United States Department of Transportation -  Federal Highway Administration  

FHWA's Privacy Policy For UPACS And Interfaced Applications

Content updated on Oct 29, 2019
Our Commitment
We respect your right to privacy and will protect it when you use our applications. This Privacy Policy explains the information practices associated with this web site only, including how we collect and use your personal information. It does not apply to third-party websites that you are able to reach from our applications. We encourage you to read those privacy policies to learn how they collect and use your information.

The Applications Covered By This Policy
This policy covers the: User Profile & Access Control System (UPACS)
Buy America Waiver Request Admin Site (BAWRAS)
Congestion Mitigation And Air Quality System (CMAQ)
Course Management System (CMS)
Electronic National Environmental Policy Act2.0 (ENEPA2)
Fiscal Management Information System 5.0 (FMIS5-P)
Freedom Of Information Act Request Log System (FOIA)
FHWA Organization Information System (FOIS)
Fuels and Financial Analysis System Highways (Fuels & FASH)
Highway Performance Monitoring System (HPMS)
Highway Safety Improvement Program (HSIP)
Inspecttech application (INSPT)
Integrated Transportation Information Platform (ITIP)
Management Services Division Information System (MSD)
National Bridge Inventory System (NBI)
National Highway Institute Website (NHIW)
Nondestructive Evaluation (NDE)
National Tunnel Inventory System (NTI)
PlanWorks (PWS)
Policy Information Data Portal (PIDP)
Project And Program Action Information System (PAPAI)
Transportation Fellows Interns and Contractor System (TFICS)
Transportation Planning and Excellence Awards (TPEA)
Travel Monitoring Analysis System 2.5 (TMAS2)
and Vehicle Size and Weight Enforcement (VSW)

What Information UPACS Collects About You
UPACS is FHWA's security control system that manages User authentication and associated access rights for individuals needing entry into one of FHWA's applications.

UPACS collects general profile information that identifies the User, i.e. name, work address, work e-mail address, and secret word. This information is collected in two ways. A perspective UPACS Users can register in UPACS by filling out a form and submitting their information to the local UPACS Administrator who approves the request. Or the local UPACS Administrator can register the user and approve the users registration.

As users are given "Access Rights" to FHWA applications, an "Application Rights" profile is established that identifies the User, the applications the User is authorized to access and their specific "Access Rights" within the application.

In addition, UPACS creates log entries for activities such as: user account approvals and removals, account transfers, failed login attempts, locked Passwords and PINs, all resets of Passwords and PINs, after-hour activities, and as users access UPACS, a log record is kept showing when the access occurred, whether the access was successful or not, and what FHWA application the user accessed.

UPACS Administrator's have access to the general profile of users in the UPACS Administrator's area of responsibility. System Owners and System Sponsors have access to User's application rights profiles. Designated individuals have access to the reports that display log activity.

Interfaced Applications that Collect Information About You
When you access our applications, we may collect the following categories of personal information from you:
  • Many applications log the changes that are made to the data stored in the application. The log entries include the UPACS User-Id of the person making the change, the date and time of the change, and a description of the change.

  • Applications that allow for electronic signature, log which document was signed, who signed the document and when it was signed.
Automatic Information Collection
When you visit our site, we collect information about your visit that does not identify you personally. We collect the IP address (an IP address is a number that is assigned to each computer connected to the Internet) and the Host Name from which you access this site. We also know the data and time of your visit.

Why We Collect Information
Our principal purpose for collecting personal information online is to provide you access to authorized FHWA applications while addressing security concerns. We collect information to:
  • Respond to your complaints.

  • Reply to your "feedback comments".

  • Manage your access to restricted applications.

  • Manage your access rights to information within an application.

  • Fulfill requests for reports and other similar information.

Sharing Your Information
We may share personally identifiable information you provide to us online with representatives within the Department of Transportation's Operating Administrations and related entities, other federal government agencies, or other named representatives as needed to speed your request or transaction and to support your use of FHWA's Applications. In a government-wide effort to combat security and virus threats, we may share some information we collect automatically, such as IP address, with other federal government agencies.

Also, the law may require us to share collected information with authorized law enforcement, homeland security, and national security activities.

Choices on How We Use the Information You Provide
Throughout our applications, we will let you know whether the information we ask you to provide is voluntary or required. By providing personally identifiable information, you grant us consent to use this information, but only for the primary reason you are giving it. We will ask you to grant us consent before using your voluntarily provided information for any secondary purposes, other than those required under the law.

Cookies or Other Tracking Devices
A "cookie" is a small text file stored on your computer that makes it easy for you to move around our applications without continually re-entering items like your name, password and preferences. We only use "session" cookies on our website. This means we store the cookie on your computer only during your visit to our application. After you close your browser or turn off your computer, the cookie disappears.

If you access our applications to read, update, or download information, we use "session" cookies to collect and store only the following information about you: the name of the domain from which you access our application, the date and time you access our application; and the Internet address of the web site from which you linked directly to our site.

Securing Your Information
Properly securing the information we collect online is a primary commitment. To help us do this, we take the following steps to:
  • Employ internal access controls to ensure that only people who see your information are those with a need to do so to perform their official duties;
  • Train relevant personnel on our privacy and security measures to know requirements for compliance;
  • Secure the areas where we hold hard copies of information we collect online;
  • Perform regular backups of the information we collect online to insure against loss;
  • Use technical controls to secure the information we collect online including but not limited to:
    • Secure Socket Layer (SSL),
    • Encryption,
    • Firewalls,
    • Password protections;
  • We periodically test our security procedures to ensure personnel and technical compliance;
  • We employ external access safeguards to identify and prevent unauthorized tries of outsiders to hack into, or cause harm to, the information in our systems.
Tampering with FHWA's Applications is against the law. Depending on the offense, it is punishable under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act.

Your Rights Under the Privacy Act of 1974
The Privacy Act of 1974 protects the personal information the federal government keeps on you in systems of records (SOR) (information an agency controls recovered by name or other personal identifier). The Privacy Act regulates how the government can disclose, share, provide access to, and keep the personal information that it collects. The Privacy Act does not cover all information collected online.
The Act's major terms require agencies to:
  • Publish a Privacy Act Notice in the Federal Register explaining the existence, character, and uses of a new or revised SOR;
  • Keep information about you accurate, relevant, timely, and complete to assure fairness in dealing with you;
  • Allow you to, on request, access and review your information held in an SOR and request amendment of the information if you disagree with it.

United States Department of Transportation - Federal Highway Administration