NHTSA's Complaint Database Leaks Private Information Like A Sieve
Our Canadian pal carquestions took a look through NHTSA’s public complaint database, and found four examples of personal information that NHTSA should have redacted but didn’t. You kow, things like names, birth dates, social security numbers, addresses, VINs, and drivers license numbers. And he found those four after searching through “12 or 15” of the 792,000 publicly-available NHTSA complaint cases. He’s calling on NHTSA to shut down public access to the database until it can get a handle on this problem. (The NHTSA listened.)
As much as we appreciate publicly-available data, we have to agree: NHTSA can’t allow social security numbers to be made publicly available on the internet without the knowledge or consent of the individual in question. Literally. It’s against the law. It’s time for NHTSA to join the 21st Century, and figure out how to protect motorists without revealing their most personal data to all and sundry. NHTSA’s privacy policy can be viewed here. NHTSA has a fairly sophisticated confidentiality protocol for its Early Warning Reporting database, which includes only information submitted by manufacturers. NHTSA has created a Privacy Impact Statement for data provided by the public and hosted on its Artemis database. Update: NHTSA has shut down access to the sensitive data.
More by Edward Niedermeyer
Comments
Join the conversation
I find it hard to believe NHTSA's database contains names, VINs, and other confidential information from real folks. I thought it only contained made-up information from UAW allies trying to make Toyota or NHTSA look bad. Maybe I need to get my information elsewhere.
Why is this not in the news? TTAC leads the main stream media too? Cool.
I would like to point out that to get the info you have to request it and then you have to pay for it to get it. The general info has non of that in it.