Privacy Act of 1974; System of Records Notice, 10554-10557 [2010-4811]

Download as PDF 10554 Federal Register / Vol. 75, No. 44 / Monday, March 8, 2010 / Notices Privacy: We will post all comments we receive, without change, to http:// www.regulations.gov, including any personal information you provide. Using the search function of our docket web site, anyone can find and read the comments received into any of our dockets, including the name of the individual sending the comment (or signing the comment for an association, business, labor union, etc.). You may review DOT’s complete Privacy Act Statement in the Federal Register published on April 11, 2000 (65 FR 19477–78). Docket: To read background documents or comments received, go to http://www.regulations.gov at any time or to the Docket Management Facility in Room W12–140 of the West Building Ground Floor at 1200 New Jersey Avenue, SE., Washington, DC, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. FOR FURTHER INFORMATION CONTACT: Kenna Sinclair, ANM–113, (425) 227– 1556, Federal Aviation Administration, 1601 Lind Avenue, SW., Renton, WA 98057–3356, or Brenda Sexton, (202– 267–3664), Office of Rulemaking (ARM– 204), Federal Aviation Administration, 800 Independence Avenue, SW., Washington, DC 20591. This notice is published pursuant to 14 CFR 11.85. Issued in Washington, DC, on March 2, 2010. Pamela Hamilton-Powell, Director, Office of Rulemaking. srobinson on DSKHWCL6B1PROD with NOTICES Petition for Exemption Docket No.: FAA–2009–1247. Petitioner: Embraer. Section of 14 CFR Affected: §§ 26.11, 26.33, 26.35, 26.43, 26.45, and 26.49, 14 CFR 26. Description of Relief Sought: The petitioner seeks relief from part 26 for Embraer Model EMB–135J airplanes. These airplanes’ maximum payload capacities and passenger capacities are below those specified for transport category airplanes. However, since this model is on the same type certification data sheet (TCDS) as the original Embraer Model EMB–135/EMB–145 airplanes, it is subject to the part 26 rule. [FR Doc. 2010–4788 Filed 3–5–10; 8:45 am] BILLING CODE 4910–13–P VerDate Nov<24>2008 17:12 Mar 05, 2010 Jkt 220001 DEPARTMENT OF TRANSPORTATION Federal Railroad Administration Petition for Waiver of Compliance In accordance with Part 211 of Title 49 Code of Federal Regulations (CFR), notice is hereby given that the Federal Railroad Administration (FRA) has received a request for a waiver of compliance from certain requirements of its safety standards. The individual petition is described below, including the party seeking relief, the regulatory provisions involved, the nature of the relief being requested, and the petitioner’s arguments in favor of relief. Dakota, Missouri Valley & Western Railroad [Waiver Petition Docket Number FRA–2009– 0091] The Dakota, Missouri Valley & Western Railroad (DMVW) hereby petitions FRA for a waiver from replacing rails with rail end vertical split head type defects 4″ or less in size. These defects are rail ends only and are confined within the area of the joint bars. These rails are located on Class I track and the train speed is 10 mph. The line does not have passenger service. DMVW will inspect these defects with their normal inspections but will not note each one separately. Besides the elevators, DMVW serves the Coal Creek Power Station who provides power for eastern North Dakota, and much of Minnesota. DMVW also serves the Blue Flint Ethanol Plant which provides alternative fuel sources. Interested parties are invited to participate in these proceedings by submitting written views, data, or comments. FRA does not anticipate scheduling a public hearing in connection with these proceedings since the facts do not appear to warrant a hearing. If any interested party desires an opportunity for oral comment, they should notify FRA, in writing, before the end of the comment period and specify the basis for their request. All communications concerning these proceedings should identify the appropriate docket number (e.g., Waiver Petition Docket Number FRA–2009– 0091) and may be submitted by any of the following methods: • Web site: http:// www.regulations.gov. Follow the online instructions for submitting comments. • Fax: 202–493–2251. • Mail: Docket Operations Facility, U.S. Department of Transportation, 1200 New Jersey Avenue, SE., W12–140, Washington, DC 20590. • Hand Delivery: 1200 New Jersey Avenue, SE., Room W12–140, PO 00000 Frm 00100 Fmt 4703 Sfmt 4703 Washington, DC 20590, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. Communications received within 45 days of the date of this notice will be considered by FRA before final action is taken. Comments received after that date will be considered as far as practicable. All written communications concerning these proceedings are available for examination during regular business hours (9 a.m.–5 p.m.) at the above facility. All documents in the public docket are also available for inspection and copying on the Internet at the docket facility’s Web site at http://www.regulations.gov. Anyone is able to search the electronic form of any written communications and comments received into any of our dockets by the name of the individual submitting the document (or signing the document, if submitted on behalf of an association, business, labor union, etc.). You may review DOT’s complete Privacy Act Statement in the Federal Register published on April 11, 2000 (65 FR 19477) or at http://www.dot.gov/ privacy.html. Issued in Washington, DC on March 3, 2010. Grady C. Cothen, Jr., Deputy Associate Administrator for Safety Standards and Program Development. [FR Doc. 2010–4868 Filed 3–5–10; 8:45 am] BILLING CODE 4910–06–P DEPARTMENT OF TRANSPORTATION Federal Motor Carrier Safety Administration Privacy Act of 1974; System of Records Notice AGENCY: Federal Motor Carrier Safety Administration (FMCSA) Department of Transportation (DOT). ACTION: Notice to establish a new system of records. SUMMARY: FMCSA proposes to establish a system of records under the Privacy Act of 1974 (5 U.S.C. 552a) for its PreEmployment Screening Program (PSP), as required by 49 U.S.C. 31150. The system of records will make crash and inspection data about commercial motor vehicle (CMV) drivers rapidly available to CMV drivers (operator-applicants) and prospective employers of those drivers (motor carriers), via a secure Internet site, as an alternative to requiring them to submit a Freedom of Information Act (FOIA) request or Privacy Act request to FMCSA for the data. E:\FR\FM\08MRN1.SGM 08MRN1 Federal Register / Vol. 75, No. 44 / Monday, March 8, 2010 / Notices srobinson on DSKHWCL6B1PROD with NOTICES Operator-applicants and motor carriers must pay a fee to access data in PSP, but use of PSP is optional. Motor carriers may continue to request the information from FMCSA under FOIA, and operator-applicants may continue to receive their own safety performance data free of charge by submitting a Privacy Act request to FMCSA. The PSP system will be administered by a FMCSA contractor, National Information Consortium Technologies, LLC (NIC). The PSP contractor will not be authorized to provide data to any persons other than motor carriers, for pre-employment screening purposes, and operator-applicants, as required in section 31150 (b)(3). A data request from any other person (e.g., a law firm) will be treated as a FOIA request by FMCSA. FMCSA will perform audits of the PSP contractor to ensure performance, privacy and security objectives are being met. The PSP system will only allow operator-applicants to access their own data, and will only allow motor carriers to access an individual operatorapplicant’s data if the motor carrier certifies the data is for pre-employment screening and that it has obtained the operator-applicant’s written consent. The system of records is more thoroughly detailed below and in the Privacy Impact Assessment (PIA) that can be found on the DOT Privacy Web site at http://www.dot.gov/privacy. DATES: Effective April 7, 2010. Written comments should be submitted on or before the effective date. FMCSA may publish an amended SORN in light of any comments received. ADDRESSES: Send comments to Pam Gosier-Cox, FMCSA Privacy Officer, FMCSA Office of Information Technology, MC–RI, U.S. Department of Transportation, 1200 New Jersey Avenue, SE., Washington, DC 20590 or pam.gosier.cox@dot.gov. FOR FURTHER INFORMATION CONTACT: For privacy issues please contact: Pam Gosier-Cox, FMCSA Privacy Officer, FMCSA Office of Information Technology, MC–RI, U.S. Department of Transportation, 1200 New Jersey Avenue, SE., Washington, DC 20590 or pam.gosier.cox@dot.gov. SUPPLEMENTARY INFORMATION: I. The PSP Program Section 31150 of title 49, U.S. Code (USC), titled ‘‘Safety performance history screening’’ as added by section 4117(a) of the Safe, Accountable, Flexible, Efficient Transportation Equity Act: A Legacy for Users (SAFETEA–LU), Public Law 109–59, 119 Stat. 1144, 1728–1729, August 10, 2005, requires FMCSA to provide persons conducting VerDate Nov<24>2008 17:12 Mar 05, 2010 Jkt 220001 pre-employment screening services for the motor carrier industry electronic with access to the following reports contained in FMCSA’s Motor Carrier Management Information System (MCMIS): (1) Commercial motor vehicle accident reports. (2) Inspection reports that contain no driver-related safety violations. (3) Serious driver-related safety violation inspection reports. FMCSA designed PSP to satisfy the requirements of 49 U.S.C. 31150 and to meet the following performance, privacy and security objectives: • Provide driver-related MCMIS crash and inspection data electronically, via a secure Internet site, for a fee, and in a timely and professional manner; • Allow operator-applicants to access their own data upon written or electronic request, and allow motor carriers to access an operator-applicant’s data, for pre-employment screening purposes, with the operator-applicant’s written or electronic consent; • Maintain, handle, store, and distribute the data in PSP in accordance with 49 U.S.C. 31150 and applicable laws, regulations and policies; and • Provide a redress procedure by which an operator-applicant can seek to correct inaccurate information in PSP, via the DataQs system currently maintained by FMCSA. II. The Privacy Act The Privacy Act (5 USC 552a) governs the means by which the United States Government collects, maintains, and uses personally identifiable information (PII) in a system of records. A ‘‘system of records’’ is a group of any records under the control of a Federal agency from which information about individuals is retrieved by name or other personal identifier. The Privacy Act requires each agency to publish in the Federal Register a system of records notice (SORN) identifying and describing each system of records the agency maintains, including the purposes for which the agency uses PII in the system, the routine uses for which the agency discloses such information outside the agency, and how individuals to whom a Privacy Act record pertains can exercise their rights under the Privacy Act (e.g., to determine if the system contains information about them). IV. Privacy Impact Assessment FMCSA is publishing a Privacy Impact Assessment (PIA) to coincide with the publication of this SORN. In accordance with 5 USC 552a(r), a report on the establishment of this system of PO 00000 Frm 00101 Fmt 4703 Sfmt 4703 10555 records has been sent to Congress and to the Office of Management and Budget. System Number: DOT/FMCSA 007 SYSTEM NAME: Pre-Employment Screening Program (PSP). SECURITY CLASSIFICATION: Unclassified, Sensitive. SYSTEM LOCATION: • NIC Primary Data Center AT&T Data Center, Ashburn, VA 20147. • NIC Secondary Data Center AT&T Data Center, Allen, TX 75013. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM OF RECORDS: PSP will include personally identifiable information (PII) pertaining to CMV, as defined by 49 CFR 390.5, drivers (referred to herein as operatorapplicants). CATEGORIES OF RECORDS IN PSP: PSP will contain the following categories of records, in separate databases: 1. CMV crash and inspection records. Each month, FMCSA will provide the PSP contractor with a current MCMIS data extract containing the most recent five (5) years’ crash data and the most recent three (3) years’ inspection information. The MCMIS data extract in PSP will include the following PII data elements, all of which will be encrypted: • CMV driver name (last, first, middle initial) • CMV driver date of birth • CMV driver license number • CMV driver license state 2. Financial transaction records. The PSP system will contain records of payments processed by the contractor, NIC, to collect fees charged to motor carriers and operator-applicants for accessing crash and inspection data in PSP. The financial transaction records will include the following PII data elements, which will be encrypted (and, in some cases, truncated): • Credit card holder name • Credit card account number • Account holder address Card Verification Value Code (CVV) numbers will be temporarily captured by the system but will not be retained or stored in PSP. 3. Access transaction records. The PSP system will contain records of all access transactions processed over the PSP Web site. Access transaction records will include the following PII data elements, which will be encrypted: E:\FR\FM\08MRN1.SGM 08MRN1 10556 Federal Register / Vol. 75, No. 44 / Monday, March 8, 2010 / Notices • CMV driver name (last, first, middle initial) • CMV driver date of birth • CMV driver license number • CMV driver license State • CMV driver address. DISCLOSURE TO CONSUMER REPORTING AGENCIES: AUTHORITY FOR MAINTENANCE OF THE SYSTEM: STORAGE: 49 U.S.C. 31150, as added by section 4117 of Public Law 109–59 [Safe, Accountable, Flexible, Efficient Transportation Equity Act: A Legacy for Users (SAFETEA–LU)]. Records will be stored in secure database servers, and data will be backed up on a Storage Area Network (SAN) in encrypted/truncated form. Any paper records received or required for purposes of processing data requests will be stored in secure file folders at NIC’s Primary Data Center. PURPOSE(S): Authorized DOT/FMSCA staff and contractor personnel will use the following PII in PSP for the following purposes: • To provide system support and maintenance for PSP. • To make CMV crash and inspection records available to operator-applicants and motor carriers upon receipt of validated access requests and fee payments. • To process credit card payments and collect fees for the requested access transactions. • To create a historical record of PSP usage for accounting and compliance audit purposes. srobinson on DSKHWCL6B1PROD with NOTICES ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF USE: The PSP system will share PII outside DOT as follows: • Authorized motor carriers may access an individual’s operatorapplicant’s crash and inspection data in PSP with the operator-applicant’s written consent and payment of a fee. • Validated operator-applicants may access their own crash and inspection data in PSP upon written request and payment of a fee. • When an operator-applicant makes a request for his or her own data from PSP, the FMCSA contractor will request that the operator-applicant provide his or her full name, date of birth, driver license number, driver license state and current address to verify the identity of the operator-applicant and this information will be transmitted to the Validation Authority of the FMCSA contractor (e.g. Lexis-Nexis) to verify and validate the individual operatorapplicant requesting access to his or her own inspection and crash data. • Other possible routine uses of the information, applicable to all DOT Privacy Act systems of records, are published in the Federal Register at 65 FR 19476 (April 11, 2000), under ‘‘Prefatory Statement of General Routine Uses’’ (available at http://www.dot.gov/ privacy/privacyactnoties/). VerDate Nov<24>2008 17:12 Mar 05, 2010 Jkt 220001 None. POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS: RETRIEVABILITY: CMV crash and inspection records in the PSP database will be retrieved by using the operator-applicant’s last name, license number, and license state. Additional operator-applicant information (e.g., date of birth, first name, and middle initial) will be used to confirm the accuracy of the search. ACCESSIBILITY (INCLUDING SAFEGUARDS): All records in PSP will be protected from unauthorized access through appropriate administrative, physical and technical safeguards. Electronic files will be stored in a database secured by password security, encryption, firewalls, and secured operating systems, to which only authorized NIC or DOT/FMCSA personnel will have access, on a need-to-know basis. Paper files will be stored in file cabinets in a locked file room to which only authorized NIC and DOT/FMCSA personnel will have access, on a needto-know basis. All access to the electronic system and paper files will be logged and monitored. NIC will be subject to routine audits of the PSP program by FMCSA to ensure compliance with the Privacy Act, applicable sections of the Fair Credit Reporting Act and other applicable Federal laws, regulations, or other requirements. Access by external users (operatorapplicants and motor carriers) will be restricted within the system based upon the user’s role as an authorized motor carrier or validated operator-applicant. An authorized motor carrier and validated operator-applicant is an entity or person who has been provided a unique user identification and password by NIC and must use the unique identification and password to access data in PSP. External users will be able to query the CMV crash and inspection database only (the financial transaction database and access request database cannot be externally queried). NIC will provide users with an advisory PO 00000 Frm 00102 Fmt 4703 Sfmt 4703 statement that authorized motor carriers could be subject to criminal penalties and other sanctions under 18 U.S.C. 1001 for misuse of the PSP system. In order for a motor carrier to receive an individual operator-applicant’s crash and inspection data, the motor carrier must certify, for each request, under penalty of perjury, that the request is for pre-employment purposes only and that written consent of the operatorapplicant has been obtained. Upon completion of certification, the NIC will send a notification to the motor carrier that the individual operator-applicant data is available on secure Web site. The motor carrier will access this individual’s information by entering a unique identification and password. Motor carriers will be required to maintain each operator-applicant’s signed, written consent form for five (5) years. Motor carriers are subject to random audits from NIC and/or FMCSA to ensure that written consent of operator-applicants was obtained. The PSP system also allows validated operator-applicants to access their own crash and inspection data upon written or electronic request. Upon receipt of an operator-applicant’s request, NIC will validate the identity of the requestor (operator-applicant) by using his or her full name, date of birth, driver license number, driver license state and current address against a validation authority. All PII data elements will be encrypted in the PSP system, as more fully described under the heading ‘‘Categories of Records in PSP.’’ RETENTION AND DISPOSAL: 1. CMV crash and inspection records: Pursuant to General Records Schedule (GRS) 20 (‘‘Electronic Records,’’ February 2008, see http:// www.archives.gov/records-mgmt/ardor/ grs20.html), governing extract files, each monthly MCMIS extract in PSP is deleted approximately three (3) months after being superseded by a current MCMIS extract, unless needed longer for administrative, legal, audit or other operational purposes. 2. Financial transaction records: Credit card information is encrypted/ truncated and retained for 30 days. 3. Access transaction records: PSP transaction records are retained for a period of five years. SYSTEM MANAGER CONTACT INFORMATION: PSP System Manager: Arlene D. Thompson; Office of Information Technology; Federal Motor Carrier Safety Administration; U.S. Department of Transportation; 1200 New Jersey Avenue, SE., W65–319; Washington, DC 20590. E:\FR\FM\08MRN1.SGM 08MRN1 Federal Register / Vol. 75, No. 44 / Monday, March 8, 2010 / Notices MCMIS System Manager: Heshmat Ansari, PhD; Division Chief, IT Development Division; Office of Information Technology; Federal Motor Carrier Safety Administration; U.S. Department of Transportation; 1200 New Jersey Avenue, SE., W68–330; Washington, DC 20590. Freedom of Information Act (FOIA) Office: Federal Motor Carrier Safety Administration Attn: FOIA Team MC– MMI; DIR Officer, 1200 New Jersey Avenue, SE., Washington, DC 20590. Notification Procedure: Individual operator-applicants wishing to know if their inspection and crash records appear in this system may directly access the PSP system or make a request in writing to the PSP System Manager identified under ‘‘System Manager Contact Information.’’ Individual operator-applicants wishing to know if their transaction records and credit card information appear in this system may make a written request to the following address: NIC Technologies, Inc., 1477 Chain Bridge Road, Suite 101, McLean, VA 22101. RECORD ACCESS PROCEDURES: Individual operator-applicants seeking access to information about them in this system may directly access the PSP system or apply to the PSP System Manager or the FMCSA FOIA Office identified under ‘‘System Manager Contact Information.’’ CONTESTING RECORD PROCEDURES: Individuals seeking to contest the content of information about them in this system should apply to the System Manager for either PSP or MCMIS by following the same procedures as indicated under ‘‘Notification Procedure.’’ Individuals may also submit a data challenge to DataQs by logging into the DataQs Web site (https://dataqs.fmcsa.dot.gov/login.asp). srobinson on DSKHWCL6B1PROD with NOTICES RECORD SOURCE CATEGORIES: 1. CMV crash and inspection records: All commercial driver crash and inspection data in PSP is received from a monthly MCMIS data extract. The MCMIS SORN identifies the source(s) of the information in MCMIS. 2. Financial transaction records: Credit card information pertaining to an individual card holder (i.e., operatorapplicant) is obtained directly from the card holder, who is responsible for entering it accurately on the PSP Web site. 3. Access transaction records: An audit trail of those entities or persons that accessed the PSP (i.e. authorized motor carriers or validated operator- VerDate Nov<24>2008 17:12 Mar 05, 2010 Jkt 220001 applicants) is automatically created when requests are initiated and when data is released by NIC. These records are internal documents to be used by NIC and FMCSA for auditing, monitoring and compliance purposes. EXEMPTIONS CLAIMED FOR THE SYSTEM: None. Dated: March 2, 2010. Habib Azarsina, Departmental Privacy Officer, 202–366–1965. [FR Doc. 2010–4811 Filed 3–5–10; 8:45 am] BILLING CODE 4910–EX–P DEPARTMENT OF THE TREASURY Office of Foreign Assets Control Additional Designations, Foreign Narcotics Kingpin Designation Act AGENCY: Office of Foreign Assets Control, Treasury. ACTION: Notice. SUMMARY: The Treasury Department’s Office of Foreign Assets Control (‘‘OFAC’’) is publishing the names of 31 individuals and 47 entities whose property and interests in property have been blocked pursuant to the Foreign Narcotics Kingpin Designation Act (‘‘Kingpin Act’’) (21 U.S.C. 1901–1908, 8 U.S.C. 1182). DATES: The designation by the Director of OFAC of the 31 individuals and 47 entities identified in this notice pursuant to section 805(b) of the Kingpin Act is effective on March 2, 2010. FOR FURTHER INFORMATION CONTACT: Assistant Director, Compliance Outreach & Implementation, Office of Foreign Assets Control, Department of the Treasury, Washington, DC 20220, tel.: 202/622–2490. SUPPLEMENTARY INFORMATION: Electronic and Facsimile Availability This document and additional information concerning OFAC are available on OFAC’s Web site (http:// www.treas.gov/ofac) or via facsimile through a 24-hour fax-on demand service, tel.: (202) 622–0077. Background The Kingpin Act became law on December 3, 1999. The Kingpin Act establishes a program targeting the activities of significant foreign narcotics traffickers and their organizations on a worldwide basis. It provides a statutory framework for the President to impose sanctions against significant foreign PO 00000 Frm 00103 Fmt 4703 Sfmt 4703 10557 narcotics traffickers and their organizations on a worldwide basis, with the objective of denying their businesses and agents access to the U.S. financial system and the benefits of trade and transactions involving U.S. companies and individuals. The Kingpin Act blocks all property and interests in property, subject to U.S. jurisdiction, owned or controlled by significant foreign narcotics traffickers as identified by the President. In addition, the Secretary of the Treasury consults with the Attorney General, the Director of the Central Intelligence Agency, the Director of the Federal Bureau of Investigation, the Administrator of the Drug Enforcement Administration, the Secretary of Defense, the Secretary of State, and the Secretary of Homeland Security when designating and blocking the property and interests in property, subject to U.S. jurisdiction, of persons who are found to be: (1) Materially assisting in, or providing financial or technological support for or to, or providing goods or services in support of, the international narcotics trafficking activities of a person designated pursuant to the Kingpin Act; (2) owned, controlled, or directed by, or acting for or on behalf of, a person designated pursuant to the Kingpin Act; or (3) playing a significant role in international narcotics trafficking. On March 2, 2010, the Director of OFAC designated 31 individuals and 47 entities whose property and interests in property are blocked pursuant to section 805(b) of the Foreign Narcotics Kingpin Designation Act. The list of additional designees is as follows: 1. AGROGANADERA LA FORTALEZA, Finca La Fortaleza, Monterrey, Meta, Colombia; Transversal 25 No. 41A–05, Villavicencio, Colombia; Matricula Mercantil No 158119 (Colombia) [SDNTK]. 2. AGROVET EL REMANSO, Carrera 35A No. 17B–05 Sur, Bogota, Colombia; Carrera 86 Sur No. 24A–19 Bdg. 79 L– 3, Bogota, Colombia; Matricula Mercantil No 1095044 (Colombia) [SDNTK]. 3. AGUILAR AGUILAR Y CIA. LTDA., Carrera 70H No. 127A–26, Bogota, Colombia; NIT # 900039614–6 (Colombia) [SDNTK]. 4. AGUILAR ALVAREZ Y CIA. LTDA., Carrera 35 No. 34B–37 of. 20T, Villavicencio, Colombia; NIT # 830122743–9 (Colombia) [SDNTK]. 5. AGUILAR DUARTE, Jose Lenoir, c/ o AGUILAR AGUILAR Y CIA. LTDA., Bogota, Colombia; c/o AGUILAR ALVAREZ Y CIA. LTDA., Villavicencio, Colombia; c/o CARILLANCA E:\FR\FM\08MRN1.SGM 08MRN1

Agencies

[Federal Register Volume 75, Number 44 (Monday, March 8, 2010)]
[Notices]
[Pages 10554-10557]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2010-4811]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Federal Motor Carrier Safety Administration


Privacy Act of 1974; System of Records Notice

AGENCY: Federal Motor Carrier Safety Administration (FMCSA) Department 
of Transportation (DOT).

ACTION: Notice to establish a new system of records.

-----------------------------------------------------------------------

SUMMARY: FMCSA proposes to establish a system of records under the 
Privacy Act of 1974 (5 U.S.C. 552a) for its Pre-Employment Screening 
Program (PSP), as required by 49 U.S.C. 31150. The system of records 
will make crash and inspection data about commercial motor vehicle 
(CMV) drivers rapidly available to CMV drivers (operator-applicants) 
and prospective employers of those drivers (motor carriers), via a 
secure Internet site, as an alternative to requiring them to submit a 
Freedom of Information Act (FOIA) request or Privacy Act request to 
FMCSA for the data.

[[Page 10555]]

    Operator-applicants and motor carriers must pay a fee to access 
data in PSP, but use of PSP is optional. Motor carriers may continue to 
request the information from FMCSA under FOIA, and operator-applicants 
may continue to receive their own safety performance data free of 
charge by submitting a Privacy Act request to FMCSA.
    The PSP system will be administered by a FMCSA contractor, National 
Information Consortium Technologies, LLC (NIC). The PSP contractor will 
not be authorized to provide data to any persons other than motor 
carriers, for pre-employment screening purposes, and operator-
applicants, as required in section 31150 (b)(3). A data request from 
any other person (e.g., a law firm) will be treated as a FOIA request 
by FMCSA. FMCSA will perform audits of the PSP contractor to ensure 
performance, privacy and security objectives are being met. The PSP 
system will only allow operator-applicants to access their own data, 
and will only allow motor carriers to access an individual operator-
applicant's data if the motor carrier certifies the data is for pre-
employment screening and that it has obtained the operator-applicant's 
written consent. The system of records is more thoroughly detailed 
below and in the Privacy Impact Assessment (PIA) that can be found on 
the DOT Privacy Web site at http://www.dot.gov/privacy.

DATES: Effective April 7, 2010. Written comments should be submitted on 
or before the effective date. FMCSA may publish an amended SORN in 
light of any comments received.

ADDRESSES: Send comments to Pam Gosier-Cox, FMCSA Privacy Officer, 
FMCSA Office of Information Technology, MC-RI, U.S. Department of 
Transportation, 1200 New Jersey Avenue, SE., Washington, DC 20590 or 
pam.gosier.cox@dot.gov.

FOR FURTHER INFORMATION CONTACT: For privacy issues please contact: Pam 
Gosier-Cox, FMCSA Privacy Officer, FMCSA Office of Information 
Technology, MC-RI, U.S. Department of Transportation, 1200 New Jersey 
Avenue, SE., Washington, DC 20590 or pam.gosier.cox@dot.gov.

SUPPLEMENTARY INFORMATION: 

 I. The PSP Program

    Section 31150 of title 49, U.S. Code (USC), titled ``Safety 
performance history screening'' as added by section 4117(a) of the 
Safe, Accountable, Flexible, Efficient Transportation Equity Act: A 
Legacy for Users (SAFETEA-LU), Public Law 109-59, 119 Stat. 1144, 1728-
1729, August 10, 2005, requires FMCSA to provide persons conducting 
pre-employment screening services for the motor carrier industry 
electronic with access to the following reports contained in FMCSA's 
Motor Carrier Management Information System (MCMIS):
    (1) Commercial motor vehicle accident reports.
    (2) Inspection reports that contain no driver-related safety 
violations.
    (3) Serious driver-related safety violation inspection reports.
    FMCSA designed PSP to satisfy the requirements of 49 U.S.C. 31150 
and to meet the following performance, privacy and security objectives:
     Provide driver-related MCMIS crash and inspection data 
electronically, via a secure Internet site, for a fee, and in a timely 
and professional manner;
     Allow operator-applicants to access their own data upon 
written or electronic request, and allow motor carriers to access an 
operator-applicant's data, for pre-employment screening purposes, with 
the operator-applicant's written or electronic consent;
     Maintain, handle, store, and distribute the data in PSP in 
accordance with 49 U.S.C. 31150 and applicable laws, regulations and 
policies; and
     Provide a redress procedure by which an operator-applicant 
can seek to correct inaccurate information in PSP, via the DataQs 
system currently maintained by FMCSA.

II. The Privacy Act

    The Privacy Act (5 USC 552a) governs the means by which the United 
States Government collects, maintains, and uses personally identifiable 
information (PII) in a system of records. A ``system of records'' is a 
group of any records under the control of a Federal agency from which 
information about individuals is retrieved by name or other personal 
identifier.
    The Privacy Act requires each agency to publish in the Federal 
Register a system of records notice (SORN) identifying and describing 
each system of records the agency maintains, including the purposes for 
which the agency uses PII in the system, the routine uses for which the 
agency discloses such information outside the agency, and how 
individuals to whom a Privacy Act record pertains can exercise their 
rights under the Privacy Act (e.g., to determine if the system contains 
information about them).

IV. Privacy Impact Assessment

    FMCSA is publishing a Privacy Impact Assessment (PIA) to coincide 
with the publication of this SORN. In accordance with 5 USC 552a(r), a 
report on the establishment of this system of records has been sent to 
Congress and to the Office of Management and Budget.
System Number:
    DOT/FMCSA 007

System Name:
    Pre-Employment Screening Program (PSP).

Security Classification:
    Unclassified, Sensitive.

System Location:
     NIC Primary Data Center
    AT&T Data Center, Ashburn, VA 20147.
     NIC Secondary Data Center
    AT&T Data Center, Allen, TX 75013.

Categories of Individuals Covered by the System of Records:
    PSP will include personally identifiable information (PII) 
pertaining to CMV, as defined by 49 CFR 390.5, drivers (referred to 
herein as operator-applicants).

Categories of Records in PSP:
    PSP will contain the following categories of records, in separate 
databases:
    1. CMV crash and inspection records. Each month, FMCSA will provide 
the PSP contractor with a current MCMIS data extract containing the 
most recent five (5) years' crash data and the most recent three (3) 
years' inspection information. The MCMIS data extract in PSP will 
include the following PII data elements, all of which will be 
encrypted:
     CMV driver name (last, first, middle initial)
     CMV driver date of birth
     CMV driver license number
     CMV driver license state
    2. Financial transaction records. The PSP system will contain 
records of payments processed by the contractor, NIC, to collect fees 
charged to motor carriers and operator-applicants for accessing crash 
and inspection data in PSP. The financial transaction records will 
include the following PII data elements, which will be encrypted (and, 
in some cases, truncated):
     Credit card holder name
     Credit card account number
     Account holder address
    Card Verification Value Code (CVV) numbers will be temporarily 
captured by the system but will not be retained or stored in PSP.
    3. Access transaction records. The PSP system will contain records 
of all access transactions processed over the PSP Web site. Access 
transaction records will include the following PII data elements, which 
will be encrypted:

[[Page 10556]]

     CMV driver name (last, first, middle initial)
     CMV driver date of birth
     CMV driver license number
     CMV driver license State
     CMV driver address.

Authority for Maintenance of the System:
    49 U.S.C. 31150, as added by section 4117 of Public Law 109-59 
[Safe, Accountable, Flexible, Efficient Transportation Equity Act: A 
Legacy for Users (SAFETEA-LU)].

Purpose(s):
    Authorized DOT/FMSCA staff and contractor personnel will use the 
following PII in PSP for the following purposes:
     To provide system support and maintenance for PSP.
     To make CMV crash and inspection records available to 
operator-applicants and motor carriers upon receipt of validated access 
requests and fee payments.
     To process credit card payments and collect fees for the 
requested access transactions.
     To create a historical record of PSP usage for accounting 
and compliance audit purposes.

Routine Uses of Records Maintained in the System, Including Categories 
of Users and Purposes of Use:
    The PSP system will share PII outside DOT as follows:
     Authorized motor carriers may access an individual's 
operator-applicant's crash and inspection data in PSP with the 
operator-applicant's written consent and payment of a fee.
     Validated operator-applicants may access their own crash 
and inspection data in PSP upon written request and payment of a fee.
     When an operator-applicant makes a request for his or her 
own data from PSP, the FMCSA contractor will request that the operator-
applicant provide his or her full name, date of birth, driver license 
number, driver license state and current address to verify the identity 
of the operator-applicant and this information will be transmitted to 
the Validation Authority of the FMCSA contractor (e.g. Lexis-Nexis) to 
verify and validate the individual operator-applicant requesting access 
to his or her own inspection and crash data.
     Other possible routine uses of the information, applicable 
to all DOT Privacy Act systems of records, are published in the Federal 
Register at 65 FR 19476 (April 11, 2000), under ``Prefatory Statement 
of General Routine Uses'' (available at http://www.dot.gov/privacy/privacyactnoties/).

Disclosure to Consumer Reporting Agencies:
    None.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, 
and Disposing of Records:
Storage:
    Records will be stored in secure database servers, and data will be 
backed up on a Storage Area Network (SAN) in encrypted/truncated form. 
Any paper records received or required for purposes of processing data 
requests will be stored in secure file folders at NIC's Primary Data 
Center.

Retrievability:
    CMV crash and inspection records in the PSP database will be 
retrieved by using the operator-applicant's last name, license number, 
and license state. Additional operator-applicant information (e.g., 
date of birth, first name, and middle initial) will be used to confirm 
the accuracy of the search.

Accessibility (Including Safeguards):
    All records in PSP will be protected from unauthorized access 
through appropriate administrative, physical and technical safeguards. 
Electronic files will be stored in a database secured by password 
security, encryption, firewalls, and secured operating systems, to 
which only authorized NIC or DOT/FMCSA personnel will have access, on a 
need-to-know basis. Paper files will be stored in file cabinets in a 
locked file room to which only authorized NIC and DOT/FMCSA personnel 
will have access, on a need-to-know basis. All access to the electronic 
system and paper files will be logged and monitored. NIC will be 
subject to routine audits of the PSP program by FMCSA to ensure 
compliance with the Privacy Act, applicable sections of the Fair Credit 
Reporting Act and other applicable Federal laws, regulations, or other 
requirements.
    Access by external users (operator-applicants and motor carriers) 
will be restricted within the system based upon the user's role as an 
authorized motor carrier or validated operator-applicant. An authorized 
motor carrier and validated operator-applicant is an entity or person 
who has been provided a unique user identification and password by NIC 
and must use the unique identification and password to access data in 
PSP. External users will be able to query the CMV crash and inspection 
database only (the financial transaction database and access request 
database cannot be externally queried). NIC will provide users with an 
advisory statement that authorized motor carriers could be subject to 
criminal penalties and other sanctions under 18 U.S.C. 1001 for misuse 
of the PSP system.
    In order for a motor carrier to receive an individual operator-
applicant's crash and inspection data, the motor carrier must certify, 
for each request, under penalty of perjury, that the request is for 
pre-employment purposes only and that written consent of the operator-
applicant has been obtained. Upon completion of certification, the NIC 
will send a notification to the motor carrier that the individual 
operator-applicant data is available on secure Web site. The motor 
carrier will access this individual's information by entering a unique 
identification and password. Motor carriers will be required to 
maintain each operator-applicant's signed, written consent form for 
five (5) years. Motor carriers are subject to random audits from NIC 
and/or FMCSA to ensure that written consent of operator-applicants was 
obtained.
    The PSP system also allows validated operator-applicants to access 
their own crash and inspection data upon written or electronic request. 
Upon receipt of an operator-applicant's request, NIC will validate the 
identity of the requestor (operator-applicant) by using his or her full 
name, date of birth, driver license number, driver license state and 
current address against a validation authority.
    All PII data elements will be encrypted in the PSP system, as more 
fully described under the heading ``Categories of Records in PSP.''

Retention and Disposal:
    1. CMV crash and inspection records: Pursuant to General Records 
Schedule (GRS) 20 (``Electronic Records,'' February 2008, see http://www.archives.gov/records-mgmt/ardor/grs20.html), governing extract 
files, each monthly MCMIS extract in PSP is deleted approximately three 
(3) months after being superseded by a current MCMIS extract, unless 
needed longer for administrative, legal, audit or other operational 
purposes.
    2. Financial transaction records: Credit card information is 
encrypted/truncated and retained for 30 days.
    3. Access transaction records: PSP transaction records are retained 
for a period of five years.

System Manager Contact Information:
    PSP System Manager: Arlene D. Thompson; Office of Information 
Technology; Federal Motor Carrier Safety Administration; U.S. 
Department of Transportation; 1200 New Jersey Avenue, SE., W65-319; 
Washington, DC 20590.

[[Page 10557]]

    MCMIS System Manager: Heshmat Ansari, PhD; Division Chief, IT 
Development Division; Office of Information Technology; Federal Motor 
Carrier Safety Administration; U.S. Department of Transportation; 1200 
New Jersey Avenue, SE., W68-330; Washington, DC 20590.
    Freedom of Information Act (FOIA) Office: Federal Motor Carrier 
Safety Administration Attn: FOIA Team MC-MMI; DIR Officer, 1200 New 
Jersey Avenue, SE., Washington, DC 20590.
    Notification Procedure: Individual operator-applicants wishing to 
know if their inspection and crash records appear in this system may 
directly access the PSP system or make a request in writing to the PSP 
System Manager identified under ``System Manager Contact Information.'' 
Individual operator-applicants wishing to know if their transaction 
records and credit card information appear in this system may make a 
written request to the following address:
    NIC Technologies, Inc., 1477 Chain Bridge Road, Suite 101, McLean, 
VA 22101.

Record Access Procedures:
    Individual operator-applicants seeking access to information about 
them in this system may directly access the PSP system or apply to the 
PSP System Manager or the FMCSA FOIA Office identified under ``System 
Manager Contact Information.''

Contesting Record Procedures:
    Individuals seeking to contest the content of information about 
them in this system should apply to the System Manager for either PSP 
or MCMIS by following the same procedures as indicated under 
``Notification Procedure.'' Individuals may also submit a data 
challenge to DataQs by logging into the DataQs Web site (https://dataqs.fmcsa.dot.gov/login.asp).

Record Source Categories:
    1. CMV crash and inspection records: All commercial driver crash 
and inspection data in PSP is received from a monthly MCMIS data 
extract. The MCMIS SORN identifies the source(s) of the information in 
MCMIS.
    2. Financial transaction records: Credit card information 
pertaining to an individual card holder (i.e., operator-applicant) is 
obtained directly from the card holder, who is responsible for entering 
it accurately on the PSP Web site.
    3. Access transaction records: An audit trail of those entities or 
persons that accessed the PSP (i.e. authorized motor carriers or 
validated operator-applicants) is automatically created when requests 
are initiated and when data is released by NIC.
    These records are internal documents to be used by NIC and FMCSA 
for auditing, monitoring and compliance purposes.

Exemptions Claimed for the System:
    None.

    Dated: March 2, 2010.
Habib Azarsina,
Departmental Privacy Officer, 202-366-1965.
[FR Doc. 2010-4811 Filed 3-5-10; 8:45 am]
BILLING CODE 4910-EX-P