Microsoft Word - PII_protection

Page

Express Lanes Program

Personally Identifiable Information Protection Protocol

Background

The Alameda County Transportation Commission (“Alameda CTC”) operates two

express lane systems: the I-580 Express Lanes and the I-680 Sunol Express Lanes.

Alameda CTC operates the I-680 Sunol Express Lanes on behalf of the Sunol Smart

Carpool Lane Joint Powers Authority (“Sunol JPA”). The express lanes are FasTrak

toll

facilities that utilize All Electronic Toll (AET) collection methods to collect tolls. The

Alameda CTC express Lane Electronic Tolling Systems (ETSs) utilize FasTrak toll tags

(transponders) and/or license plates to identify vehicles for purposes of assessing tolls.

Pursuant to the Commission-adopted “Ordinance for Administration of Tolls and

Enforcement of Toll Violations for the I-580 Express Lanes,” if a vehicle uses the I-580

Express Lanes without a valid FasTrak toll tag then the license plate read by the ETS is

used to either assess a toll either by means of an existing FasTrak account to which the

license plate is registered or by issuing a notice of toll evasion violation to the registered

vehicle owner.

Both Alameda CTC and the Sunol JPA have cooperative agreements with the Bay Area

Toll Authority (BATA) for toll collection and customer services necessary to operate the

corresponding express lane facility. Toll collection relies on electronic transfer of files

between the Alameda CTC toll systems and the FasTrak Regional Customer Service

Center (RCSC), implemented by BATA’s consultant, to match toll tags and/or license

plates with FasTrak accounts. The RCSC also obtains owner information from the

Department of Motor Vehicles as needed to issue violation notices to motorists who

used the express lanes without a valid FasTrak account and provides owner account

information to Alameda CTC as needed for toll dispute escalation review.

The ETS requires collection and sharing of personally identifiable information (PII) in

connection with toll collection activities. PII is any information that is collected or

maintained by the RCSC or Alameda CTC that identifies or describes a person or can

be directly linked to a specific individual. Examples of PII include, but are not limited to,

name, address, phone or fax number, signature, FasTrak account number, credit card

information, toll tag number, license plate number, and travel pattern data. Specific

categories of PII subject to this protocol are identified under section entitled “Data

Collection and Use.” Alameda CTC may revise this protocol to include additional

categories in compliance with state law or other applicable rules.

Page

PurposeofProtocol

In order to administer the Express Lanes Program, it is necessary for Alameda CTC staff

and their consultant team to collect, store, share and use PII that is protected under the

California Information Practices Act (Civil Code sections 1798 et seq.) and the California

Streets and Highways Code (SHC) Section 31490, and all applicable statutes, rules,

regulations and orders of the United States, and the State of California relating to the

handling and confidentiality of PII. Alameda County CTC will implement and maintain

reasonable security procedures and practices to protect the information from

unauthorized access, destruction, use, modification, or disclosure.

Alameda CTC recognizes that protective data governance is necessary to ensure

confidentiality, integrity, accessibility, availability, and quality of data. The procedures

outlined in this protocol protect individual’s PII while allowing for timely and accurate

tolling of express lane users. Aggregate data that has been stripped of all PII is not

subject to this protocol.

This protocol shall become effective on___________________, and supersedes all prior

practices, guidelines and policies that are inconsistent with the rules and provisions

stated herein. This protocol shall remain in effect unless otherwise modified, revoked or

superseded as determined by Alameda CTC.

This protocol shall be posted on Alameda CTC’s website and be made physically

available to any interested party upon request to Alameda CTC.

DataCollectionandUse

Express lane user data will be collected by the ETS and used by Alameda CTC, BATA,

and their respective consultant teams for toll collection and evaluation of express lane

performance. Additional data collected by the RCSC may be shared with Alameda

CTC staff and consultants for toll dispute review purposes. Per SHC Section 23302, a

driver must have a transponder or other electronic toll payment device associated with

a valid Automatic Vehicle Identification account with a balance sufficient to pay those

tolls in order to use an AET facility. For the express lanes, this equates to having either a

properly mounted FasTrak toll tag or visible license plate registered to a valid FasTrak

account. Data collected or shared for the purpose of operating the express lanes

includes:



FasTrak toll tag number

 Vehicle license plate number and state

 FasTrak Ac

count Numb

 Customer name

 Record of customer activity in the express lane (travel

pattern data)

 Vehicle images (photographs)

 Toll tag occupancy setting

January 11, 2018

Page

 Toll tag status (e.g., valid, low balance, no balance, lost, stolen, non-revenue)

 Express Lane facility

 Express Lane trip date

 Express Lane trip entry point time, location, lane

 Express lane trip exit time, location, lane

 Express lane fare amount

 Vehicle speed

The data in BOLD is considered PII for purposes of this protocol; the remaining data that

is linked to the toll tag or license plate by the ETS and is deemed to be necessary to

implement the Express Lane Program. The data from the list that is not in bold is not

considered PII if it is used in an anonymous and aggregate format.

SecurityofPII

The PII obtained through the ETS is transmitted through secured communications lines

from the tolling equipment in the field to the Alameda CTC Toll Data Center (TDC),

which houses secured servers separate from the Alameda CTC agency servers. CTC

staff and consultants access the TDC data through secured communications. Though

most data pulled from the TDC is already aggregated, spreadsheets of individual

vehicle trip transactions are created for toll dispute reviews and express lane

performance analysis.

The other entities that will get express lane PII are BATA and the RCSC for the purpose of

FasTrak account maintenance, toll collection, and toll dispute review. Information

associated with FasTrak customer accounts is protected the FasTrak Privacy Policy

(included as Attachment A and incorporated herein).

PII collected or shared in association with the Express Lanes Program is subject to the

following communication guidelines:

 PII shall be stored on computer servers that are located in secure controlled

facilities meeting industry-accepted security standard.



 Servers used to store PII shall be designed with software and hardware that

incorporates physical security measures to prevent unauthorized access.



 Applicable security patches, upgrades, and anti-virus updates shall be applied

to secure PII as appropriate.



 Industry-accepted encryption mechanisms shall be applied to protect PII stored

on portable media including, but not limited to, laptops, thumb-drives, disks, and

tapes. Unencrypted PII shall not be stored on portable media.



 PII access for Alameda CTC Staff and Alameda CTC consultant staff will be

limited to specific employees who have approved access based on their

Page

specific work responsibilities, with the exception of Alameda CTC’s Toll System

Integrators (TSIs), who shall have the ability to access and maintain PII pursuant

to a service agreement with Alameda CTC and subject to special conditions

regarding the protection of PII. All employees with approved access will be

required to attend annual training on this protocol and other data privacy

protection measures as appropriate, and are required to annually sign a

Confidentiality Agreement/Non-disclosure form (included as Attachment B and

incorporated herein). Due to the number of employees for each TSI that may

interact with ETS data, each TSI under contract with Alameda CTC will be

required to execute a confidentiality agreement for PII (included as Attachment

C and incorporated herein).

 Electronic PII will be retained for no longer than the time frames specified in

subsections (c) and (d) of SHC Section 31490 (“Retention Period”). At the

conclusion of the Retention Period, Alameda CTC and its consultants will use

Department of Defense approved methods to permanent remove PII from any

files and sanitize storage media. Discarded PII will be unavailable and

unrecoverable following the purge on any storage media including, but not

limited to, magnetic disk, optical disk, and memory chips (“Storage Media”).

Hard-copy documents containing PII shall be destroyed by means of a cross-cut

shredding machine. 

ComplianceMonitoring

Alameda CTC will regularly perform security checks to ensure compliance with this

protocol. Security checks may include the following actions:

 Distribution of this privacy protocol to all participating organizations and staff

 Regular monitoring of access to TDC and Alameda CTC server files associated

with the Express Lanes program

 Regular contact with program partners to ensure that security protocols are in

effect

 Regular monitoring of electronic device security protections at each

participating organization

 Regular updates to file transfer security platforms to ensure high level of security is

maintained to data protection standards

Alameda CTC’s agreement with BATA also allows for auditing of BATA and RCSC

security policies and protocols to ensure compliance with these requirements.

If Alameda CTC believes there may have been a breach in security which has or may

have resulted in compromise to PII, Alameda CTC shall immediately inform BATA and

Page

the RCSC.

PublicDataRequests

An Express Lane FasTrak account user may submit a request in writing to Alameda CTC

to review any of his or her PII. Alameda CTC will not accept or process any user requests

to modify or update any portion of the user’s PII. All other public requests for access to

PII data will be processed in accordance with the California Public Records Act and all

other applicable laws. Alameda CTC will object to the release of any PII on the basis of

the user’s right to privacy which is protected under the California Information Practices

Act (Civil Code sections 1798 et seq.) and SHC section 31490, and all applicable

statutes, rules, regulations and orders of the United States, and the State of California

relating to the handling and confidentiality of PII.

Page

FASTRAK® PRIVACY POLICY

The effective date of this Privacy Policy is

December 15, 2010 Last Updated March 2, 2017

Overview

The Bay Area Toll Authority (BATA) is committed to ensuring customer privacy and security.

Specifically: (1) BATA will not provide personally identifiable information ("PII") from FasTrak®, License

Plate, or One-Time Payment Accounts (collectively referred to herein as "Accounts"), or, in the case of

the Golden Gate Bridge, obtained as a result of a customer's use of post-paid license plate toll invoices

to pay his or her tolls ("Invoices") to any third party without express customer consent, except as

described in this Privacy Policy; (2) such PII will never be provided to advertisers for their use; and (3)

BATA will maintain a secure environment for customer PII.

This Privacy Policy is intended to provide an understanding of how BATA handles PII collected by the

FasTrak®, License Plate, or One-Time Payment Account programs or as a result of a customer's use of

Invoices. Among other things, this policy explains the types of information collected from customers; the

third parties with whom BATA may share this information; and the process by which customers are

notified about material changes to this Policy.

BATA's contractor, Xerox State and Local Solutions, Inc. ("Xerox") operates the FasTrak® Customer

Service Center ("CSC") on behalf of BATA. BATA oversees Xerox. FasTrak®'s

terms and conditions

License Plate Account

terms and conditions

, and One-Time Payment Account

terms and conditions

notify customers that by enrolling in the FasTrak® Account, License Plate Account, or One-Time

Payment Account programs and using the system, the customer is allowing BATA, its contractor,

Xerox, and other third parties referenced herein, to process PII according to the provisions set forth in

those documents and this Privacy Policy.

Definitions

The following definitions apply:

Personally Identifiable Information (PII):

PII identifies or describes a person or can be directly linked

to a specific individual. Examples of PII include but are not limited to: a person's name, mailing address,

business name, alternate contact information, e-mail address, fax number, toll tag number(s), Account

number(s), license plate number(s) and state(s) of registration, vehicle make(s), model(s), year(s),

telephone number(s), credit card number(s), security code(s) and expiration date(s), and Travel Pattern

Data.

Travel Pattern Data:

A FasTrak® customer's toll tag number or License Plate or One-Time Payment

Account customer's license plate number, as appropriate, is collected, in addition to the number of

vehicle axles, as he or she drives through a toll booth to record the transaction and calculate the toll.

Express Lanes Program

Personally Identifiable Information Protection Protocol

ATTACHMENT A

Page

The tag number, or license plate number, in conjunction with the toll booth location and date and time

constitute a customer's Travel Pattern Data. For those customers using Invoices for payment, Travel

Pattern Data is collected the same way as for License Plate or One-time Payment Accounts. For travel

on Bay Area Express Lanes, Travel Pattern Data consists of a FasTrak® customer's toll tag number or

license plate number (for those customers with License Plate or One- Time Payment Accounts) as

applicable, along with date, time and location, which are collected at the entry and exit points of an

Express Lane. For those FasTrak® customers who participate in the San Francisco International

Airport (SFO) Parking Program, the dates and times when the customer enters and exits the SFO

Parking Garage through a FasTrak® equipped entry and exit lane as well as the specific parking

garage utilized also constitute Travel Pattern Data.

Aggregate Data or Aggregate Information:

Aggregate data or information is statistical information

that is derived from collective data that relates to a group or category of persons from which PII has

been removed. Aggregate data reflects the characteristics of a large group of anonymous people.

BATA may use aggregate data and provide aggregate data to others for such things as generating

statistical reports for the purpose of managing program operations for Accounts and Invoices.

FasTrak® Account:

A FasTrak® Account is an account that uses toll tags for toll payment. Such

accounts are established prior to trips and have a balance prepaid by credit card, check or cash. Upon

crossing the toll plaza, driving in an Express Lane as a Solo Driver or exiting the SFO Parking Garage,

the toll is deducted from the pre- paid balance.

License Plate Account:

A License Plate Account is an account for which tolls are paid based on the

vehicle's license plate number. Such accounts are established prior to trips and are backed by a valid

credit card or with a balance prepaid by check or cash. Upon crossing the toll plaza, or driving in a Bay

Area Express Lane as a Solo Driver, the toll is charged to the credit card or deducted from the pre-paid

balance.

One-Time Payment Account:

A One-Time Payment Account is similar to a License Plate Account, but

is limited in duration and requires a minimum payment of one toll trip.

Account or Accounts:

Refers to FasTrak®, License Plate, and One-Time Payment Accounts together.

Post-paid License Plate Toll Invoices ("Invoices"):

For those patrons who do not pre-establish a

FasTrak® Account, License Plate Account, or a One-Time Payment Account, a toll invoice will be sent

to the vehicle's registered owner. Invoices, as a mechanism for paying tolls, are used on the Golden

Gate Bridge only.

Bay Area Express Lanes:

The Bay Area Express Lanes are comprised of I-680 southbound from

Pleasanton to Milpitas, I-580 between Dublin and Livermore, both operated by the Alameda County

Transportation Commission ("ACTC"), SR-237 between Milpitas and San Jose, operated by the Santa

Clara Valley Transportation Authority ("VTA") and (commencing mid-year 2017) I-680 between Walnut

Creek and San Ramon, operated by the Bay Area Infrastructure Financing Authority ("BAIFA"). Each

Bay Area Express Lane is individually referred to as an "Express Lane."

Solo Driver:

A FasTrak® Customer who uses one of the Bay Area Express Lanes and does not

indicate through proper transponder use that he or she meets the occupancy requirements to qualify for

free tolls as a carpool.

Collection of Personally Identifiable Information:

BATA collects PII, including some or all of the

following during the Account registration process: name, business name, mailing address(es), e-mail

address, telephone number(s), fax number, signature (electronic or hard copy), license plate number(s)

and state(s) of registration, vehicle make(s), model(s), year(s), credit card number(s), expiration

date(s), and security code(s). After registration and a FasTrak® toll tag has been assigned to a

customer or a License Plate or One-time Payment Account has been associated with a license plate

number, the toll tag or license plate number, as applicable, and Travel Pattern Data is collected as a

Page

customer drives through a toll booth or the entrance and exit gantry to an Express Lane, if a Solo

Driver, to record the transaction. If a customer uses Invoices for payment (Golden Gate Bridge only),

that customer's license plate number and Travel Pattern Data is collected as he or she drives through a

toll booth to record the transaction. BATA obtains the identity of the vehicle's registered owner and

address for purposes of mailing an invoice to collect the toll. For those customers who participate in the

SFO Parking Program, BATA collects Travel Pattern Data when the customer enters and exits the SFO

Parking Garage through a FasTrak® equipped entry and exit lane.

How BATA uses Personally Identifiable Information

BATA uses the PII provided in order to process enrollments, manage accounts, collect payments,

respond to questions, send customer e-mails about Account and Invoices program updates, provide

information regarding significant changes to this Privacy Policy, and otherwise communicate with

customers.

BATA may also obtain information about a customer from other sources, such as the California

Department of Motor Vehicles ("DMV") and other state departments of motor vehicles, to pursue unpaid

amounts due or to send an invoice to a customer paying tolls through Invoices. In addition, where a

credit card number is associated with a customer's FasTrak® Account, BATA, through its CSC

Contractor, will attempt to update the expiration date before the credit card expires by obtaining such

information from BATA's credit card processing contractor. For travel on the Golden Gate Bridge, BATA

obtains a customer's Travel Pattern Data from the Golden Gate Bridge Highway and Transportation

District (GGBHTD). For travel on the Bay Area Express Lanes, BATA obtains a customer's Travel

Pattern Data from the respective agencies that operate them. Further, if you participate in the SFO

Parking Program, BATA obtains the dates and times when the customer enters and exits the SFO

Parking Garage through a FasTrak® equipped entry and exit lane as well as the specific parking garage

utilized from SFO.

PII is only utilized as described in this Privacy Policy.

Third Parties with Whom BATA May Share Personally Identifiable Information:

BATA may share PII with GGBHTD, ACTC, VTA, and BAIFA for the purpose of managing FasTrak®

and other electronic toll collection operations (i.e. License Plate Accounts, One-Time Payment

Accounts and Invoices). BATA may also share PII with other toll agencies within the State of California

for the purpose of managing FasTrak® operations. If you participate in the SFO Parking Program to pay

parking fees, BATA will share your FasTrak® toll tag number with SFO for the purpose of operating the

SFO Parking Program. In addition, BATA may share PII with SFO as necessary to resolve customer

disputes.

In addition, BATA hires third-party service providers for the purpose of operating the FasTrak® and

other electronic toll collection programs referenced above, such as managing Accounts, collecting

revenues due, and providing remote walk-in locations at which FasTrak®, License Plate Account, One-

time Payment Account, and Invoices customers can pay tolls in cash. The CSC Contractor, Xerox,

which may need to share PII with subcontractors to enable credit card processing and mailing services,

is one such service provider. These contractors are provided only with the PII they need to deliver the

services. BATA requires the service providers to maintain the confidentiality of the information and to

use it only as necessary to carry out their duties under the FasTrak® and other electronic toll collection

programs mentioned in this Privacy Policy.

Besides these entities, PII will not be disclosed to any other third party without express customer

consent, except as required to comply with laws or legal processes served on BATA.

Retention of Personally Identifiable Information

BATA, through its CSC Contractor, Xerox, shall only store the PII of a customer that is necessary to

perform account functions such as billing, account settlement, or enforcement activities. All other

Page

information shall be discarded no more than four years and six months after the closure date of the

billing cycle and the bill has been paid, including resolution of all toll violations, if applicable. BATA,

through its CSC Contractor, Xerox, will discard all account information, including PII, no later than four

years and six months after the date an account is closed or terminated and all outstanding amounts due

are paid, including resolution of all toll violations, if applicable.

Security of Personally Identifiable Information

BATA is committed to the security of customer PII. BATA, together with its CSC Contractor, Xerox, stores

the PII provided by customers on computer servers that are located in secure, controlled facilities.

Servers are designed with software, hardware and physical security measures in place to prevent

unauthorized access.

Access to PII is controlled through the following administrative, technical, and physical security

measures. By contract, third parties with whom BATA shares PII are also required to implement

adequate security measures to maintain the confidentiality of such information.

Administrative:

•

Access to PII is limited only to certain operations and technical employees for limited,

approved purposes based on their specific work responsibilities.

•

Privacy and security training is required for employees with access to PII, upon hire. In

addition, regular periodic refresher training is required for those employees.

Physical:

•

Physical access to internal BATA servers is restricted to authorized technical personnel.

•

Data center access to approved technical personnel is restricted via photo/passcode

authentication, and other security protocols.

Technical:

•

FasTrak® network perimeters are protected with firewalls.

•

FasTrak® databases are implemented to ensure PII is segregated from Aggregate

Information.

•

Storage of PII is encrypted.

•

Electronic connections to and from the FasTrak® website is encrypted.

•

Internal and external audits of perimeter and software code security are conducted.

•

Employees' use of customer databases is monitored, and records of access to PII are

maintained.

•

Electronic communications containing PII are transmitted via encrypted channels.

In addition to BATA's policies and procedures implementing PII security, the customer must also do

such things as safeguard passwords, PINs, and other authentication information that may be used to

access Accounts.

Customers should not disclose authentication information to any third party and should notify BATA of

any unauthorized use of their passwords. BATA cannot secure PII that is released by customers or PII

that customers request BATA to release. In addition, there is a risk that unauthorized third parties may

engage in illegal activity by such things as hacking into BATA's security system or the CSC Contractor,

Xerox's, security system or by intercepting transmissions of personal information over the Internet.

BATA is not responsible for any data obtained in an unauthorized manner.

Please note that the CSC Contractor, Xerox, will never ask customers to provide or confirm any

information in connection with Accounts, such as credit card number, toll tag number, or other PII by

email, unless the customer is logged into the secure FasTrak® customer website. If a customer ever

Page

has any doubt about the authenticity of an email regarding Accounts, the customer should open a new

web browser, type in

www.bayareafastrak.org

, click on "My Account," log into his or her account, and

then perform the requested activity.

Account Access and Controls

Creating a FasTrak® Account, License Plate Account, or One-time Payment Account is at the

customer's discretion. The account information consists of PII such as name, business name, mailing

address, email address, telephone number(s), fax number, signature, license plate number(s) and

state(s) of registration, vehicle make(s), model(s), year(s), and credit card number(s), expiration date(s)

and security code(s). Account creation forms indicate where information is optional.

Customers can review and update PII at any time. Customers are able to modify any required account

information (other than name), as well as modify, add, or delete any optional account information by

signing into their account or calling the CSC to edit the account profile. Account customers can also

update their PII by electronically submitting a comment form found on the "Contact Us" page at

www.bayareafastrak.org

or by telephoning the CSC at (877) BAY-TOLL or 1-877-229-8655. PII can

also be reviewed and edited online as discussed below under "Updating Personally Identifiable

Information."

Customers can close their account at any time by submitting a completed

account closure form

. All

account information will be deleted no later than 4 years and 6 months after the account is closed or

terminated and all outstanding amounts due are paid, including resolution of all toll violations, if

applicable.

Aggregate Data

BATA may combine the PII provided by customers in a non-identifiable format with other information to

create Aggregate Data that may be disclosed to third parties. Aggregate Data is used by BATA for

such things as improving the FasTrak® and other electronic toll collection programs referenced in this

information that could be used to contact or identify individual customers or their accounts. For

example, BATA may inform third parties regarding the number of FasTrak® accounts within a

particular zip code. BATA requires third parties with whom Aggregate Information is shared to agree

that they will not attempt to make information personally identifiable, such as by combining it with other

databases.

The FasTrak® website (

www.bayareafastrak.org

) stores "cookies" on the computer systems of users

of the website. Cookies are small data elements that a website can store on a user's system. The

cookies used by the FasTrak® web site facilitate a customer's use of the website (e.g. by remembering

users of the website accept these cookies. Customers may change their browser security settings to

accept or reject cookies. Also, the FasTrak® web site does not store "third party" cookies on the

computer systems of users of the website.

Once you leave the FasTrak® website, the privacy policy of other web-sites you visit or link to from the

FasTrak® website should also be reviewed to understand how these external sites utilize cookies and

how the information that is collected through the use of cookies on these websites is utilized.

BATA does not knowingly engage in business with any company or vendor that uses Spyware or

Malware. BATA does not market detailed information collected from web sessions that can be directly

tied to personal information. Further, BATA does not provide customers with downloadable software that

collects or utilizes any PII.

Externally-Linked Websites

Page

The FasTrak® website contains links to third-party websites operated by entities that are affiliated with

FasTrak®. These web links may be referenced within content, or placed beside the names or logos of

the other entities. In addition, third-party websites may exist that reference the FasTrak® website.

BATA does not disclose PII to these third-party websites.

WARNING: Once you enter external websites (whether through a service or content link), BATA

is not responsible for the privacy practices of those other websites.

Please review all privacy

policies of external websites you visit before using or providing any information to such other websites.

Updating Personally Identifiable Information

PII can be reviewed and edited online at

https://www.bayareafastrak.org/vector/account/home/accountLogin.do

. The FasTrak® website

uses functions that have the ability to collect and store self-reported data. These functions enable

customers to revise, update or review information that has been previously submitted by going back to

the applicable function, logging- in and making the desired changes. In addition to this method,

FasTrak® Account and License Plate Account customers who have not registered online may update

their PII by electronically submitting a comment form found under the "Contact Us" Bar of the FasTrak®

website to the CSC or by telephoning the CSC at (877) BAY-TOLL or 1-877-229-8655.

Complaints or problems regarding updating personal information should be submitted via the comment

form. The FasTrak® CSC will either resolve the issue or forward the complaint to an appropriate BATA

staff member for a response or resolution. BATA strives to answer all queries within 48 business hours,

but it may not always be feasible to do so.

If an adequate resolution is not received, please contact BATA's Privacy

Officer at: Bay Area Toll Authority

Attn: Privacy Officer

375 Beale Street, San Francisco,

CA 94105 Or e-mail:

privacyofficer@mtc.ca.gov

Or call: (415) 778-6700

Changes to this Privacy Policy

Material Changes

BATA will inform customers if material changes are made to this Privacy Policy, in particular, changes

that expand the permissible uses or disclosures of PII allowed by the prior version of the Privacy

Policy. If BATA makes material changes to this Privacy Policy, BATA will notify customers by means of

posting a conspicuous notice on the FasTrak®® website that material changes have been made.

Immaterial Changes

BATA may also make non-substantive changes to the Privacy Policy, such as those that do not affect

the permissible uses or disclosures of PII. In these instances, BATA may not post a special notice on the

FasTrak® website.

If BATA decides to make any change to this Privacy Policy, material or immaterial, BATA will post the

revised policy on the FasTrak® website, along with the date of any amendment.

BATA reserves the right to modify this Privacy Policy at any time, so the policy needs to be reviewed

frequently by customers.

When BATA revises the Privacy Policy, the "last updated" date at the top of the Privacy Policy will

reflect the date of the last change. We encourage customers to review this Privacy Policy periodically to

stay informed about how BATA protects the security of PII collected for the FasTrak®, License Plate

Page

Account, One-Time Payment Account, and Invoices Programs. Continued use of the Accounts or, for

the Golden Gate Bridge only, use of Invoices to pay tolls, constitutes the customer's agreement to this

E-mails Sent to BATA

This Privacy Policy only applies to PII that you send to the CSC, PII that you provide to the CSC in

connection with creation and maintenance of a FasTrak® Account, a License Plate or One-Time

Payment Account, or PII that BATA obtains in connection with a Golden Gate Bridge customer's use of

Invoices to pay tolls. This Privacy Policy does not apply to other web-based content or personal

information that is transmitted directly to BATA. Please do not send PII in an email directly to BATA, if

you want to keep content or data private.

Contact information

BATA welcomes your comments on this Privacy Policy. Also, if there are questions about this statement,

please contact the BATA Privacy Officer at the address, e-mail or phone number listed above.

History of Changes to Privacy Policy

March 3, 2004 Privacy Policy Established

July 28, 2004 Revisions to Privacy Policy

May 25, 2005 Revisions to Privacy Policy

September 24, 2008 Revisions to Privacy Policy

December 15, 2010 Revisions to Privacy Policy

January 06, 2011 Revisions to Privacy Policy

January 23, 2013

Revisions to address License Plate Accounts,

One- Time Payment Accounts and use of Post-

paid License Plate Toll Invoices, update name of

CSC Contractor, and make other clarifications

May 21, 2014

Revisions to address obtaining updates to credit

card expiration dates from BATA's credit card

processing contractor for FasTrak® Accounts, to

delete Other Uses of FasTrak® Account Toll Tag

Data for 511 Driving Times Service as this use

no longer exists, and to make other clarifications

September 29, 2014 Revisions to address SFO Parking Program

May 23, 2016 Revisions to address Bay Area Express Lanes and make

other clarifications

March 2, 2017 Revisions to address Bay Area Express Lanes and make

other clarifications

Page

Express Lanes Program

Personally Identifiable Information Protection Protocol

ATTACHMENT B

ALAMEDA CTC

SUBJECT: EXPRESS LANES PROGRAM

CONFIDENTIALITY POLICY AND PROCEDURES—Employee Acknowledgement

/Nondisclosure Form



Background

The Alameda County Transportation Commission (“Alameda CTC”) operates two

express lane systems: the I-580 Express Lanes and the I-680 Sunol Express Lanes. The

express lanes are FasTrak

toll facilities that utilize All Electronic Toll (AET) collection

methods to collect tolls. Alameda CTC express Lane Electronic Tolling Systems (ETSs)

utilize FasTrak toll tags (transponders) and/or license plates to identify vehicles for

purposes of assessing tolls. Alameda CTC partners the Bay Area Toll Authority (BATA) for

toll collection and toll account management that requires sharing of personally

identifiable information by Alameda CTC and BATA for toll collection and express lane

performance evaluation purposes.

Toll collection relies on electronic transfer of files between the Alameda CTC toll systems

and the FasTrak Regional Customer Service Center (RCSC), implemented by BATA’s

consultant, to match toll tags and/or license plates with FasTrak accounts. The RCSC

also obtains owner information from the Department of Motor Vehicles as needed to

issue violation notices to motorists who used the express lanes without a valid FasTrak

account and provides owner account information to Alameda CTC as needed for toll

dispute escalation review.

ConfidentialInformation

During the course of your employment or consultant agreement, you may have access

Page

to and learn confidential or private information including but not limited to customer

names, FasTrak account numbers, FasTrak toll tag numbers, license plate numbers and

state of registration, or travel pattern data (collectively referred to as Customer Data,

Personally Identifiable Information, or “PII”).

State and federal laws strictly regulate collection, storing, and sharing of PII. It is

Alameda CTC’s policy to protect Customer Data which requires extreme care and

sensitivity in handling.

LimitationsonExpressLaneCustomerDataAccess

Alameda CTC has identified certain employees, as well as individual employees of

consultant firms who have a contract with Alameda CTC, who will be permitted access

to Customer Data and PII in order to perform those duties assigned to implement the

Express Lanes Program (“Authorized Personnel”). Access to the Customer Data is at the

discretion and authorization of the Alameda CTC Executive Director or the Alameda

CTC Director of Express Lanes Implementation and Operations.

Customer Data obtained through the Electronic Tolling System is stored on servers at the

Alameda CTC Toll Data Center (TDC). Access to that data is provided via secure login

credentials. Data on those servers may be converted into spreadsheets or other

electronic formats for storage on Alameda CTC’s internal servers. Additional Customer

Data may be provided by BATA and the RCSC.

Authorization to access the secured internal folders and provision of login credentials

for the TDC servers shall require:

 Execution of this Employee Acknowledgement Form

 Completion of Training on security protocols related to Customer Data and PII

 Completion of Training on TDC software to generate required reports

Authorized personnel are prohibited from disclosing Customer Data to anyone other

than Alameda CTC-authorized personnel or BATA and RCSC personnel directly involved

in toll collection and dispute resolution.

All Customer Data stored on Alameda CTC’s internal servers shall only be deposited

within the approved, secured folders

Authorized personnel are prohibited from storing Customer Data on laptops, thumb-

drives, or any other form of portable media.

Authorized personnel may only transmit Customer Data to BATA or the RCSC for toll

collection or toll dispute purposes via secured email communications.

Page

Any requests from outside third parties must be directed to the Director of Express Lanes

Implementation and Operations.

EmployeeResponsibility

All Alameda CTC employees and consultants must ensure the proper protection of

Customer Data, whether in paper or electronic form. No one is allowed to take

Customer Data home nor leave it unprotected in the open, such as on a desk or on an

unlocked computer screen, where it can be accessed. No one is allowed to transmit

Customer Data in electronic format unprotected through email or over the internet.

ViolationsofPolicy

Violations of this policy may result in disciplinary action, up to and including dismissal of

the employee or consultant violating this policy. In cases of termination, the employee

or consultant will be dismissed for just cause.

Violations of certain portions of this policy may also be violations of state and/or federal

law. Failure of Alameda CTC employees and consultants to comply with these policies

may result in the employee or consultant being personally sued for violation of privacy

rights or be subject to prosecution by a governmental entity enforcing those rights.

Acknowledgement

By my signature, I acknowledge that I have read, understand, and agree to Alameda

CTC’s “Express Lanes Program Personally Identifiable Information (PII) Protection

Protocol”. I understand my responsibility to protect PII and confidential or private

customer data that I may have access to and learn during the course of my

employment with, or pursuant to a consultant agreement with, Alameda CTC involving

the Express Lanes Program. I understand the limits of the permitted use of PII and

customer data is to further the objectves of the Express Lanes Program.

Date:

Signature:

Print Name:

Page

1

of





Express Lanes Program

Personally Identifiable Information Protection Protocol

ATTACHMENT C

ALAMEDA CTC

SUBJECT: EXPRESSLANESPROGRAM

CONFIDENTIALITYPOLICYANDPROCEDURES–TOLLSYSTEMINTEGRATOR

ThefollowingshallbeincludedinanyAgreementbetweentheAlamedaCTCandaToll

SystemIntegratorfordevelopmentandinstallationofanewtollsystemoroperationsand

maintenanceofanexistingtollsystem.



AppendixX:SpecialConditionsRelatingtoPersonallyIdentifiableInformation



CONSULTANT will have access to personally identifiable information (“PII”) in connection

with the performance of the AGREEMENT. PII is any information that is collected or

maintained by C

ONSULTANT that identifies or describes a person or can be directly linked

to a specific individual. Examples of PII include, but are not limited to, name, address,

phone or fax number, signature, FasTrak

account number, credit card information, tag

number, license plate number, and travel pattern data. The following special

conditions related to the confidentiality and use of PII apply to this AGREEMENT, but

only with respect to PII related in any way to FasTrak

or Express Lanes:

1. Right to Audit

ONSULTANT shall permit Alameda CTC and its authorized representatives to audit and

inspect: (i) C

ONSULTANT’s facilities where I-580 Express Lane toll PII is stored or

maintained; (ii) any computerized systems used to share, disseminate or otherwise

exchange the PII; and (iii) C

ONSULTANT’s security practices and procedures, data

protection, business continuity and recovery facilities, resources, plans and

procedures. The audit and inspection rights hereunder shall be for the purpose of

verifying C

ONSULTANT’s compliance with this AGREEMENT, and all applicable laws.

2. General Confidentiality of Data

Page

2

of





All PII made available to or independently obtained by C

ONSULTANT in connection with

this AGREEMENT shall be protected by C

ONSULTANT from unauthorized use and disclosure

through the observance of the same or more effective procedural requirements as are

applicable to A

LAMEDA CTC. This includes, but is not limited to, the secure transport,

transmission and storage of data used or acquired in the performance of this

AGREEMENT.

ONSULTANT agrees to properly secure and maintain any computer systems (hardware

and software applications) that it will use in the performance of this AGREEMENT. This

includes ensuring all security patches, upgrades, and anti-virus updates are applied as

appropriate to secure PII that may be used, transmitted, or stored on such systems in

the performance of this AGREEMENT.

Consultant agrees to use an industry accepted encryption mechanism to protect PII

stored on portable media including, but not limited to, laptops, thumb-drives, disks, and

so forth. Consultant is prohibited from storing unencrypted PII on portable media.

Consultant agrees to use Department of Defense (“DoD”) approved methods to

permanently remove PII from removable hard drives that have been removed from

service as soon as reasonably possible and prior to discarding. Discarded PII shall be

unavailable and unrecoverable following removal from the removable hard drives.

Upon completion of PII removal, Consultant shall submit a certification to the Alameda

CTC Contact, identified in Section 4. Notice of Security Breach, as follows: “All PII

whether in electronic or hard-copy format, has been destroyed in accordance with the

requirements contained in Section 2. General Confidentiality of Data of Appendix X

(Special Conditions Relating to Personally Identifiable Information).”

Consultant agrees to retain PII for no longer than four years. At the conclusion of this

retention period, Consultant agrees to use Department of Defense (“DoD”) approved

methods to permanently remove PII from any files. Discarded PII will be unavailable

and unrecoverable following the purge on any storage media including, but not limited

to, magnetic disk, optical disk, and memory chips (“Storage Media”). C

ONSULTANT

agrees to destroy hard-copy documents containing PII by means of a cross-cut

shredding machine. C

ONSULTANT also agrees to use DoD approved methods to sanitize

any Storage Media prior to discarding or when useful life has ended, whichever comes

first. At the conclusion of the term of this AGREEMENT, C

ONSULTANT shall submit a

certification to the A

LAMEDA CTC Director of Express Lanes Implementation and

Operations as follows: “All PII whether in electronic or hard-copy format, has been

destroyed in accordance with the requirements contained in Section 2. General

Confidentiality of Data of Appendix X, Special Conditions Relating to Personally

Identifiable Information.” These requirements shall survive termination or expiration of

this AGREEMENT.

ONSULTANT shall guarantee the following:

ONSULTANT shall not, except as authorized by ALAMEDA CTC or required by its duties by

law, reveal or divulge to any person or entity any PII which becomes known to it during

the term of this AGREEMENT.

Page

3

of





ONSULTANT shall keep all PII entrusted to it completely secret and shall not use or

attempt to use any such information in any manner which may injure or cause loss,

either directly or indirectly, to BATA or A

LAMEDA CTC.

ONSULTANT shall comply, and shall cause its employees, representatives, agents and

contractors to comply, with such directions as A

LAMEDA CTC may make to ensure the

safeguarding or confidentiality of all its resources.

If requested by BATA or A

LAMEDA CTC, CONSULTANT shall sign an information security and

confidentiality agreement provided by BATA or A

LAMEDA CTC and attest that its

employees, representatives, agents, and contractors involved in the performance of

this AGREEMENT shall be bound by terms of a confidentiality agreement with

Contractor similar in nature.

3. Compliance with Statutes and Regulations

ONSULTANT agrees to comply with all applicable information handling and

confidentiality requirements outlined in the California Information Practices Act (Civil

Code sections 1798 et seq.) and in Streets and Highways Code Section 31490. In

addition, C

ONSULTANT warrants and certifies that in the performance of this AGREEMENT,

it will comply with all applicable statutes, rules, regulations and orders of the United

States, the State of California and A

LAMEDA CTC relating to the handling and

confidentiality of PII, including the terms and conditions contained in this Appendix X,

Special Conditions Relating to Personally Identifiable Information and agrees to

indemnify ALAMEDA CTC against any loss, cost, damage or liability by reason of

ONSULTANT’s violation of this provision.

4. Notice of Security Breach

Each party shall immediately notify the other party when it discovers that there may

have been a breach in security which has or may have resulted in compromise to PII.

For purposes of this section, immediately is defined as no later than within two hours of

discovery. The parties’ contacts for such notification are as follows:

LAMEDA CTC Contact:

Director of Express Lanes Implementation and Operations

ONSULTANT Contact:

TBD