Office of Chief Information Officer; Agency Information Collection Activities: REAL ID: Minimum Standards for Driver's Licenses and Identification Cards Acceptable by Federal Agencies for Official Purposes, 29287-29289 [2016-11133]

Agencies

• DEPARTMENT OF HOMELAND SECURITY

[Federal Register Volume 81, Number 91 (Wednesday, May 11, 2016)]
[Notices]
[Pages 29287-29289]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-11133]


-----------------------------------------------------------------------

DEPARTMENT OF HOMELAND SECURITY


Office of Chief Information Officer; Agency Information 
Collection Activities: REAL ID: Minimum Standards for Driver's Licenses 
and Identification Cards Acceptable by Federal Agencies for Official 
Purposes

AGENCY: Office of the Secretary, DHS.

ACTION: 30-Day Notice and request for comments; Reinstatement with 
change, 1601-0005.

-----------------------------------------------------------------------

SUMMARY: The Department of Homeland Security, Office of the Secretary, 
will submit the following Information Collection Request (ICR) to the 
Office of Management and Budget (OMB) for review and clearance in 
accordance with the Paperwork Reduction Act of 1995 (Pub. L. 104-13, 44 
U.S.C. chapter 35). DHS previously published this information 
collection request (ICR) in the Federal Register on Monday, February 
22, 2016 at 81 FR 8736 for a 60-day public comment period. Three 
comments were received by DHS. The purpose of this notice is to allow 
an additional 30 days for public comments.

DATES: Comments are encouraged and will be accepted until June 10, 
2016. This process is conducted in accordance with 5 CFR 1320.1.

ADDRESSES: Interested persons are invited to submit written comments on 
the proposed information collection to the Office of Information and 
Regulatory Affairs, Office of Management and Budget. Comments should be 
addressed to OMB Desk Officer, Department of Homeland Security and sent 
via electronic mail to oira_submission@omb.eop.gov or faxed to (202) 
395-5806.

SUPPLEMENTARY INFORMATION: The REAL ID Act of 2005 (the Act) prohibits 
Federal agencies from accepting State-issued drivers' licenses or 
identification cards for any official purpose--defined by the Act and 
regulations as boarding commercial aircraft, accessing Federal 
facilities, or entering nuclear power plants--unless the license or 
card is issued by a State that meets the requirements set forth in the 
Act. Title II of Division B of Public Law 109-13, codified at 49 U.S.C. 
30301 note. The REAL ID regulations, which DHS issued in January 2008, 
establish the minimum standards that States must meet to comply with 
the Act. See 73 FR 5272, also 6 CFR part 37 (Jan. 29, 2008). These 
include requirements for presentation and verification of documents to 
establish identity and lawful status, standards for document issuance 
and security, and physical security requirements for drivers' license 
production facilities. For a State to achieve full compliance, the 
Department of Homeland Security (DHS) must make a final determination 
that the State has met the requirements contained in the regulations 
and is compliant with the Act. The regulations include new information 
reporting and record keeping requirements for States seeking a full 
compliance determination by DHS. As discussed in more detail below, 
States seeking DHS's full compliance determination must certify that 
they are meeting certain standards in the issuance of drivers' licenses 
and identification cards and submit security plans covering physical 
security of document production and storage facilities as well as 
security of personally identifiable information. 6 CFR 37.55(a). States 
also must conduct background checks and training for employees involved 
in the document production and issuance processes and retain and store 
applicant photographs

[[Page 29288]]

and other source documents. 6 CFR 37.31 and 37.45. States must 
recertify compliance with REAL ID every three years on a rolling basis 
as determined by the Secretary of Homeland Security. 6 CFR 37.55.
    Certification Process Generally--Section 202(a)(2) of the REAL ID 
Act requires the Secretary to determine whether a state is meeting its 
requirements, ``based on certifications made by the State to the 
Secretary.'' To assist DHS in making a final compliance determination, 
37.55 of the rule requires the submission of the following materials: 
(1) A certification by the highest level Executive official in the 
State overseeing the DMV that the State has implemented a program for 
issuing driver's licenses and identification cards in compliance with 
the REAL ID Act; (2) A letter from the Attorney General of the State 
confirming the State has the legal authority to impose requirements 
necessary to meet the standards; (3) A description of a State's 
exceptions process to accept alternate documents to establish identity 
and lawful status and wavier process used when conducting background 
checks for individuals involved in the document production process; and 
(4) The State's security plan.
    Additionally, after a final compliance determination by DHS, states 
must recertify compliance every three years on a rolling basis as 
determined by DHS. 6 CFR 37.55(b).
    State REAL ID programs will be subject to DHS review to determine 
whether the State meets the requirements for compliance. States must 
cooperate with DHS's compliance review and provide any reasonable 
information requested by DHS relevant to determining compliance. Under 
the rule, DHS may inspect sites associated with the enrollment of 
applicants and the production, manufacture, personalization, and 
issuance of driver's licenses or identification cards. DHS also may 
conduct interviews of employees and contractors involved in the 
document issuance, verification, and production processes. 6 CFR 
37.59(a).
    Following a review of a State's certification package, DHS may make 
a preliminary determination that the State needs to take corrective 
actions to achieve full compliance. In such cases, a State may have to 
respond to DHS and explain the actions it took or plans to take to 
correct any deficiencies cited in the preliminary determination or 
alternatively, detail why the DHS preliminary determination is 
incorrect. 6 CFR 37.59(b).
    Security Plans--In order for States to be in compliance with the 
Act, they must ensure the security of production facilities and 
materials and conduct background checks and fraudulent document 
training for employees involved in document issuance and production. 
REAL ID Act sec. 202(d)(7)-(9). The Act also requires compliant 
licenses and identification cards to include features to prevent 
tampering, counterfeiting, or duplication. REAL ID Act sec. 202(b). To 
document compliance with these requirements, the regulations require 
States to prepare a security plan and submit it as part of their 
certification package. 6 CFR 37.41. At a minimum, the security plan 
must address steps the State is taking to ensure: The physical security 
of production materials and storage and production facilities; security 
of personally identifiable information maintained at DMVs including a 
privacy policy and standards and procedures for document retention and 
destruction; document security features including a description of the 
use of biometrics and the technical standards used; facility access 
control including credentialing and background checks; fraudulent 
document and security awareness training; emergency response; internal 
audit controls; and an affirmation that the state possesses the 
authority and means to protect the confidentiality of REAL ID documents 
issued in support of criminal justice agencies or similar programs. The 
security plan also must include a report on card security and 
integrity.
    Background checks and waiver process--Within its security plans, 
the rule requires States to outline their approach to conducting 
background checks of certain DMV employees involved in the card 
production process. 6 CFR 37.45. Specifically, States are required to 
perform background checks on persons who are involved in the 
manufacture or production of REAL ID driver's licenses and 
identification cards, as well as on individuals who have the ability to 
affect the identity information that appears on the driver's license or 
identification card and on current employees who will be assigned to 
such positions. The background check must include a name-based and 
fingerprint-based criminal history records check, an employment 
eligibility check, and for newer employees a prior employment reference 
check. The regulation permits a State to establish procedures to allow 
for a waiver for certain background check requirements in cases, for 
example, where the employee has been arrested, but no final disposition 
of the matter has been reached.
    Exceptions Process--Under the rule, a State DMV may choose to 
establish written, defined exceptions process for persons who, for 
reasons beyond their control, are unable to present all necessary 
documents and must rely on alternate documents to establish identity 
and date of birth. 6 CFR 37.11(h). Alternative documents to demonstrate 
lawful status will only be allowed to demonstrate U.S. citizenship. The 
State must retain copies or images of the alternate documents accepted 
under the exceptions process and submit a report with a copy of the 
exceptions process as part of its certification package.
    Recordkeeping--The rule requires States to maintain photographs of 
applicants and records of certain source documents. Paper or microfiche 
copies of these documents must be retained for a minimum of seven 
years. Digital images of these documents must be retained for a minimum 
of ten years. 6 CFR 37.31.
    Extension Requests--Pursuant to sec. 37.63 of the Final Rule, 
States granted an initial extension may file a request for an 
additional extension. Subsequent extensions will be granted at the 
discretion of the Secretary.
    The collection of the information will support the information 
needs of DHS in its efforts to determine State compliance with 
requirements for issuing REAL ID driver's licenses and identification 
cards. States may submit the required documents in any format that they 
choose. DHS has not defined specific format submission requirements for 
States. DHS will use all of the submitted documentation to evaluate 
State progress in implementing the requirements of the REAL ID Final 
Rule. DHS has used information provided under the current collection to 
grant extensions and track state progress.
    Submission of the security plan helps to ensure the integrity of 
the license and identification card issuance and production process and 
outlines the measures taken to protect personal information collected, 
maintained, and used by State DMVs. Additionally, the collection will 
assist other Federal and State agencies conducting or assisting with 
necessary background and immigration checks for certain employees. The 
purpose of the name-based and fingerprint based CHRC requirement is to 
ensure the suitability and trustworthiness of individuals who have the 
ability to affect the identity information that appears on the license; 
have access to the production process; or who are involved in the 
manufacture or issuance of the licenses and identification cards.

[[Page 29289]]

    In compliance with Government Paperwork Elimination Act, States 
will be permitted to electronically submit the information for their 
security plans, certification packages, recertifications, extensions, 
and written exceptions processes. States will be permitted to submit 
electronic signatures but must keep the original signature on file. 
Additionally, because they contain sensitive security information 
(SSI), the security plans must be handled and protected in accordance 
with 49 CFR part 1520. 6 CFR 37.41(c). The final rule does not dictate 
how States must submit their employees' fingerprints to the FBI for 
background checks; however it is assumed States will do so via 
electronic means or another means determined by the FBI.
    Information provided will be protected from disclosure to the 
extent appropriate under applicable provisions of the Freedom of 
Information Act, the Privacy Act of 1974, the Driver's Privacy 
Protection Act, as well as DHS's Privacy Impact Assessment for the REAL 
ID Act.
    There have been no program changes or new requirements established 
as a result of this collection request. Extensions were covered in the 
initial request however it was incorrectly removed from the subsequent 
request.
    The Office of Management and Budget is particularly interested in 
comments which:
    1. Evaluate whether the proposed collection of information is 
necessary for the proper performance of the functions of the agency, 
including whether the information will have practical utility;
    2. Evaluate the accuracy of the agency's estimate of the burden of 
the proposed collection of information, including the validity of the 
methodology and assumptions used;
    3. Enhance the quality, utility, and clarity of the information to 
be collected; and
    4. Minimize the burden of the collection of information on those 
who are to respond, including through the use of appropriate automated, 
electronic, mechanical, or other technological collection techniques or 
other forms of information technology, e.g., permitting electronic 
submissions of responses.

Analysis

    Agency: Office of the Secretary, DHS.
    Title: REAL ID: Minimum Standards for Driver's Licenses and 
Identification Cards Acceptable by Federal Agencies for Official 
Purposes.
    OMB Number: 1601-0005.
    Frequency: Annually.
    Affected Public: State, local, and tribal governments.
    Number of Respondents: 56.
    Estimated Time per Respondent: 1,178 hours.
    Total Burden Hours: 446,246 hours.

    Dated: May 5, 2016.
Carlene C. Ileto,
Executive Director, Enterprise Business Management Office.
[FR Doc. 2016-11133 Filed 5-10-16; 8:45 am]
BILLING CODE 9110-9B-P