factor in the accident. This section allows the Coast Guard to better analyze the role that
humans play in accidents. Aside from the ability to enter boating accident report information in BARD,
state reporting authorities have the capability to print accident report forms from the entered records for
hard copy storage.
There are three states that currently have their own state-wide or agency-wide electronic database
for managing accident reports. For state reporting authorities that use an electronic reporting system apart
from BARD, their data is automatically transferred from their system to BARD on at least a monthly basis
through a data transfer web service. The State is responsible for making sure the data coming into BARDWeb is the same as the data in their system and that it satisfies all USCG requirements. For example, the
total number of accidents, total number of vessels involved, total number of injuries, total number of
deceased, total number of disappearance, and total property damage amount should be identical in both
systems.
�Privacy Impact Assessment
United States Coast Guard
Boating Accident Report Database
Page 4
State reporting authorities can retrieve their data from BARD. One way by which states can obtain
a full download of all of their accident reports is by using the “Download” function in BARD which allows
the user to define the date range and the origin (national or jurisdiction-specific) of data they desire, and
download accident reports into a Microsoft Access database. If a user selects national or a jurisdiction other
than his/her own, the user will not be able to obtain a field that contains PII. Users can also retrieve data
through queries which allow the user to fine tune the fields that he/she desires. Users can filter data by
jurisdiction, time range and fields. For example, if a user wanted to find accident records that involved a
collision with a fixed object on personal watercraft on the Severn River in 2009, a user would use the query
wizard and set the filters. The results can be returned in a number of formats including .xls, .txt, and .xml.
Query results would be presented such that each row would represent an accident record and each column
would indicate the field that was queried. Users can also receive “counts” of information using the query
function. For example, if a user wanted to find the number of casualties occurring in his/her jurisdiction
in 2008, a user would set up the following query such that he/she would pull in the number of dead,
missing and injured, select the function “sum”, and enter the time period 01/01/2008 to 12/31/2008.
Query results would return one row and three columns of data: the number of dead, missing, and injured
for all accident reports entered in 2008 for that jurisdiction would be presented in the row. Number of
dead, missing, and injured would be the titles of the columns.
The second application used in the BARD system is the predecessor to BARD-Web, BARD-Interim
(BARD-I). BARD-I is a relational database management system application programmed in Boreland Delphi
and uses Corel Paradox and Microsoft Access to hold data. Only one jurisdiction uses BARD-I to manage
their accident data and they export data to the Coast Guard once a month for inclusion in BARD-Web
online.
Using either application, state reporting authorities have the ability to input, at a minimum, the
required elements listed under federal regulations in 33 CFR 173.57. In general, the information required
provides an overview of the accident, information specific to the vessel and operator, and information
about the victims. The Coast Guard collects names because names are required to be collected under
federal law. 33 CFR 173.57(b), (h), (i), (k), (n), (x), and (z) require PII collection. Aside from inputting
the initial data, state reporting authorities have the ability to edit and delete records in the system. Before
records are submitted to the Coast Guard for review, they can move through a tiered system of online
review by representatives of the state reporting authority. When the record is deemed accurate by the
highest level of the tier, it can be submitted for review to the Coast Guard. Even after the record has been
submitted for approval, the state reporting authority can still alter it and resubmit it.
BARD is not currently linked to other systems (USCG or otherwise) and therefore does not share
data with other systems. However, BARD users may extract and release data as follows: 1) USCG users have
the ability to download a set of data for a state and have the ability to query a selection of data for a state,
multiple states, or nation. Neither of these methods allows the user to access PII. 2) The USCG
Administrator for BARD has the ability to request a database directly from the contractor that will include
PII. 3) State reporting authorities have the ability to query their own state information and obtain PII.
They can also download state or national data, the latter having PII removed.
Although the data in BARD is owned by the Boating Safety Division of the Office of Auxiliary and
Boating Safety, the information is entered and stored on servers owned by a contracted company.
Information from BARD is used for regulatory and non-regulatory purposes. Information has been
�Privacy Impact Assessment
United States Coast Guard
Boating Accident Report Database
Page 5
used to analyze whether a regulation would save casualties. An example of a current study is an analysis to
determine whether a lanyard would prevent the propeller-caused injuries of operators who fall overboard a
vessel. Information has also been used for non-regulatory purposes. Data from BARD has been used to
respond to Freedom of Information Act requests, to create the Coast Guard’s annual report on recreational
boating accidents, and to generate statistics on safety hazards.
Section 1.0 Characterization of the Information
The following questions are intended to define the scope of the information requested and/or
collected as well as reasons for its collection as part of the program, system, rule, or technology being
developed.
1.1
What information is collected, used, disseminated, or
maintained in the system?
Each report required by the Report of Casualty or Accident (33 CFR 173.55) must contain, if
available, at least the following information about the casualty or accident:
Overview information:
•
•
•
•
•
•
•
•
Name of the nearest city or town, the county, the State, and the body of water;
Time and date the casualty or accident occurred;
Location on the water;
Visibility, weather, and water conditions;
Estimated air and water temperatures;
Weather forecasts available and weather reports used by the operator before and during the use of
the vessel.
Description of the vessel casualty or accident;
Opinion of the person making the report as to the cause of the casualty, including whether or not
alcohol or drugs, or both, was a cause or contributed to causing the casualty;
Vessel information:
•
•
•
•
•
•
•
•
•
Numbers and names of each vessel involved;
Name and address of each owner of each vessel involved;
The name, address, age, or date of birth, telephone number, vessel operating experience, and
boating safety training of the operator making the report;
Name and address of each operator of each vessel involved;
Number of persons on board or towed on skis by each vessel;
Availability and use of personal flotation devices;
Type and amount of each fire extinguisher used, if any;
Description of all property damage and vessel damage with an estimate of the cost of all repairs;
Description of each equipment failure that caused or contributed to the cause of the casualty;
�Privacy Impact Assessment
United States Coast Guard
Boating Accident Report Database
Page 6
•
•
•
•
Opinion of the person making the report as to the cause of the casualty, including whether or not
alcohol or drugs, or both, was a cause or contributed to causing the casualty
Type of vessel operation (cruising, drifting, fishing, hunting, skiing, racing, or other);
and the type of accident (capsizing, sinking, fire, or explosion or other);
Make, model, type (open, cabin, house, or other), beam width at widest point, length, depth from
transom to keel, horsepower, propulsion (outboard, inboard, inboard outdrive, sail, or other), fuel
(gas, diesel, or other), construction (wood, steel, aluminum, plastic, fiberglass, or other), and year
built (model year), of the reporting operator's vessel;
Manufacturer's hull identification number, if any, of the reporting operator's vessel.
Casualty information:
•
•
•
Name, address, and date of birth of each person injured or killed;
Cause of each death;
Nature and extent of each injury.
Other information:
•
•
•
Name and address of each owner of property involved;
Name, address, and telephone number of each witness;
Name, address, and telephone number of the person submitting the report.
1.2
What are the sources of the information in the system?
The sources of information include the owners and/or operators of vessels involved in accidents as
outlined in 33 CFR 173.55. Frequently, information is also provided from state or Coast Guard
investigations. In addition, information from Coast Guard sources such as the Marine Information for
Safety and Law Enforcement (MISLE) 3 may be used to supplement information on an accident.
1.3
Why is the information being collected, used,
disseminated, or maintained?
The information is being collected, used, disseminated and maintained because of United States
Code which, under 46 U.S.C. § 6102 (b), states, “The Secretary shall collect, analyze, and publish reports,
information, and statistics on marine casualties…”
1.4
How is the information collected?
Information is collected from owners and/or operators of vessels involved in accidents using an
OMB-approved form, CG-3865, the Boating Accident Report form. Once the owner/operator has filled
out the accident report form in accordance with 33 CFR 173.55, he/she is supposed to submit it to the
3
Please see the Marine Information for Safety and Law Enforcement PIA and SORN at www.dhs.gov/privacy for
additional information.
�Privacy Impact Assessment
United States Coast Guard
Boating Accident Report Database
Page 7
nearest state reporting authority in accordance with 33 CFR 173.59.
Some states also have their own state investigation form which may be used to supplement the
boating accident report form that is completed by the owner/operator.
1.5
How will the information be checked for accuracy?
To analyze data for accuracy, the Coast Guard reads the narrative of the accident and compares it
with a number of fields in the accident report to make sure that the information has been coded correctly.
In 2007 the Coast Guard focused on fields such as accident types, causes, time of accident, primary injury,
secondary injury, cause of death, accident description, boat type, boat length, and victim status.
The Coast Guard standardizes data. Each state reporting authority has access to the BARD system to
input boating accident reports. Each authority’s access to the system is designed after that state’s BAR form.
The outcome of this data entry design is that, from a national standpoint, state entry forms not only look
different from each other but sometimes have different information on each. For example, while the Coast
Guard would describe an accident where a skier lost his/her balance and fell during a turn as a “Skier
Mishap,” the state might describe it as a “Miscellaneous Water Sports” accident.
In addition to nonstandard fields, the Coast Guard also receives incomplete data which could be a
reflection of incomplete information from the BAR Form Respondent (Operator/Owner), the State
Investigator, the State Analyst, and/or it could indicate an error in the BARD-Web data extraction process.
For example, some states only provide 3-4 word accident descriptions while others are detailed. The Coast
Guard works with each state to ensure that information is as complete as possible.
The Coast Guard communicates with states in an attempt to get the most complete and accurate
data available. In 2007 the Coast Guard underwent a review process that included: confirming that reports
were submitted; reviewing and discussing data with the state; and agreeing on a data code (a two-month
intensive project).
1.6
What specific legal authorities, arrangements, and/or
agreements defined the collection of information?
The requirement for the owner/operator to report resides in 33 CFR 173.55 (c) 4 . In addition to
the CFR, there are other documents that outline state agreements to report recreational boating accidents to
the Coast Guard. In order to be eligible to receive federal funding for its boating safety program, the state
reporting authority must have an approved marine casualty reporting system as outlined in 46 U.S.C. §
13102 (c) (5) which states that “The Secretary shall approve a State recreational boating safety program,
and the program is eligible to receive amounts authorized to be expended under section 13106 of this title,
if the program includes…” (5) “a system, approved by the Secretary for reporting marine casualties
4
“When the operator of a vessel cannot submit the casualty or accident report required by paragraph (a) of this
section, the owner shall submit the casualty or accident report.” The forwarding of information from
owners/operators of vessels involved in accidents from the state reporting authority to the Coast Guard is defined by
33 CFR 174.121 which states, “Within 30 days of the receipt of a casualty or accident report, each State that has an
approved numbering system must forward a copy of that report to the Commandant (G-OPB), U.S. Coast
Guard,…”.
�Privacy Impact Assessment
United States Coast Guard
Boating Accident Report Database
Page 8
required under section 6102 of this title.”
In addition to U.S.C., there are Memoranda of Understanding (MOUs) between the Coast Guard
and each state that has an approved state recreational boating safety program that require the state to
investigate all recreational boating safety accidents. Under the MOU, the state should review accident
reports that the department receives for “accuracy and completeness” and determine the cause and
circumstances of each reportable accident including whether or not alcohol or drugs were a factor. The
State also is under agreement to abstract accident data from boating accident reports for input into BARD.
1.7
Privacy Impact Analysis: Given the amount and type of
data collected, discuss the privacy risks identified and how
they were mitigated.
There are several areas where privacy impacts may be a concern. Privacy concerns exist on Coast
Guard property where files with PII are housed electronically on shared network drives and on paper in the
Boating Safety Division office. While the files are not encrypted, the Division has restricted access to
electronic folders that hold boating accident report data by authorizing that only select users have
administrative privileges to read files and an even smaller subgroup of authorized users have the
administrative privileges to modify and/or create files in the folder. Apart from electronic storage, PII in
paper form is housed in a secure cabinet.
Privacy concerns also exist within the BARD contractor’s site where the servers that host boating
accident report data are located. The company that currently manages BARD, agreed in their contract with
the Coast Guard to protect PII under the Privacy Act. The company also has taken precautionary measures
to protect data by restricting access to the building. Access codes are required to move within the building
and all visitors are escorted. Finally, the company has set firewalls to protect unauthorized access to the
system.
Privacy concerns are also apparent with offsite, USCG-contracted companies that use boating
accident report data in their work. The Boating Safety Division has mandated that offsite contractors sign
non-disclosure agreements if using boating accident report data.
Individuals who are included in reports may perceive a privacy risk if information in the report was
interpreted by others. Those who have access to PII in BARD data do not make decisions about individuals
involved in accidents; rather, those with access to the data make decisions based on aggregate statistics.
Thus, the risk of wrongful interpretation on in individual does not exist.
Section 2.0 Uses of the Information
The following questions are intended to delineate clearly the use of information and the accuracy
of the data being used.
2.1
Describe all the uses of information.
The Coast Guard uses the information collected for four main purposes: regulatory studies, and
non-regulatory studies, USCG Annual Report publication, and Freedom of Information Act requests.
�Privacy Impact Assessment
United States Coast Guard
Boating Accident Report Database
Page 9
The Boating Safety Division uses data abstracted from boating accident reports for regulatory and
non-regulatory studies. Examples of regulatory studies include a study to determine how many deaths and
injuries could be prevented had the operator of a vessel worn a wireless lanyard. For this study, the Coast
Guard focused on fields to determine the effectiveness of a lanyard including: accident description, prop
strike, primary injury, cause of death, and accident type. Examples of non-regulatory studies include
regional studies focused on topics such as nighttime boating or PFD wear rate on boat types, the latter of
which required fields such as time of accident, day/night, accident type, type of boat, life jackets onboard,
and life jackets accessible.
Every year the Boating Safety Division releases a statistical report on the prior year’s accident data.
The report presents abstracted data gathered from boating accident reports on four broad topics: causes of
accidents; accident types; casualty information; and operator/passenger information. Based on these topics,
the most pertinent fields collected in report forms include the following: causes of accident, accident types,
boat types, primary injury, cause of death, operator experience, operator age, injured age, and deceased
age.
In 2008 the Boating Safety Division received over 30 requests for information under the FOIA.
Roughly two-thirds of those requests were for specific boating accident records. Lawyers, claims adjusters
and investigators usually request specific boating records, identifying a person involved in an accident
(usually the name of an operator or casualty victim) or a description of a vessel (registration number, HIN,
boat name). Prior to responding to requests that involve PII, the Coast Guard requests that the originator
modify his or her request such that he/she does not request PII. If he/she agrees, the Coast Guard may
release a redacted version of the record. Coast Guard release of the record depends on the permission of
the state reporting authority that submitted the report. Under 46 U.S.C. 6102(b), the Coast Guard may
only use the data as the state would; if a state prohibits the release of data under statute, the Coast Guard
must as well. If the FOIA requester refuses to redefine his/her request, the Coast Guard will send the case
for review to the Coast Guard legal department. Other information requested under FOIA includes a year’s
worth of Coast Guard data (PII is removed), multi-year studies, and single-year studies.
In an effort to estimate casualties for Coast Guard and DHS quarterly casualty reports, the Coast
Guard keeps track of the number of accidents and casualties in two sources: BARD cases entered by the
states and news reports captured by the media that cover accidents that often times have not been entered
into BARD yet. When summed, these figures provide an estimate of accidents and casualties for a quarter.
In order to provide the best estimate, the Coast Guard periodically examines both databases to make sure
that the Coast Guard is not double counting an accident. One of the quickest identifiers of matching
records are the names of individuals involved in the accident.
The use of PII has allowed the Coast Guard to more easily track accidents and casualties and has put
us in a sturdier position to estimate casualties for our chain of command.
2.2
What types of tools are used to analyze data and what type
of data may be produced?
The tools used to analyze data and the types of data produced depend on the purpose of analysis. If
data is being analyzed for accuracy, the Division extracts BARD-Web data in the form of a Microsoft Access
database. The Division then extracts the data from Access into Microsoft Excel and Microsoft Word. Excel
is used for the fields with short character length whereas Word is used for fields such as the accident
�Privacy Impact Assessment
United States Coast Guard
Boating Accident Report Database
Page 10
narrative that have a much longer character length than what Excel cells are able to host.
If data is being analyzed for research requests, the Boating Safety Division usually takes extracted
information from BARD-Web into Microsoft Access or Microsoft Excel/Word. If using Access, the Coast
Guard frequently uses queries and pivot tables to sort and filter records. If using Excel, the Coast Guard
creates graphs and tables from queries and pivot tables.
Using these tools, data is usually released in the form of tables and graphs. Data can also be
released in a database format (such as .mdb) or as a PDF.
2.3
If the system uses commercial or publicly available data
please explain why and how it is used.
The BARD System does not use commercial or publicly available data. Data is collected from the
state reporting authorities who receive their information from the boat owners/operators and/or
investigators involved in boating accidents.
2.4
Privacy Impact Analysis: Describe any types of controls
that may be in place to ensure that information is handled
in accordance with the above described uses.
Please reference 1.7 for safeguards to protect information. If information is released as in the
aforementioned instances under Section 2, it is released in redacted form. Thus, PII is not present.
Section 3.0 Retention
The following questions are intended to outline how long information will be retained after the
initial collection.
3.1
What information is retained?
The Boating Safety Division at Coast Guard Headquarters stores historic boating accident data in
four tables in a Microsoft Access database. Fields in the “Overview information” section in 1.1 are stored
in one table and include the date, time, location, accident narrative and cause. Fields in the “Vessel
information” section mentioned in 1.1 are stored in another table and cover information about the vessels
and operators involved in accidents. Fields in the “Casualty information” section in 1.1 are stored in tables
(one for injured victims and one for deceased victims).
3.2
How long is information retained?
Information has been retained since 1969, although this information is retained in an offline
Microsoft Access database. All information is retained permanently, due to the requirements of CIM
521212A, SSIC 16750 Recreational Boating Safety confirmation..
�Privacy Impact Assessment
United States Coast Guard
Boating Accident Report Database
Page 11
3.3
Has the retention schedule been approved by the
component records officer and the National Archives and
Records Administration (NARA)?
Yes. Per CIM 5212.12A, SSIC 16750 Recreational Boating Safety, Item 7, records must be maintained
permanently. NARA authority N1-26-93-2.
3.4
Privacy Impact Analysis: Please discuss the risks
associated with the length of time data is retained and how
those risks are mitigated.
Retained information that includes PII is stored on two locations: on a shared network drive and on
CD-ROMs. There are five historic databases of accident report data stemming between the years 19952007 available on a folder in a Coast Guard shared network drive. Access to this folder to
view/modify/create has been restricted to a select group of individuals. One of the main risks of
information on the shared drive is the ability and ease of users to alter it without leaving a trail. One way
to check the accuracy of information is to run “counts” of accident records and fields to ensure that the
same number of entries that existed originally exist at the time of the checkup. Such a checkup would
ensure that records are not deleted or added, and that individual fields within a record are not modified. If
information has been modified, CD-ROMs that house original data can always be reloaded such that the
database can be replace in its original state.
Information is also stored on CD-ROMs. There are read-only CDs of historic data that are housed
in locked government-furnished property in the office of the Boating Safety Division.
Section 4.0 Internal Sharing and Disclosure
The following questions are intended to define the scope of sharing within the Department of
Homeland Security.
4. 1 With which internal organization(s) is the information
shared, what information is shared and for what purpose?
Information is shared internally in the Coast Guard. The two most frequent requestors of data are
the Boating Safety Division and the Office of Performance Measurement and Assessment. Both of these
offices request abstracted data, usually the number of accidents, deaths, and injuries during a specific time
period. The Boating Safety Division uses this information to assess our progress with the program. The
Office of Performance Measurement and Assessment uses this information for Coast Guard publications,
often in the form of quarterly reports or forecasts.
There are other offices within the Coast Guard that have requested abstracted data on a number of
topics including the number of incidents where flares cause fires on recreational boats, the number of
accidents on salt vs. non-salt waters, and the number of accidents and casualties by Coast Guard District.
These offices generally request data when prompted by a conference, publication, or media spotlight on a
�Privacy Impact Assessment
United States Coast Guard
Boating Accident Report Database
Page 12
subject.
There are also requests from Coast Guard Auxiliarists for abstracted information or for a database of
accident report data. Examples of abstracted information include the number of accidents, injuries, and
deaths by state. Examples of a database request would be all 2007 accident data for the states in that
Auxiliarist’s region. In the latter case, PII is removed from the database prior to sending. In general,
Auxiliarists request information in preparation for a media interview.
4.2
How is the information transmitted or disclosed?
Information is transmitted electronically, usually over the Coast Guard email network either in the
body of the email or as an attachment (.doc, .xls, .pdf). Beginning in 2009, information sent through
email will be encrypted. Information may also be placed on a shared network drive that is accessible to
authorized users only. Files that contain PII are password protected with only those authorized users
informed of the password.
4.3
Privacy Impact Analysis: Considering the extent of internal
information sharing, discuss the privacy risks associated
with the sharing and how they were mitigated.
In most cases where information is shared internally within the Coast Guard, the information
shared does not include PII. If PII is shared, the file will be first encrypted and then sent by email.
Section 5.0 External Sharing and Disclosure
The following questions are intended to define the content, scope, and authority for information
sharing external to DHS which includes Federal, state and local government, and the private sector.
5.1
With which external organization(s) is the information
shared, what information is shared, and for what purpose?
The Boating Safety Division shares information with a number of external organizations. In
general, PII is not shared with a non-contracted organization unless a Coast Guard lawyer has agreed to the
sharing. Contracted groups must sign a non-disclosure agreement before receiving data that has PII in it.
These external organizations include boating safety partners such as the National Association of State
Boating Law Administrators (NASBLA) and the National Boating Safety Advisory Council (NBSAC).
NASBLA is an association of the marine law enforcement departments of the fifty-six jurisdictions. A key
feature of the association is that they have committees that are tasked with developing public policy that
addresses boating safety issues. To accomplish this task, they often request data in the form of multi-year
databases (PII redacted) as well as abstracted data from the Coast Guard. In 2007, the committee requested
data on noncompliance with carriage requirements. The Boating Safety Division provided tables of abstract
data on life jacket and fire extinguisher carriage over a five-year period.
NBSAC is the Congressionally-mandated council that oversees the Boating Safety Division’s work.
�Privacy Impact Assessment
United States Coast Guard
Boating Accident Report Database
Page 13
The Council is made up of 21 representatives from the state, industry, and public sectors. Members of the
Council have requested studies by the Coast Guard including an analysis in the number of accidents, deaths,
and injuries on certain types of boats like “Go Fast” boats and the number of accidents, deaths, and injuries
that occur as a result of a loss of steering on personal watercraft (also known as jet skis). The Boating Safety
Division provides tables of abstracted data to address their concerns. NBSAC uses the information to decide
whether the Boating Safety Division should focus on a specific topic in the National Recreational Boating
Safety Program. The Boating Safety Division does not provide PII to the NBSAC.
Other boating safety partners include recipients of Coast Guard Boating Safety Division grants and
special interest groups that receive data. In fiscal year 2008, the Boating Safety Division issued thirty-seven
grants to non-profit organizations. Often, these grant recipients request boating safety data to support their
project. In one such instance, a grant was administered to an organization to analyze propeller strike
injuries. The Boating Safety Division provided all data received since 1969 to the individuals so that they
would be able to run the data through more advanced programs than what the Coast Guard has available.
Special interest groups use Boating Safety Division data to promote their causes. One such group
focuses on casualties resulting from carbon monoxide exposure and annually requests the number of
accidents, deaths, and injuries involving carbon monoxide. The Division releases information about the
boat, the state, and the date.
The final group of external organizations includes media representatives, consultants, and lawyers
who request data. Media representatives usually request databases or abstracted data to address an
investigative story. An example of such a request is a news station request for all search and rescue activity
in the Northwest United States and Alaska. Consultants typically request information that pertains to a
client. One request that the Division received was from an environmental consultant based in Texas who
requested five years of data for the state of Texas. The consultant’s aim was to identify pollution committed
by recreational boat operators. Finally, lawyers frequently request information as discussed in 2.1.
5.2
Is the sharing of personally identifiable information outside
the Department compatible with the original collection? If
so, is it covered by an appropriate routine use in a SORN?
If so, please describe. If not, please describe under what
legal mechanism the program or system is allowed to
share the personally identifiable information outside of
DHS.
Boating Safety Division staff members are not permitted to share PII with outside entities unless a
Coast Guard lawyer from The Office of General Law (CG-0944) has cleared the release of the data.
5.3
How is the information shared outside the Department and
what security measures safeguard its transmission?
If information is shared, the Boating Safety Division follows the same procedure as that outlined in
4.2.
If, as described in 1.7, a contractor has been granted access to data with PII and has signed the
�Privacy Impact Assessment
United States Coast Guard
Boating Accident Report Database
Page 14
appropriate non-disclosure agreements, data is usually sent via postal service on a CD-Rom with a
Confidentiality Notice and an explanatory letter.
5.4
Privacy Impact Analysis: Given the external sharing,
explain the privacy risks identified and describe how they
were mitigated.
Under most circumstances the Boating Safety Division does not release PII unless a Coast Guard
lawyer from The Office of General Law (CG-0944) has cleared the release of the data. Instead, the Division
will release either redacted databases, redacted records, or abstracted information.
Only if a Coast Guard lawyer has ruled against a redaction of information or has granted an
individual access to data will the Boating Safety Division release a record containing PII. On those rare
occasions where PII is determined to be releasable under FOIA, the individual whose PII is released is not
notified beforehand.
Section 6.0 Notice
The following questions are directed at notice to the individual of the scope of information
collected, the right to consent to uses of said information, and the right to decline to provide information.
6.1
Was notice provided to the individual prior to collection of
information?
No. The Coast Guard OMB-approved Boating Accident Report form (OMB Number 1625-0003;
CG-3865) on which boating accident data is collected only provides the circumstances under which an
individual must report and the expected time necessary to complete the form.
6.2
Do individuals have the opportunity and/or right to decline
to provide information?
Yes. The regulation surrounding the mandate to collect information (and what information to
collect) in 33 CFR 173.57 is vague such that the text mandates that fields of information must only be
collected if they are “available”. Furthermore, the boating accident report form that was approved by OMB
has the notice that indicates that information should be left blank if unknown.
6.3
No.
Do individuals have the right to consent to particular uses
of the information? If so, how does the individual exercise
the right?
�Privacy Impact Assessment
United States Coast Guard
Boating Accident Report Database
Page 15
6.4
Privacy Impact Analysis: Describe how notice is provided
to individuals, and how the risks associated with
individuals being unaware of the collection are mitigated.
Although there is not an explanation of the purpose of the form, the risk regarding the collection is
mitigated since access to the data collected is restricted physically and electronically.
Section 7.0 Access, Redress and Correction
The following questions are directed at an individual’s ability to ensure the accuracy of the
information collected about them.
7.1
What are the procedures that allow individuals to gain
access to their information?
Individuals may request a boating accident record about themselves through the Privacy Act.
Individuals may email [email protected] or write to Commandant (CG-611), 2100 2nd Street, SW,
Washington, DC 20593-0001, Attn: FOIA. Information on how to submit a FOIA can be found on
http://www.uscg.mil/global/foia.asp.
7.2
What are the procedures for correcting inaccurate or
erroneous information?
A procedure to correct inaccurate or erroneous information does not yet exist.
7.3
How are individuals notified of the procedures for
correcting their information?
Individuals are not notified of a procedure to correct information because a procedure does not yet
exist.
7.4
If no formal redress is provided, what alternatives are
available to the individual?
The individual may contact the state reporting authority to whom he/she/the operator/owner of
the vessel that was involved in an accident reported.
7.5
Privacy Impact Analysis: Please discuss the privacy risks
associated with the redress available to individuals and
how those risks are mitigated.
There currently is no Coast Guard policy regarding the redress of PII with regard to the BARD
system. An individual may contact the state reporting authority regarding a redress of information. The
�Privacy Impact Assessment
United States Coast Guard
Boating Accident Report Database
Page 16
privacy risk surrounding an individual’s access or modification of a record about him/herself involve the
verification of a person’s identity. As stated in the FOIA manual COMDTINST M5260.3, the individual
must either have a notarized statement indicating that he/she is the person as stated or present him/herself
in person with a valid form of identification.
Section 8.0 Technical Access and Security
The following questions are intended to describe technical safeguards and security measures.
8.1
What procedures are in place to determine which users
may access the system and are they documented?
BARD-Web users are grouped and endowed with a level of privileges discussed in the Overview of
this document. Their use of queries is documented by the contractor as is their communication with the
contracted company.
8.2
Will Department contractors have access to the system?
Yes. Boating Safety Division contractors have access to the system because they often interact with
the state reporting authorities to make sure that accident reports are submitted in a timely manner and are
as complete and accurate as possible. Contractors need to have access to individual records to be able to
identify reports.
8.3
Describe what privacy training is provided to users either
generally or specifically relevant to the program or
system?
Privacy training is not a component in the BARD-Web system training that is provided to the state
reporting authorities. Part of the reason why privacy training is not included in the BARD-Web System is
because users own the information they provide. Privacy training would be redundant since they already
have access to their data even without BARD-Web.
8.4
Has Certification & Accreditation been completed for the
system or systems supporting the program?
No. The Coast Guard Telecommunication and Information Assurance Division has determined that
a formal Certification & Accreditation is not required. The site BARD uses to obtain data is not owned or
operated by the Coast Guard and does not contain Coast Guard data. The Coast Guard contracts annually
with the site owner allowing the Coast Guard Boating Safety Division to pull data for statistical and
analytical review.
8.5
What auditing measures and technical safeguards are in
place to prevent misuse of data?
To prevent misuse of data, the Coast Guard has restricted physical and electronic access to data.
�Privacy Impact Assessment
United States Coast Guard
Boating Accident Report Database
Page 17
Physically, the BARD contractor that houses the servers with the BARD data has used badges and access
codes to prevent unauthorized access. CD-ROMs with BARD data have been locked in cabinets. Electronic
databases have been protected such that only authorized users can access them. Furthermore, files with PII
have been password-protected. Contractors have signed non-disclosure agreements that include a pledge to
protect the information.
To audit data, Coast Guard will perform “counts” of data to ensure that data has not been modified
in its databases.
8.6
Privacy Impact Analysis: Given the sensitivity and scope of
the information collected, as well as any information
sharing conducted on the system, what privacy risks were
identified and how do the security controls mitigate them?
As stated in 1.7, there are several areas where privacy impacts may be a concern. Privacy concerns
exist on Coast Guard property where files with PII are housed electronically on shared network drives and
on paper in the Boating Safety Division office. The Division has restricted access to electronic folders that
hold boating accident report data by authorizing that only select users have administrative privileges to read
files and an even smaller subgroup of authorized users have the administrative privileges to modify and/or
create files in the folder. Those files with PII are also password protected. Apart from electronic storage,
PII in paper form is housed in a secure cabinet.
Privacy concerns also exist within the BARD contractor’s site where the servers that host boating
accident report data are located. The company that currently manages BARD, , agreed in their contract with
the Coast Guard to protect personal information under the Privacy Act. The company also has taken
precautionary measures to protect data by restricting access to the building. Access codes are required to
move within the building and all visitors are escorted. Finally, the company has set firewalls to protect
unauthorized access to the system.
Privacy concerns are also apparent with offsite, contracted companies that use boating accident
report data in their work. The Boating Safety Division has mandated that offsite contractors sign nondisclosure agreements if using boating accident report data.
Section 9.0 Technology
The following questions are directed at critically analyzing the selection process for any
technologies utilized by the system, including system hardware, RFID, biometrics and other technology.
9.1
What type of project is the program or system?
The system serves as an operational project.
9.2
What stage of development is the system in and what
project development lifecycle was used?
The system is in its Operations and Support stage.
�Privacy Impact Assessment
United States Coast Guard
Boating Accident Report Database
Page 18
9.3
Does the project employ technology which may raise
privacy concerns? If so please discuss their
implementation.
No, the BARD technology system is a secure computer network with firewall and password
protection established to safeguard any privacy concerns.
Approval Signature
Original signed and file with the DHS Privacy Office
Mary Ellen Callahan
Chief Privacy Officer
Department of Homeland Security
�
| File Type | application/pdf |
| File Title | Department of Homeland Security Privacy Impact Assessment Boating Accident Report Database |
| Author | U.S. Department of Homeland Security, Privacy Office |
| File Modified | 2009-11-18 |
| File Created | 2009-11-16 |