Privacy Act of 1974; Department of Transportation, National Highway Traffic Safety Administration; DOT/NHTSA-415; Vehicle Owner Questionnaire (VOQ) System, 17234-17239 [2019-08171]

Download as PDF jbell on DSK30RV082PROD with NOTICES 17234 Federal Register / Vol. 84, No. 79 / Wednesday, April 24, 2019 / Notices opinions obtained initially or in followon requests, from individuals (including individuals in control groups) under treatment or clinical examination in connection with research on or prophylaxis to prevent a clinical disorder, direct treatment of that disorder, or the interpretation of biological analyses of body fluids, tissues, or other specimens, or the identification or classification of such specimens.’’ However, as provided in 5 U.S.C. 1320.3(h), OMB may determine that any specific item constitutes ‘‘information.’’ NHTSA has consulted with OMB on a proposed research study and OMB has determined that, for the purpose of NHTSA’s research study, the collection of the blood samples and deidentified information, including patient demographics, cause of injury, and injury severity, is a collection of information for which NHTSA must seek clearance from OMB. Respondents: Participants will include approximately 7,500 people seriously injured in a motor vehicle crash (MVC) arriving at one of the selected trauma centers or morgues immediately after the crash injury was incurred. As such, participants will include seriously-injured and fatallyinjured drivers and other crash-involved road users (e.g., passengers, pedestrians, bicyclists, scooter riders). Estimated Time per Participant: The trauma centers and medical examiners at the selected study sites universally draw patients’ blood for clinical treatment or autopsy purposes. The trauma centers and medical examiners also collect other information such as patient demographics, cause of injury, injury severity, and drugs administered during treatment as part of their normal operating procedures. The only blood that will be used in this study will be de-identified blood samples that were collected, but not used, during their routine clinical procedures. The study will also use other de-identified information that was collected as part of their routine clinical documentation procedures. Again, this information would be collected even in the absence of NHTSA’s research study. As such, NHTSA does not estimate any burden on the participants. Total Estimated Annual Burden Hours: 0.00 hours per year. Frequency of Collection: The collection is part of a one-time study. The trauma centers will provide deidentified information on a patient every time an individual presents to the trauma center as an MVC victim. When available, blood samples from MVC victims that were already collected as part of routine clinical procedures will VerDate Sep<11>2014 17:20 Apr 23, 2019 Jkt 247001 be de-identified and provided for toxicological analyses. Similarly, the medical examiners will provide deidentified information on the fatallyinjured MVC victims in the morgue and will provide a blood sample, when available, after all clinical procedures are complete. Abstract: The National Highway Traffic Safety Administration (NHTSA) seeks to examine the prevalence of legal and illegal drugs in the systems of seriously- or fatally-injured drivers and other crash-involved road users presenting directly to the selected trauma centers or medical examiners. The contracted trauma centers and medical examiners will provide the study with de-identified blood samples, when available, that were already collected during their routine clinical treatment activities. The study will then conduct independent drug toxicology testing to determine the prevalence of alcohol and other drugs in the systems of the participants. The trauma centers and medical examiners will also provide the study with other deidentified participant classification information such as patient demographics, cause of injury, and injury severity. The trauma centers and medical examiners will provide this already-collected and de-identified information to the study in accordance with all applicable Federal, State, and local regulations governing the sharing of such information and as approved by the study Institutional Review Board. Description of the Need for the Information and Proposed Use of the Information: NHTSA’s mission is to save lives, prevent injuries and reduce traffic-related health care and other economic costs. The agency develops, promotes and implements educational, and enforcement programs with the goal of ending preventable tragedies and reducing economic costs associated with vehicle use and highway travel. There is a dearth of information on drug prevalence for seriously-injured MVC victims with only a couple studies exploring the issue in the United States (e.g., Walsh, et al., 2004 1) and Canada (e.g., Brubacher et al., 2016 2). This study seeks to help fill a gap in the state of knowledge concerning drug prevalence among MVC victims who are 1 Walsh, J. M., Flegel, R., Cangianelli, L. A., Atkins, R., Soderstrom, C.A., & Kerns, T. J. (2004). Epidemiology of alcohol and other drug use among motor vehicle crash victims admitted to a trauma center. Traffic Injury Prevention, 5(3), 254–60. 2 Brubacher, J., Chan, H., Martz, W., Schreiber, W., Abridge, M., Eppler, J., Lund, A., Macdonald, S., Drummer, O., Purssell, R., Andolfatto, G., Mann, R., & Brant, R. (2016). Prevalence of alcohol and drug use in injured British Columbia drivers. BMJ Open, 6(3), e009278. PO 00000 Frm 00101 Fmt 4703 Sfmt 4703 seriously- or fatally-injured, and present directly to a trauma center or morgue. While the sample is not nationally representative and will not be used for national estimates, the results of this research will produce information on a large sample of MVC victims, and will assist NHTSA in better understanding the prevalence of different drugs among the seriously- and-fatally-injured at the participating trauma centers and morgues. Authority: 44 U.S.C. Section 3506(c)(2)(A). Issued in Washington, DC on April 19, 2019. Jon Krohmer, Associate Administrator, Acting, Research and Program Development. [FR Doc. 2019–08263 Filed 4–23–19; 8:45 am] BILLING CODE 4910–59–P DEPARTMENT OF TRANSPORTATION National Highway Traffic Safety Administration [Docket No. DOT–OST–2019–0057] Privacy Act of 1974; Department of Transportation, National Highway Traffic Safety Administration; DOT/ NHTSA–415; Vehicle Owner Questionnaire (VOQ) System National Highway Traffic Safety Administration, Department of Transportation. ACTION: Notice of a modified system of records. AGENCY: In accordance with the Privacy Act of 1974, the National Highway Traffic Safety Administration (NHTSA) proposes to update, reissue, and rename a previously published Department of Transportation (DOT) system of records titled, ‘‘Department of Transportation—DOT/NHTSA 415 Artemis/Vehicle Owner Complaint Information.’’ This system of records allows NHTSA to collect and retain complaints, letters communicating vehicle or equipment concerns, and supporting documentation which may include photos, videos, police accident reports, repair invoices or medical information (collectively, ‘‘vehicle owner questionnaires’’ or ‘‘VOQs’’) submitted by or on behalf of vehicle or equipment owners and lessees (consumers). NHTSA updated the notice with regards to: System Name to Vehicle Owner Questionnaire (VOQ) System to appropriately identify the specific records maintained in the Artemis system covered by the Privacy Act; System Location to include NHTSA’s current address and the location of the SUMMARY: E:\FR\FM\24APN1.SGM 24APN1 jbell on DSK30RV082PROD with NOTICES Federal Register / Vol. 84, No. 79 / Wednesday, April 24, 2019 / Notices Federal disaster recovery facility in Stennis, MS; System Managers to update the name and contact information for the system’s current points of contact; Authority for Maintenance of the System to reflect the system’s underlying authority; Purposes to provide clarity and facilitate understanding of NHTSA investigation and recall processes; Categories of Records to provide greater clarity of the type of records and information included in the system; Record Source Categories to provide additional information about the mechanisms used by NHTSA for collecting records in the system; and Routine Uses to modify an existing routine use to permit sharing of records with manufacturers named in VOQs earlier in NHTSA’s investigation and recall processes than permitted under the previously published system of records notice (SORN), unless a consumer ‘‘opts-out’’ at the time of collection, and to provide additional details and clarification about NTHSA referrals of complaints to other agencies; and Policies and Practices for Storage, Retrieval, Retention and Disposal of Records, respectively, to provide additional information about the location of the system, methods of retrieval, individuals permitted to retrieve records, and to specify the applicable NARA record retention schedule; Administration, Technical and Physical Safeguards to detail the privacy-risk mitigating controls applicable to the system. Additionally, this notice includes non-substantive changes to simplify and clarify the language, formatting, and text of the previously published notice to align with the requirements of Office of Management and Budget Memoranda A–108. This updated system, Vehicle Owner Questionnaire (VOQ) System, will be included in the Department of Transportation’s inventory of record systems. DATES: Written comments must be submitted on or before May 24, 2019. The modified system will be effective immediately with the exception of the modified routine use which will be effective May 24, 2019. ADDRESSES: You may submit comments, identified by docket number DOT–OST– 2019–0057 by one of the following methods: • Federal e-Rulemaking Portal: http:// www.regulations.gov. Follow the instructions for submitting comments. • Fax: 202–493–2251. • Mail: Department of Transportation Docket Management, Room W12–140, 1200 New Jersey Ave. SE, Washington, DC 20590. VerDate Sep<11>2014 17:20 Apr 23, 2019 Jkt 247001 Instructions: You must include the agency name and docket number, DOT– OST–2019–0057. All comments received will be posted without change to http://www.regulations.gov, including any personal information provided. Privacy Act: In accordance with 5 U.S.C. 553(c), DOT solicits comments from the public to better inform its rulemaking process. DOT posts these comments, without edit, to www.regulations.gov. In order to facilitate comment tracking and response, we encourage commenters to provide their name, or the name of their organization; however, submission of names is completely optional. Whether or not commenters identify themselves, all timely comments will be fully considered. If you wish to provide comments containing proprietary or confidential information, please contact the agency for alternate submission instructions. Docket: For access to the docket to read background documents or comments received, go to https:// www.regulations.gov or to the street address listed above. Follow the online instructions for accessing. FOR FURTHER INFORMATION CONTACT: For system-related questions please contact Jeff Giuseppe (202–366–1605), ODI_ Privacy@dot.gov, Associate Administrator, Enforcement, NHTSA, 1200 New Jersey Ave. SE, Washington, DC 20590. For privacy questions, please contact: Claire W. Barrett (202–366– 8135), privacy@dot.gov. Departmental Chief Privacy Officer, Department of Transportation, 1200 New Jersey Ave. SE, Washington, DC 20590. SUPPLEMENTARY INFORMATION: I. Background In accordance with the Privacy Act of 1974, NHTSA proposes to update, reissue, and rename a previously published DOT system of records titled, ‘‘Department of Transportation—DOT/ NHTSA 415 Artemis/Vehicle Owner Complaint Information.’’ The updated system of records consists of VOQs submitted by or on behalf of consumers. Under 49 U.S.C. Chapter 301, NHTSA Office of Defects Investigation (ODI), is responsible for identifying, investigating and ensuring the remedy, through safety recalls conducted by manufacturers, of safety-related defects and noncompliance issues in motor vehicles and items of motor vehicle equipment. To accomplish this, ODI collects and evaluates information from several different sources: Consumers, motor vehicle and equipment manufacturers, State and local law enforcement, insurance companies, automobile PO 00000 Frm 00102 Fmt 4703 Sfmt 4703 17235 dealers, advocacy groups, and other entities. Among the types of information collected by ODI are VOQs that can be submitted through NHTSA’s website https://www.NHTSA.gov, through a telephone hotline where an operator inputs the consumer’s information into an electronic form, or a hard copy form sent to NHSTA by mail. ODI also receives letters from consumers and their Congressional representatives communicating vehicle and equipment concerns that the Agency, in addition to or in place of the questionnaire form. This system enables NHTSA to facilitate the defect investigation and recall processes, which may include contacting consumers regarding their complaints or recalls affecting their vehicle. ODI relies on the Advanced Retrieval (Tire, Equipment, Motor Vehicles) Information System (ARTEMIS) to provide centralized storage, document management and data analysis tools for all information collected in support of the defect investigation process, including VOQs. NHTSA uses the information in this system to help the Agency identify, investigate and ensure that manufactures remedy, through recall, replacement or repair, (1) potential safety defects and failures to comply with Federal Motor Vehicle Safety Standards (FMVSS) in motor vehicles and items of motor vehicle equipment, and (2) problems with the scope, administration, notification or remedy of a recall. NHTSA also may use the email addresses and Vehicle Identification Numbers (VINs) collected, to contact consumers whose vehicles are the subject of VOQs, and to notify consumers via email of open recalls applicable to the vehicles or equipment referenced in their VOQs. Changes to the System Name, System Location, System Managers, Authority, Purpose, Categories of Individuals Covered by the System, Categories of Records in the System, Record Source Categories, Policies and Practices for Storage, Retrieval, Retention and Disposal of Records, and Safeguards improve transparency, but do not reflect substantive changes to the Notice. In particular, NHTSA’s change to the System Name is intended to clarify for members of the public that only VOQs (as defined above) and not all documents stored in ARTEMIS, are part of the VOQ Privacy Act system of records that is the subject of this notice. Changes to the SORN include: 1. System Name to Vehicle Owner Questionnaire (VOQ) System to appropriately identify the specific records maintained in the Artemis system covered by the Privacy Act; E:\FR\FM\24APN1.SGM 24APN1 jbell on DSK30RV082PROD with NOTICES 17236 Federal Register / Vol. 84, No. 79 / Wednesday, April 24, 2019 / Notices 2. System Location to include NHTSA’s current address and the location of the Federal disaster recovery facility in Stennis, MS; 3. System Managers to update the name and contact information for the system’s current points of contact; 4. Authority for Maintenance of the System to reflect the system’s underlying authority; 5. Purposes to provide clarity and facilitate understanding of NHTSA investigation and recall processes; 6. Categories of Records to provide greater clarity of the type of records and information included in the system; 7. Record Source Categories to provide additional information about the mechanisms used by NHTSA for collecting records in the system; 8. Routine Uses to modify an existing routine use to permit sharing of records with manufacturers named in VOQs earlier in NHTSA’s investigation and recall processes than permitted under the previously published SORN, unless a consumer ‘‘opts-out’’ at the time of collection; 9. Routine uses to replace a general routine use permitting NHTSA to refer complaints to other state or federal agencies with three separate routines uses specifying that NHTSA may share consumer complaints with the National Transportation Safety Board (NTSB) in connect with NTSB investigations of surface transportation incidents, and highway accidents and incidents including those at railway grade crossings; to the Consumer Product Safety Commission to support enforcement of consumer product safety laws; to the Federal Trade Commission in matters involving potential unfair or deceptive practices; 10. Routine uses to add a routine use permitting NHTSA to share with the Department of Homeland Security consumer complaints indicative of a cybersecurity vulnerability impacting critical infrastructure; 11. Routine Uses to remove internal uses of the information in the VOQ by ODI which are more appropriately addressed in the system’s Purpose. 12. Policies and Practices for Storage, Retrieval, Retention and Disposal of Records, respectively, to provide additional information about the location of the system, methods of retrieval, individuals permitted to retrieve records, and to specify the applicable NARA record retention schedule; 13. Administration, Technical and Physical Safeguards to detail the privacy-risk mitigating controls applicable to the system. VerDate Sep<11>2014 17:20 Apr 23, 2019 Jkt 247001 14. Additionally, this notice includes non-substantive changes to simplify and clarify the language, formatting, and text of the previously published notice to align with the requirements of Office of Management and Budget Memoranda A–108. This updated system, Vehicle Owner Questionnaire (VOQ) System, will be included in the Department of Transportation’s inventory of record systems. NHTSA routinely publishes VOQs without personally identifiable information (PII) on its public facing website. A critical piece of information included in a VOQ is the VIN. A VIN is coded information that a vehicle manufacturer assigns to each vehicle it produces. This code contains seventeen alphanumeric characters that provide information about the vehicle. The first eleven characters identify the manufacturer and various generic attributes of the vehicle, such as the make, model, model year, body style, engine type, wheel base, supplemental restraint system and production plant, etc. The last six characters are the number sequentially assigned by the manufacturer in the production process. This sequential number is the part of the VIN that identifies a specific vehicle such as build history, standard or optional equipment packages and service history (and makes it possible through a search of public records to determine the identity of the owner). Because the VIN provides significant data, a VIN is critical to NHTSA’s and a manufacturer’s assessment and evaluation of potential safety issues in motor vehicles. NHTSA publishes the first eleven characters of the seventeen characters of VIN because, without the last six characters, the VIN cannot be linked to an individual. The public, including vehicle equipment manufacturers, can view these complaints with the truncated VIN and access the general make, model, model year attributes of the vehicle. Without the full seventeen character VIN, a manufacturer is unable to identify the precise vehicle that has experienced a potential safety related defect. Without such information, a manufacturer is unable to learn of vehicle specific information and focus on or identify potential safety issues. The previously published SORN permitted NHTSA to share PII, including the full VIN, in VOQs with the manufacturer of the vehicle or equipment identified in a VOQ only after the agency has opened a formal investigation or a manufacturer has commenced a recall. In NHTSA’s view, providing manufacturers and other stakeholders earlier access to PII in PO 00000 Frm 00103 Fmt 4703 Sfmt 4703 VOQs is critical to improving highway safety because earlier access will help manufacturers to identify the specific vehicle and its attributes that is subject to the complaint and remedy safety defects and noncompliance issues in a more timely manner than under the previously published SORN. Modifying this routine use will permit NHTSA to share VOQs with manufacturers on a routine basis as soon as is practicable after receipt by the Agency. Sharing these records at an earlier stage than permitted under the previously published SORN is compatible with the original vehicle safety purposes of the system because it allows NHTSA to provide manufacturers with information necessary to definitively identify the build history, equipment options, and repair history of a vehicles identified in a VOQ, and to identify, investigate and work with NHTSA to remedy a potential safety defect, failure to comply with an FMVSS or recall administration, scope or remedy issue. To limit the potential privacy risks of sharing consumer contact information with manufacturer of the vehicles or equipment identified in the VOQ, NHTSA updated its collection instrument (see 2127–0008) to include explicit opt-out. Consumers who choose to opt-out will not have their information shared with the manufacturer of the vehicles or equipment identified in the VOQs unless the Agency opens an investigation or a recall is initiated. The Agency takes consumer privacy seriously and has included this new ‘‘opt out’’ feature in the VOQ form in order to provide consumers with additional control over their personal information. To enhance transparency, the ‘‘opt-out’’ appears in a prominent place in the electronic form maintained on the Department’s public website, and will be communicated to consumers by hotline operators at the end of each hotline call. If consumers, at the point and time of collection, either check an ‘‘opt out’’ box on the VOQ form or direct the hotline operator collecting their information over the telephone to do so, NHTSA will not share with manufacturers the personal information provided in response to VOQ questions unless the Agency opens up a defect investigation or a recall takes place. At that point, an existing routine use permits the Agency to share their VOQs with the manufacturer of the vehicles or equipment identified in the VOQs. In addition to the approximately 70,000 VOQs filed annually directly with NHTSA, the Agency also receives approximately 1500 letters per year E:\FR\FM\24APN1.SGM 24APN1 jbell on DSK30RV082PROD with NOTICES Federal Register / Vol. 84, No. 79 / Wednesday, April 24, 2019 / Notices from consumers or consumers’ Congressional representatives communicating vehicle and equipment concerns that the Agency may convert into VOQs. It is not practicable for NHTSA to provide this small subset of consumers with the opportunity to ‘‘opt out’’ of sharing their personal information with the manufacturer of the vehicles or equipment identified in their letters. For this reason, NHTSA will pursue a privacy-positive course of action and assign ‘‘opt-out’’ status to the VOQs generated from these letters. NHTSA will not share their personal information with the manufacturer of the vehicles or equipment identified in these letters unless the Agency opens a defect investigation or a recall is commenced. To further enhance transparency, NHTSA is adding a routine use concerning comments received in the free form narrative section of the web based VOQ form and VOQs received through the hotline. The publicly available VOQs are on NHTSA’s website, accessed through NHTSA.gov. As part of the online VOQ form, NHTSA has a free text narrative section that requests that the consumer ‘‘In your own words, tell us what happened.’’ NHTSA provides notice to the consumer that any text submitted will be made public without edits. Once the individual submits the online form, NHTSA publishes these comments without edit and other non-personal identifying information in the VOQ to NHTSA’s public website. In order to advise the public how NHTSA uses the narrative comments in a VOQ, NTHSA is establish a routine use this system of records. This routine use is compatible with the purpose of collection, which is to provide the public with information concerning potential safety related defects and noncompliance with a federal motor vehicle safety standard. Finally, NHTSA is replacing preexisting, generally-worded, routine use that permits NTHSA to share consumer complaints with ‘‘appropriate State or Federal agenc[ies] for actions involving matters of law or regulation beyond the responsibility’’ of NHSTA with three separate routine uses that specify the agencies with and purposes for which NHTSA shares information. This does not reflect a change in the types of disclosures NTSHA has or will make under the routine use, but is merely intended to provide clarity and transparency into how NHTSA shares information with other agencies. NHTSA also is updating its routine uses to permit disclosure to DHS when the consumer complaint evidences a potential cybersecurity vulnerability VerDate Sep<11>2014 17:20 Apr 23, 2019 Jkt 247001 impacting transportation critical infrastructure. These routine uses are compatible with the purpose of the collection as a ‘‘necessary and proper’’ use of the information, as discussed more below. Individuals who provide VOQ information to NHTSA do so because they are seeking Federal agency intervention to address a potential issue with their vehicle. When the potential issue relates to a matter outside of NHTSA’s jurisdiction, individuals may expect that NHTSA will share the information with the Federal agencies having jurisdiction for the matter. Thus, this routine use with compatible with the purpose of the collection, which is to identify, investigate and remedy potential safety defects. NHTSA is updating this Notice to include Departmental general routine uses previously incorporated by reference, to the extent that they are compatible with the purposes of this System. As recognized by the Office of Management and Budget (OMB) in its Privacy Act Implementation Guidance and Responsibilities (65 FR 19746, July 9, 1975), the routine uses include all proper and necessary uses of information in the system, even if such uses occur infrequently. NHTSA has included in this Notice general routine uses for disclosures to law enforcement when the record, on its face, indicates a violation of law, to DOJ for litigation purposes, or when necessary in investigating or responding to a breach of this system or other agencies’ systems. NHTSA must work with DOT to take appropriate action to address any apparent violations of the law, and to share information with legal counsel in the Department of Justice when necessary for litigation. OMB has long recognized that these types of routine uses are ‘‘proper and necessary’’ uses of information and qualify as compatible with agency systems. 65 FR 19476. In addition, by OMB Memorandum M–17– 12, OMB directed agencies to include routine uses that will permit sharing of information when needed to investigate, respond to, and mitigate a breach of a Federal information system. NHTSA also has included routine uses that permit sharing with the National Archives and Records Administration when necessary for an inspection, to any Federal government agency engaged in audit or oversight related to this system, or when DOT determines that the disclosure will detect, prevent, or mitigate terrorism activity. These types of disclosures are necessary and proper uses of information in this system because they further DOT’s obligation to fulfil its records management and PO 00000 Frm 00104 Fmt 4703 Sfmt 4703 17237 program management responsibilities by facilitating accountability to agencies charged with oversight in these areas, and the Department’s obligation under Intelligence Reform and Terrorism Prevention Act of 2004, Public Law 108–456, and Executive Order 13388 (Oct. 25, 2005) to share information necessary and relevant to detect, prevent, disrupt, preempt, or mitigate the effects of terrorist activities against the territory, people, and interests of the United States. Finally, this system includes a routine use to permit sharing with our contractors, consultants, experts, grantees, and others when necessary to fulfill a NHTSA function related to this System. Agencies routinely engage assistance of these types of individuals in the fulfillment of their duties, such as contract support necessary to maintain the database in which these records are housed. NHTSA relies on contract support to maintain this system, and disclosures for this purpose are compatible with the purpose of the collection. SYSTEM NAME AND NUMBER: Vehicle Owner Questionnaire System DOT/NHTSA 415. SECURITY CLASSIFICATION: Unclassified, Sensitive. SYSTEM LOCATION: Records are maintained at the Department of Transportation Headquarters, 1200 New Jersey Ave., Washington, DC 20590, and at the Federal disaster recovery facility in Stennis, MS. SYSTEM MANAGER(S): Stephen A. Ridella, Ph.D., Director, Office of Defects Investigation, National Highway Traffic Safety Administration, U.S. Department of Transportation, 1200 New Jersey Avenue SE, Washington, DC 20590, 202–366–4703, ODI_Privacy@ dot.gov. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: 49 U.S.C. 30116, 30118–22, 30166. PURPOSE OF THE SYSTEM: To assist NHTSA to identify, investigate and ensure that manufactures remedy, through recall, replacement or repair, potential safety defects and failures to comply with FMVSS in motor vehicles and items of motor vehicle equipment. To assist NHTSA to identify, investigate and ensure that manufactures remedy problems with the scope, administration, notification or remedy of a recall. For these purposes, NHTSA routinely retrieves VOQs by name or E:\FR\FM\24APN1.SGM 24APN1 17238 Federal Register / Vol. 84, No. 79 / Wednesday, April 24, 2019 / Notices assigned identifier to contact motor vehicle drivers or owners experiencing safety problems or witnesses and other individuals with information relevant to the agency’s investigative or remedial efforts. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Owners of motor vehicles and motor vehicle equipment, as well as users of leased motor vehicles and motor vehicle equipment, who have filed, or on whose behalf have been filed VOQs, or who send letters to the agency directly or through their representatives (e.g., advocates, attorneys or Congressmen) concerning motor vehicle safety. jbell on DSK30RV082PROD with NOTICES CATEGORIES OF RECORDS IN THE SYSTEM: The standard questionnaire format collects information that assists NHTSA to identify and identify potential defects, recall issues, and instances of noncompliance. The information submitted by or on behalf of an individual includes the following: • Vehicle identification number (VIN). • Make, model and year of relevant vehicle. • Part affected. • A narrative field that permits the individual to describe in his or her own words what happened. • Photographs/supporting documentation. • Date of incident. • Was there a crash. • Was there a fire. • Was there an injury or fatality. • Speed at time. • Number of miles on the vehicle. • First and last name. • Email address. • Street address. • Telephone/alt telephone number. Individuals may also submit supporting documentation with a questionnaire or letter. NHTSA does not control the data submitted in these records and it may include personal information. Supporting documentation includes: • Repair invoices. • Insurance claims. • Vehicle crash information. • Police accident reports. • Photographs and video image recordings of vehicles, parts, bodies or body parts. RECORD SOURCE CATEGORIES: Consumers, to include; vehicle owners, drivers of leased vehicles, and individuals or organizations submitting VOQs to NHTSA on their behalf. VerDate Sep<11>2014 17:20 Apr 23, 2019 Jkt 247001 ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the information contained in this system may be disclosed outside of DOT as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows: SYSTEM SPECIFIC ROUTINE USES: 1. To manufacturers prior to the initiation of a formal investigation by the Department, an entire VOQ information to respond to consumer complaints and research the cause of the complaint, except when consumers ‘‘opt out’’ of such sharing at the point and time of collection. Information from individuals who submit VOQs by means other than the NHTSA website will be treated as if the individual has opt-out; 2. To manufacturers, after the Agency opens an investigation, to allow them to investigate owner complaints and researching the root cause of the alleged problem; 3. To the National Transportation Safety Board (NTSB) an entire VOQ to support NTSB investigations of surface transportation incidents, highway accidents and incidents, including incidents at railway grade crossings; 4. To the Consumer Product Safety Commission (CPSC) an entire VOQ to support identification of violations and enforcement of consumer product safety laws; 5. To the Federal Trade Commission an entire VOQ in matters involving potential unfair or deceptive trade practices; 6. To the Department of Homeland Security (DHS) if the VOQ is indicative of a cybersecurity vulnerability impacting critical infrastructure; and 7. To members of the public through NHTSA.gov website, information included in the narrative portion of the form questionnaire. Individuals are notified at the time of the VOQ submission that all information provided in the narrative will be made publicly available without edit. DEPARTMENT GENERAL ROUTINE USES: The U.S. Department of Transportation has established general routine uses applicable to all systems maintained by DOT. The following DOT general routine uses apply to this system of records: 1. In the event that a system of records maintained by DOT to carry out its functions indicates a violation or potential violation of law, whether civil, criminal or regulatory in nature, and whether arising by general statute or PO 00000 Frm 00105 Fmt 4703 Sfmt 4703 particular program pursuant thereto, the relevant records in the system of records may be referred, as a routine use, to the appropriate agency, whether Federal, State, local or foreign, charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation, or order issued pursuant thereto. 2a. Routine Use for Disclosure for Use in Litigation. It shall be a routine use of the records in this system of records to disclose them to the Department of Justice or other Federal agency conducting litigation when— (a) DOT, or any agency thereof, or (b) Any employee of DOT or any agency thereof (including a member of the Coast Guard), in his/her official capacity, or (c) Any employee of DOT or any agency thereof (including a member of the Coast Guard), in his/her individual capacity where the Department of Justice has agreed to represent the employee, or (d) The United States or any agency thereof, where DOT determines that litigation is likely to affect the United States, is a party to litigation or has an interest in such litigation, and the use of such records by the Department of Justice or other Federal agency conducting the litigation is deemed by DOT to be relevant and necessary in the litigation, provided, however, that in each case, DOT determines that disclosure of the records in the litigation is a use of the information contained in the records that is compatible with the purpose for which the records were collected. 2b. Routine Use for Agency Disclosure in Other Proceedings. It shall be a routine use of records in this system to disclose them in proceedings before any court or adjudicative or administrative body before which DOT or any agency thereof, appears, when— (a) DOT, or any agency thereof, or (b) Any employee of DOT or any agency thereof (including a member of the Coast Guard) in his/her official capacity, or (c) Any employee of DOT or any agency thereof (including a member of the Coast Guard) in his/her individual capacity where DOT has agreed to represent the employee, or (d) The United States or any agency thereof, where DOT determines that the proceeding is likely to affect the United States, is a party to the proceeding or has an interest in such proceeding, and DOT determines that use of such records is relevant and necessary in the proceeding, provided, however, that in each case, DOT determines that E:\FR\FM\24APN1.SGM 24APN1 jbell on DSK30RV082PROD with NOTICES Federal Register / Vol. 84, No. 79 / Wednesday, April 24, 2019 / Notices disclosure of the records in the proceeding is a use of the information contained in the records that is compatible with the purpose for which the records were collected. 3. One or more records from a system of records may be disclosed routinely to the National Archives and Records Administration in records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906. 4. DOT may disclose records from this system, as a routine use, to appropriate agencies, entities, and persons when (1) DOT suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; (2) DOT has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by DOT or another agency or entity) that rely upon the compromised information; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DOT’s efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. 5. DOT may disclose records from this system, as a routine use, to the Office of Government Information Services for the purpose of (a) resolving disputes between FOIA requesters and Federal agencies and (b) reviewing agencies’ policies, procedures, and compliance in order to recommend policy changes to Congress and the President. 6. DOT may disclose records from this system, as a routine use, to contractors and their agents, experts, consultants, and others performing or working on a contract, service, cooperative agreement, or other assignment for DOT, when necessary to accomplish an agency function related to this system of records. 7. DOT may disclose records from this system, as a routine use, to an agency, organization, or individual for the purpose of performing audit or oversight operations related to this system of records, but only such records as are necessary and relevant to the audit or oversight activity. This routine use does not apply to intra-agency sharing authorized under Section (b)(1) of the Privacy Act. 8. DOT may disclose from this system, as a routine use, records consisting of, or relating to, terrorism information (6 U.S.C. 485(a)(5)), homeland security information (6 U.S.C. 482(f)(1)), or Law enforcement information (Guideline 2 VerDate Sep<11>2014 17:20 Apr 23, 2019 Jkt 247001 Report attached to White House Memorandum, ‘‘Information Sharing Environment, November 22, 2006) to a Federal, State, local, tribal, territorial, foreign government and/or multinational agency, either in response to its request or upon the initiative of the Component, for purposes of sharing such information as is necessary and relevant for the agencies to detect, prevent, disrupt, preempt, and mitigate the effects of terrorist activities against the territory, people, and interests of the United States of America, as contemplated by the Intelligence Reform and Terrorism Prevention Act of 2004 (Pub. L. 108–458) and Executive Order 13388 (October 25, 2005). POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Records are maintained in electronic systems and hard copy at DOT Headquarters, 1200 New Jersey Ave. SE, Washington, DC 20590 and at the Federal disaster recovery facility in Stennis, MS. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: NHTSA staff and agents routinely retrieve VOQs by consumer name or personal identifier. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: Pursuant to approved NARA Schedule N1–416–05–003 (Office of Defect Investigation Files), NHTSA: (1) Destroys VOQ information provided by consumers 15 years after receipt; (2) destroys investigation files, including any VOQs in the files, 15 years after the date of the resolution of an investigation when the investigation did not lead to a court decision; and (3) retains on a permanent basis investigation files, including any VOQs in the files, when an investigation leads to a court decision, but transfers legal custody of the files to NARA after 15 years. Original hard copy records collected from consumers and others are scanned into ARTEMIS and then destroyed. ADMINISTRATIVE, TECHNICAL AND PHYSICAL SAFEGUARDS: The VOQ system is protected by a multi-layer security approach to prevent unauthorized access to personally identifiable information through appropriate administrative, physical, and technical safeguards. Protective strategies include: Implementing physical access controls at DOT facilities; ensuring confidentiality of communications using tools such as encryption, authentication of sending parties, and compartmentalizing databases; and employing auditing PO 00000 Frm 00106 Fmt 4703 Sfmt 9990 17239 software and personnel screening to ensure that all personnel with access to data are screened through background investigations commensurate with the level of access required to perform their duties. Records maintained in hard copy are stored in locked file cabinets until they can be scanned and uploaded to ARTEMIS and subsequently destroyed. RECORD ACCESS PROCEDURES: An individual wishing to gain access to any record pertaining to him or her in the system should send his or her name, address, telephone number, and a description of the record(s) sought to the U.S. Department of Transportation, Privacy Act Officer, Office of the Chief Information Officer, 1200 New Jersey Avenue SE, Washington, DC 20590. CONTESTING RECORD PROCEDURES: An individual seeking to contest information contained in a record pertaining to him or her in this system should address written inquiries to the U.S. Department of Transportation, Privacy Act Officer, Office of the Chief Information Officer, 1200 New Jersey Avenue SE, Washington, DC 20590. Inquiries should include name, address, telephone number, and a description of the record and information being contested. NOTIFICATION PROCEDURES: An individual seeking to determine whether a record pertaining to him or her is contained in this system should address written inquiries to the U.S. Department of Transportation, Privacy Act Officer, Office of the Chief Information Officer, 1200 New Jersey Avenue SE, Washington, DC 20590. Inquiries should include name, address, telephone number, and identify the system that is the subject of the inquiry. EXEMPTIONS PROMULGATED FOR THE SYSTEM: None. HISTORY: The last full Federal Register Notice pertaining to this system that contained all SORN elements was published on September 3, 2004 (69 FR 53971– 53972). Issued in Washington, DC on April 18, 2019. Claire W. Barrett, Departmental Chief Privacy Officer, Department of Transportation. [FR Doc. 2019–08171 Filed 4–23–19; 8:45 am] BILLING CODE 4910–9X–P E:\FR\FM\24APN1.SGM 24APN1

Agencies

[Federal Register Volume 84, Number 79 (Wednesday, April 24, 2019)]
[Notices]
[Pages 17234-17239]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-08171]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

National Highway Traffic Safety Administration

[Docket No. DOT-OST-2019-0057]


Privacy Act of 1974; Department of Transportation, National 
Highway Traffic Safety Administration; DOT/NHTSA-415; Vehicle Owner 
Questionnaire (VOQ) System

AGENCY: National Highway Traffic Safety Administration, Department of 
Transportation.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the National 
Highway Traffic Safety Administration (NHTSA) proposes to update, 
reissue, and rename a previously published Department of Transportation 
(DOT) system of records titled, ``Department of Transportation--DOT/
NHTSA 415 Artemis/Vehicle Owner Complaint Information.'' This system of 
records allows NHTSA to collect and retain complaints, letters 
communicating vehicle or equipment concerns, and supporting 
documentation which may include photos, videos, police accident 
reports, repair invoices or medical information (collectively, 
``vehicle owner questionnaires'' or ``VOQs'') submitted by or on behalf 
of vehicle or equipment owners and lessees (consumers). NHTSA updated 
the notice with regards to: System Name to Vehicle Owner Questionnaire 
(VOQ) System to appropriately identify the specific records maintained 
in the Artemis system covered by the Privacy Act; System Location to 
include NHTSA's current address and the location of the

[[Page 17235]]

Federal disaster recovery facility in Stennis, MS; System Managers to 
update the name and contact information for the system's current points 
of contact; Authority for Maintenance of the System to reflect the 
system's underlying authority; Purposes to provide clarity and 
facilitate understanding of NHTSA investigation and recall processes; 
Categories of Records to provide greater clarity of the type of records 
and information included in the system; Record Source Categories to 
provide additional information about the mechanisms used by NHTSA for 
collecting records in the system; and Routine Uses to modify an 
existing routine use to permit sharing of records with manufacturers 
named in VOQs earlier in NHTSA's investigation and recall processes 
than permitted under the previously published system of records notice 
(SORN), unless a consumer ``opts-out'' at the time of collection, and 
to provide additional details and clarification about NTHSA referrals 
of complaints to other agencies; and Policies and Practices for 
Storage, Retrieval, Retention and Disposal of Records, respectively, to 
provide additional information about the location of the system, 
methods of retrieval, individuals permitted to retrieve records, and to 
specify the applicable NARA record retention schedule; Administration, 
Technical and Physical Safeguards to detail the privacy-risk mitigating 
controls applicable to the system. Additionally, this notice includes 
non-substantive changes to simplify and clarify the language, 
formatting, and text of the previously published notice to align with 
the requirements of Office of Management and Budget Memoranda A-108. 
This updated system, Vehicle Owner Questionnaire (VOQ) System, will be 
included in the Department of Transportation's inventory of record 
systems.

DATES: Written comments must be submitted on or before May 24, 2019. 
The modified system will be effective immediately with the exception of 
the modified routine use which will be effective May 24, 2019.

ADDRESSES: You may submit comments, identified by docket number DOT-
OST-2019-0057 by one of the following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: 202-493-2251.
     Mail: Department of Transportation Docket Management, Room 
W12-140, 1200 New Jersey Ave. SE, Washington, DC 20590.
    Instructions: You must include the agency name and docket number, 
DOT-OST-2019-0057. All comments received will be posted without change 
to http://www.regulations.gov, including any personal information 
provided.
    Privacy Act: In accordance with 5 U.S.C. 553(c), DOT solicits 
comments from the public to better inform its rulemaking process. DOT 
posts these comments, without edit, to www.regulations.gov. In order to 
facilitate comment tracking and response, we encourage commenters to 
provide their name, or the name of their organization; however, 
submission of names is completely optional. Whether or not commenters 
identify themselves, all timely comments will be fully considered. If 
you wish to provide comments containing proprietary or confidential 
information, please contact the agency for alternate submission 
instructions.
    Docket: For access to the docket to read background documents or 
comments received, go to https://www.regulations.gov or to the street 
address listed above. Follow the online instructions for accessing.

FOR FURTHER INFORMATION CONTACT: For system-related questions please 
contact Jeff Giuseppe (202-366-1605), [email protected], Associate 
Administrator, Enforcement, NHTSA, 1200 New Jersey Ave. SE, Washington, 
DC 20590. For privacy questions, please contact: Claire W. Barrett 
(202-366-8135), [email protected]. Departmental Chief Privacy Officer, 
Department of Transportation, 1200 New Jersey Ave. SE, Washington, DC 
20590.

SUPPLEMENTARY INFORMATION:

I. Background

    In accordance with the Privacy Act of 1974, NHTSA proposes to 
update, reissue, and rename a previously published DOT system of 
records titled, ``Department of Transportation--DOT/NHTSA 415 Artemis/
Vehicle Owner Complaint Information.'' The updated system of records 
consists of VOQs submitted by or on behalf of consumers.
    Under 49 U.S.C. Chapter 301, NHTSA Office of Defects Investigation 
(ODI), is responsible for identifying, investigating and ensuring the 
remedy, through safety recalls conducted by manufacturers, of safety-
related defects and non-compliance issues in motor vehicles and items 
of motor vehicle equipment. To accomplish this, ODI collects and 
evaluates information from several different sources: Consumers, motor 
vehicle and equipment manufacturers, State and local law enforcement, 
insurance companies, automobile dealers, advocacy groups, and other 
entities. Among the types of information collected by ODI are VOQs that 
can be submitted through NHTSA's website https://www.NHTSA.gov, through 
a telephone hotline where an operator inputs the consumer's information 
into an electronic form, or a hard copy form sent to NHSTA by mail. ODI 
also receives letters from consumers and their Congressional 
representatives communicating vehicle and equipment concerns that the 
Agency, in addition to or in place of the questionnaire form. This 
system enables NHTSA to facilitate the defect investigation and recall 
processes, which may include contacting consumers regarding their 
complaints or recalls affecting their vehicle. ODI relies on the 
Advanced Retrieval (Tire, Equipment, Motor Vehicles) Information System 
(ARTEMIS) to provide centralized storage, document management and data 
analysis tools for all information collected in support of the defect 
investigation process, including VOQs. NHTSA uses the information in 
this system to help the Agency identify, investigate and ensure that 
manufactures remedy, through recall, replacement or repair, (1) 
potential safety defects and failures to comply with Federal Motor 
Vehicle Safety Standards (FMVSS) in motor vehicles and items of motor 
vehicle equipment, and (2) problems with the scope, administration, 
notification or remedy of a recall. NHTSA also may use the email 
addresses and Vehicle Identification Numbers (VINs) collected, to 
contact consumers whose vehicles are the subject of VOQs, and to notify 
consumers via email of open recalls applicable to the vehicles or 
equipment referenced in their VOQs.
    Changes to the System Name, System Location, System Managers, 
Authority, Purpose, Categories of Individuals Covered by the System, 
Categories of Records in the System, Record Source Categories, Policies 
and Practices for Storage, Retrieval, Retention and Disposal of 
Records, and Safeguards improve transparency, but do not reflect 
substantive changes to the Notice. In particular, NHTSA's change to the 
System Name is intended to clarify for members of the public that only 
VOQs (as defined above) and not all documents stored in ARTEMIS, are 
part of the VOQ Privacy Act system of records that is the subject of 
this notice.
    Changes to the SORN include:
    1. System Name to Vehicle Owner Questionnaire (VOQ) System to 
appropriately identify the specific records maintained in the Artemis 
system covered by the Privacy Act;

[[Page 17236]]

    2. System Location to include NHTSA's current address and the 
location of the Federal disaster recovery facility in Stennis, MS;
    3. System Managers to update the name and contact information for 
the system's current points of contact;
    4. Authority for Maintenance of the System to reflect the system's 
underlying authority;
    5. Purposes to provide clarity and facilitate understanding of 
NHTSA investigation and recall processes;
    6. Categories of Records to provide greater clarity of the type of 
records and information included in the system;
    7. Record Source Categories to provide additional information about 
the mechanisms used by NHTSA for collecting records in the system;
    8. Routine Uses to modify an existing routine use to permit sharing 
of records with manufacturers named in VOQs earlier in NHTSA's 
investigation and recall processes than permitted under the previously 
published SORN, unless a consumer ``opts-out'' at the time of 
collection;
    9. Routine uses to replace a general routine use permitting NHTSA 
to refer complaints to other state or federal agencies with three 
separate routines uses specifying that NHTSA may share consumer 
complaints with the National Transportation Safety Board (NTSB) in 
connect with NTSB investigations of surface transportation incidents, 
and highway accidents and incidents including those at railway grade 
crossings; to the Consumer Product Safety Commission to support 
enforcement of consumer product safety laws; to the Federal Trade 
Commission in matters involving potential unfair or deceptive 
practices;
    10. Routine uses to add a routine use permitting NHTSA to share 
with the Department of Homeland Security consumer complaints indicative 
of a cybersecurity vulnerability impacting critical infrastructure;
    11. Routine Uses to remove internal uses of the information in the 
VOQ by ODI which are more appropriately addressed in the system's 
Purpose.
    12. Policies and Practices for Storage, Retrieval, Retention and 
Disposal of Records, respectively, to provide additional information 
about the location of the system, methods of retrieval, individuals 
permitted to retrieve records, and to specify the applicable NARA 
record retention schedule;
    13. Administration, Technical and Physical Safeguards to detail the 
privacy-risk mitigating controls applicable to the system.
    14. Additionally, this notice includes non-substantive changes to 
simplify and clarify the language, formatting, and text of the 
previously published notice to align with the requirements of Office of 
Management and Budget Memoranda A-108. This updated system, Vehicle 
Owner Questionnaire (VOQ) System, will be included in the Department of 
Transportation's inventory of record systems.
    NHTSA routinely publishes VOQs without personally identifiable 
information (PII) on its public facing website. A critical piece of 
information included in a VOQ is the VIN. A VIN is coded information 
that a vehicle manufacturer assigns to each vehicle it produces. This 
code contains seventeen alphanumeric characters that provide 
information about the vehicle. The first eleven characters identify the 
manufacturer and various generic attributes of the vehicle, such as the 
make, model, model year, body style, engine type, wheel base, 
supplemental restraint system and production plant, etc. The last six 
characters are the number sequentially assigned by the manufacturer in 
the production process. This sequential number is the part of the VIN 
that identifies a specific vehicle such as build history, standard or 
optional equipment packages and service history (and makes it possible 
through a search of public records to determine the identity of the 
owner). Because the VIN provides significant data, a VIN is critical to 
NHTSA's and a manufacturer's assessment and evaluation of potential 
safety issues in motor vehicles. NHTSA publishes the first eleven 
characters of the seventeen characters of VIN because, without the last 
six characters, the VIN cannot be linked to an individual. The public, 
including vehicle equipment manufacturers, can view these complaints 
with the truncated VIN and access the general make, model, model year 
attributes of the vehicle. Without the full seventeen character VIN, a 
manufacturer is unable to identify the precise vehicle that has 
experienced a potential safety related defect. Without such 
information, a manufacturer is unable to learn of vehicle specific 
information and focus on or identify potential safety issues.
    The previously published SORN permitted NHTSA to share PII, 
including the full VIN, in VOQs with the manufacturer of the vehicle or 
equipment identified in a VOQ only after the agency has opened a formal 
investigation or a manufacturer has commenced a recall. In NHTSA's 
view, providing manufacturers and other stakeholders earlier access to 
PII in VOQs is critical to improving highway safety because earlier 
access will help manufacturers to identify the specific vehicle and its 
attributes that is subject to the complaint and remedy safety defects 
and noncompliance issues in a more timely manner than under the 
previously published SORN. Modifying this routine use will permit NHTSA 
to share VOQs with manufacturers on a routine basis as soon as is 
practicable after receipt by the Agency. Sharing these records at an 
earlier stage than permitted under the previously published SORN is 
compatible with the original vehicle safety purposes of the system 
because it allows NHTSA to provide manufacturers with information 
necessary to definitively identify the build history, equipment 
options, and repair history of a vehicles identified in a VOQ, and to 
identify, investigate and work with NHTSA to remedy a potential safety 
defect, failure to comply with an FMVSS or recall administration, scope 
or remedy issue.
    To limit the potential privacy risks of sharing consumer contact 
information with manufacturer of the vehicles or equipment identified 
in the VOQ, NHTSA updated its collection instrument (see 2127-0008) to 
include explicit opt-out. Consumers who choose to opt-out will not have 
their information shared with the manufacturer of the vehicles or 
equipment identified in the VOQs unless the Agency opens an 
investigation or a recall is initiated. The Agency takes consumer 
privacy seriously and has included this new ``opt out'' feature in the 
VOQ form in order to provide consumers with additional control over 
their personal information. To enhance transparency, the ``opt-out'' 
appears in a prominent place in the electronic form maintained on the 
Department's public website, and will be communicated to consumers by 
hotline operators at the end of each hotline call. If consumers, at the 
point and time of collection, either check an ``opt out'' box on the 
VOQ form or direct the hotline operator collecting their information 
over the telephone to do so, NHTSA will not share with manufacturers 
the personal information provided in response to VOQ questions unless 
the Agency opens up a defect investigation or a recall takes place. At 
that point, an existing routine use permits the Agency to share their 
VOQs with the manufacturer of the vehicles or equipment identified in 
the VOQs. In addition to the approximately 70,000 VOQs filed annually 
directly with NHTSA, the Agency also receives approximately 1500 
letters per year

[[Page 17237]]

from consumers or consumers' Congressional representatives 
communicating vehicle and equipment concerns that the Agency may 
convert into VOQs. It is not practicable for NHTSA to provide this 
small subset of consumers with the opportunity to ``opt out'' of 
sharing their personal information with the manufacturer of the 
vehicles or equipment identified in their letters. For this reason, 
NHTSA will pursue a privacy-positive course of action and assign ``opt-
out'' status to the VOQs generated from these letters. NHTSA will not 
share their personal information with the manufacturer of the vehicles 
or equipment identified in these letters unless the Agency opens a 
defect investigation or a recall is commenced.
    To further enhance transparency, NHTSA is adding a routine use 
concerning comments received in the free form narrative section of the 
web based VOQ form and VOQs received through the hotline. The publicly 
available VOQs are on NHTSA's website, accessed through NHTSA.gov. As 
part of the online VOQ form, NHTSA has a free text narrative section 
that requests that the consumer ``In your own words, tell us what 
happened.'' NHTSA provides notice to the consumer that any text 
submitted will be made public without edits. Once the individual 
submits the online form, NHTSA publishes these comments without edit 
and other non-personal identifying information in the VOQ to NHTSA's 
public website. In order to advise the public how NHTSA uses the 
narrative comments in a VOQ, NTHSA is establish a routine use this 
system of records. This routine use is compatible with the purpose of 
collection, which is to provide the public with information concerning 
potential safety related defects and noncompliance with a federal motor 
vehicle safety standard.
    Finally, NHTSA is replacing pre-existing, generally-worded, routine 
use that permits NTHSA to share consumer complaints with ``appropriate 
State or Federal agenc[ies] for actions involving matters of law or 
regulation beyond the responsibility'' of NHSTA with three separate 
routine uses that specify the agencies with and purposes for which 
NHTSA shares information. This does not reflect a change in the types 
of disclosures NTSHA has or will make under the routine use, but is 
merely intended to provide clarity and transparency into how NHTSA 
shares information with other agencies. NHTSA also is updating its 
routine uses to permit disclosure to DHS when the consumer complaint 
evidences a potential cybersecurity vulnerability impacting 
transportation critical infrastructure. These routine uses are 
compatible with the purpose of the collection as a ``necessary and 
proper'' use of the information, as discussed more below. Individuals 
who provide VOQ information to NHTSA do so because they are seeking 
Federal agency intervention to address a potential issue with their 
vehicle. When the potential issue relates to a matter outside of 
NHTSA's jurisdiction, individuals may expect that NHTSA will share the 
information with the Federal agencies having jurisdiction for the 
matter. Thus, this routine use with compatible with the purpose of the 
collection, which is to identify, investigate and remedy potential 
safety defects.
    NHTSA is updating this Notice to include Departmental general 
routine uses previously incorporated by reference, to the extent that 
they are compatible with the purposes of this System. As recognized by 
the Office of Management and Budget (OMB) in its Privacy Act 
Implementation Guidance and Responsibilities (65 FR 19746, July 9, 
1975), the routine uses include all proper and necessary uses of 
information in the system, even if such uses occur infrequently. NHTSA 
has included in this Notice general routine uses for disclosures to law 
enforcement when the record, on its face, indicates a violation of law, 
to DOJ for litigation purposes, or when necessary in investigating or 
responding to a breach of this system or other agencies' systems. NHTSA 
must work with DOT to take appropriate action to address any apparent 
violations of the law, and to share information with legal counsel in 
the Department of Justice when necessary for litigation. OMB has long 
recognized that these types of routine uses are ``proper and 
necessary'' uses of information and qualify as compatible with agency 
systems. 65 FR 19476. In addition, by OMB Memorandum M-17-12, OMB 
directed agencies to include routine uses that will permit sharing of 
information when needed to investigate, respond to, and mitigate a 
breach of a Federal information system. NHTSA also has included routine 
uses that permit sharing with the National Archives and Records 
Administration when necessary for an inspection, to any Federal 
government agency engaged in audit or oversight related to this system, 
or when DOT determines that the disclosure will detect, prevent, or 
mitigate terrorism activity. These types of disclosures are necessary 
and proper uses of information in this system because they further 
DOT's obligation to fulfil its records management and program 
management responsibilities by facilitating accountability to agencies 
charged with oversight in these areas, and the Department's obligation 
under Intelligence Reform and Terrorism Prevention Act of 2004, Public 
Law 108-456, and Executive Order 13388 (Oct. 25, 2005) to share 
information necessary and relevant to detect, prevent, disrupt, 
preempt, or mitigate the effects of terrorist activities against the 
territory, people, and interests of the United States.
    Finally, this system includes a routine use to permit sharing with 
our contractors, consultants, experts, grantees, and others when 
necessary to fulfill a NHTSA function related to this System. Agencies 
routinely engage assistance of these types of individuals in the 
fulfillment of their duties, such as contract support necessary to 
maintain the database in which these records are housed. NHTSA relies 
on contract support to maintain this system, and disclosures for this 
purpose are compatible with the purpose of the collection.

System Name and Number:
    Vehicle Owner Questionnaire System DOT/NHTSA 415.

Security Classification:
    Unclassified, Sensitive.

System Location:
    Records are maintained at the Department of Transportation 
Headquarters, 1200 New Jersey Ave., Washington, DC 20590, and at the 
Federal disaster recovery facility in Stennis, MS.

System Manager(s):
    Stephen A. Ridella, Ph.D., Director, Office of Defects 
Investigation, National Highway Traffic Safety Administration, U.S. 
Department of Transportation, 1200 New Jersey Avenue SE, Washington, DC 
20590, 202-366-4703, [email protected].

Authority for Maintenance of the System:
    49 U.S.C. 30116, 30118-22, 30166.

Purpose of the System:
    To assist NHTSA to identify, investigate and ensure that 
manufactures remedy, through recall, replacement or repair, potential 
safety defects and failures to comply with FMVSS in motor vehicles and 
items of motor vehicle equipment. To assist NHTSA to identify, 
investigate and ensure that manufactures remedy problems with the 
scope, administration, notification or remedy of a recall. For these 
purposes, NHTSA routinely retrieves VOQs by name or

[[Page 17238]]

assigned identifier to contact motor vehicle drivers or owners 
experiencing safety problems or witnesses and other individuals with 
information relevant to the agency's investigative or remedial efforts.

Categories of Individuals Covered by the System:
    Owners of motor vehicles and motor vehicle equipment, as well as 
users of leased motor vehicles and motor vehicle equipment, who have 
filed, or on whose behalf have been filed VOQs, or who send letters to 
the agency directly or through their representatives (e.g., advocates, 
attorneys or Congressmen) concerning motor vehicle safety.

Categories of Records in the System:
    The standard questionnaire format collects information that assists 
NHTSA to identify and identify potential defects, recall issues, and 
instances of noncompliance. The information submitted by or on behalf 
of an individual includes the following:
     Vehicle identification number (VIN).
     Make, model and year of relevant vehicle.
     Part affected.
     A narrative field that permits the individual to describe 
in his or her own words what happened.
     Photographs/supporting documentation.
     Date of incident.
     Was there a crash.
     Was there a fire.
     Was there an injury or fatality.
     Speed at time.
     Number of miles on the vehicle.
     First and last name.
     Email address.
     Street address.
     Telephone/alt telephone number.
    Individuals may also submit supporting documentation with a 
questionnaire or letter. NHTSA does not control the data submitted in 
these records and it may include personal information. Supporting 
documentation includes:
     Repair invoices.
     Insurance claims.
     Vehicle crash information.
     Police accident reports.
     Photographs and video image recordings of vehicles, parts, 
bodies or body parts.

Record Source Categories:
    Consumers, to include; vehicle owners, drivers of leased vehicles, 
and individuals or organizations submitting VOQs to NHTSA on their 
behalf.

Routine Uses of Records Maintained in the System, Including Categories 
of Users and the Purposes of Such Uses:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the information 
contained in this system may be disclosed outside of DOT as a routine 
use pursuant to 5 U.S.C. 552a(b)(3) as follows:

System Specific Routine Uses:
    1. To manufacturers prior to the initiation of a formal 
investigation by the Department, an entire VOQ information to respond 
to consumer complaints and research the cause of the complaint, except 
when consumers ``opt out'' of such sharing at the point and time of 
collection. Information from individuals who submit VOQs by means other 
than the NHTSA website will be treated as if the individual has opt-
out;
    2. To manufacturers, after the Agency opens an investigation, to 
allow them to investigate owner complaints and researching the root 
cause of the alleged problem;
    3. To the National Transportation Safety Board (NTSB) an entire VOQ 
to support NTSB investigations of surface transportation incidents, 
highway accidents and incidents, including incidents at railway grade 
crossings;
    4. To the Consumer Product Safety Commission (CPSC) an entire VOQ 
to support identification of violations and enforcement of consumer 
product safety laws;
    5. To the Federal Trade Commission an entire VOQ in matters 
involving potential unfair or deceptive trade practices;
    6. To the Department of Homeland Security (DHS) if the VOQ is 
indicative of a cybersecurity vulnerability impacting critical 
infrastructure; and
    7. To members of the public through NHTSA.gov website, information 
included in the narrative portion of the form questionnaire. 
Individuals are notified at the time of the VOQ submission that all 
information provided in the narrative will be made publicly available 
without edit.

Department General Routine Uses:
    The U.S. Department of Transportation has established general 
routine uses applicable to all systems maintained by DOT. The following 
DOT general routine uses apply to this system of records:
    1. In the event that a system of records maintained by DOT to carry 
out its functions indicates a violation or potential violation of law, 
whether civil, criminal or regulatory in nature, and whether arising by 
general statute or particular program pursuant thereto, the relevant 
records in the system of records may be referred, as a routine use, to 
the appropriate agency, whether Federal, State, local or foreign, 
charged with the responsibility of investigating or prosecuting such 
violation or charged with enforcing or implementing the statute, or 
rule, regulation, or order issued pursuant thereto.
    2a. Routine Use for Disclosure for Use in Litigation. It shall be a 
routine use of the records in this system of records to disclose them 
to the Department of Justice or other Federal agency conducting 
litigation when--
    (a) DOT, or any agency thereof, or
    (b) Any employee of DOT or any agency thereof (including a member 
of the Coast Guard), in his/her official capacity, or
    (c) Any employee of DOT or any agency thereof (including a member 
of the Coast Guard), in his/her individual capacity where the 
Department of Justice has agreed to represent the employee, or
    (d) The United States or any agency thereof, where DOT determines 
that litigation is likely to affect the United States, is a party to 
litigation or has an interest in such litigation, and the use of such 
records by the Department of Justice or other Federal agency conducting 
the litigation is deemed by DOT to be relevant and necessary in the 
litigation, provided, however, that in each case, DOT determines that 
disclosure of the records in the litigation is a use of the information 
contained in the records that is compatible with the purpose for which 
the records were collected.
    2b. Routine Use for Agency Disclosure in Other Proceedings. It 
shall be a routine use of records in this system to disclose them in 
proceedings before any court or adjudicative or administrative body 
before which DOT or any agency thereof, appears, when--
    (a) DOT, or any agency thereof, or
    (b) Any employee of DOT or any agency thereof (including a member 
of the Coast Guard) in his/her official capacity, or
    (c) Any employee of DOT or any agency thereof (including a member 
of the Coast Guard) in his/her individual capacity where DOT has agreed 
to represent the employee, or
    (d) The United States or any agency thereof, where DOT determines 
that the proceeding is likely to affect the United States, is a party 
to the proceeding or has an interest in such proceeding, and DOT 
determines that use of such records is relevant and necessary in the 
proceeding, provided, however, that in each case, DOT determines that

[[Page 17239]]

disclosure of the records in the proceeding is a use of the information 
contained in the records that is compatible with the purpose for which 
the records were collected.
    3. One or more records from a system of records may be disclosed 
routinely to the National Archives and Records Administration in 
records management inspections being conducted under the authority of 
44 U.S.C. 2904 and 2906.
    4. DOT may disclose records from this system, as a routine use, to 
appropriate agencies, entities, and persons when (1) DOT suspects or 
has confirmed that the security or confidentiality of information in 
the system of records has been compromised; (2) DOT has determined that 
as a result of the suspected or confirmed compromise there is a risk of 
harm to economic or property interests, identity theft or fraud, or 
harm to the security or integrity of this system or other systems or 
programs (whether maintained by DOT or another agency or entity) that 
rely upon the compromised information; and (3) the disclosure made to 
such agencies, entities, and persons is reasonably necessary to assist 
in connection with DOT's efforts to respond to the suspected or 
confirmed compromise and prevent, minimize, or remedy such harm.
    5. DOT may disclose records from this system, as a routine use, to 
the Office of Government Information Services for the purpose of (a) 
resolving disputes between FOIA requesters and Federal agencies and (b) 
reviewing agencies' policies, procedures, and compliance in order to 
recommend policy changes to Congress and the President.
    6. DOT may disclose records from this system, as a routine use, to 
contractors and their agents, experts, consultants, and others 
performing or working on a contract, service, cooperative agreement, or 
other assignment for DOT, when necessary to accomplish an agency 
function related to this system of records.
    7. DOT may disclose records from this system, as a routine use, to 
an agency, organization, or individual for the purpose of performing 
audit or oversight operations related to this system of records, but 
only such records as are necessary and relevant to the audit or 
oversight activity. This routine use does not apply to intra-agency 
sharing authorized under Section (b)(1) of the Privacy Act.
    8. DOT may disclose from this system, as a routine use, records 
consisting of, or relating to, terrorism information (6 U.S.C. 
485(a)(5)), homeland security information (6 U.S.C. 482(f)(1)), or Law 
enforcement information (Guideline 2 Report attached to White House 
Memorandum, ``Information Sharing Environment, November 22, 2006) to a 
Federal, State, local, tribal, territorial, foreign government and/or 
multinational agency, either in response to its request or upon the 
initiative of the Component, for purposes of sharing such information 
as is necessary and relevant for the agencies to detect, prevent, 
disrupt, preempt, and mitigate the effects of terrorist activities 
against the territory, people, and interests of the United States of 
America, as contemplated by the Intelligence Reform and Terrorism 
Prevention Act of 2004 (Pub. L. 108-458) and Executive Order 13388 
(October 25, 2005).

Policies and Practices for Storage of Records:
    Records are maintained in electronic systems and hard copy at DOT 
Headquarters, 1200 New Jersey Ave. SE, Washington, DC 20590 and at the 
Federal disaster recovery facility in Stennis, MS.

Policies and Practices for Retrieval of Records:
    NHTSA staff and agents routinely retrieve VOQs by consumer name or 
personal identifier.

Policies and Practices for Retention and Disposal of Records:
    Pursuant to approved NARA Schedule N1-416-05-003 (Office of Defect 
Investigation Files), NHTSA: (1) Destroys VOQ information provided by 
consumers 15 years after receipt; (2) destroys investigation files, 
including any VOQs in the files, 15 years after the date of the 
resolution of an investigation when the investigation did not lead to a 
court decision; and (3) retains on a permanent basis investigation 
files, including any VOQs in the files, when an investigation leads to 
a court decision, but transfers legal custody of the files to NARA 
after 15 years. Original hard copy records collected from consumers and 
others are scanned into ARTEMIS and then destroyed.

Administrative, Technical and Physical Safeguards:
    The VOQ system is protected by a multi-layer security approach to 
prevent unauthorized access to personally identifiable information 
through appropriate administrative, physical, and technical safeguards. 
Protective strategies include: Implementing physical access controls at 
DOT facilities; ensuring confidentiality of communications using tools 
such as encryption, authentication of sending parties, and 
compartmentalizing databases; and employing auditing software and 
personnel screening to ensure that all personnel with access to data 
are screened through background investigations commensurate with the 
level of access required to perform their duties. Records maintained in 
hard copy are stored in locked file cabinets until they can be scanned 
and uploaded to ARTEMIS and subsequently destroyed.

Record Access Procedures:
    An individual wishing to gain access to any record pertaining to 
him or her in the system should send his or her name, address, 
telephone number, and a description of the record(s) sought to the U.S. 
Department of Transportation, Privacy Act Officer, Office of the Chief 
Information Officer, 1200 New Jersey Avenue SE, Washington, DC 20590.

Contesting Record Procedures:
    An individual seeking to contest information contained in a record 
pertaining to him or her in this system should address written 
inquiries to the U.S. Department of Transportation, Privacy Act 
Officer, Office of the Chief Information Officer, 1200 New Jersey 
Avenue SE, Washington, DC 20590. Inquiries should include name, 
address, telephone number, and a description of the record and 
information being contested.

Notification Procedures:
    An individual seeking to determine whether a record pertaining to 
him or her is contained in this system should address written inquiries 
to the U.S. Department of Transportation, Privacy Act Officer, Office 
of the Chief Information Officer, 1200 New Jersey Avenue SE, 
Washington, DC 20590. Inquiries should include name, address, telephone 
number, and identify the system that is the subject of the inquiry.

Exemptions Promulgated for the System:
    None.

History:
    The last full Federal Register Notice pertaining to this system 
that contained all SORN elements was published on September 3, 2004 (69 
FR 53971-53972).

    Issued in Washington, DC on April 18, 2019.
Claire W. Barrett,
Departmental Chief Privacy Officer, Department of Transportation.
[FR Doc. 2019-08171 Filed 4-23-19; 8:45 am]
 BILLING CODE 4910-9X-P