Privacy Act of 1974; System of Records, 73066-73070 [2022-25847]

Agencies

• DEPARTMENT OF TRANSPORTATION
• Office of the Secretary

[Federal Register Volume 87, Number 227 (Monday, November 28, 2022)]
[Notices]
[Pages 73066-73070]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-25847]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Office of the Secretary

[Docket No. DOT-OST-OST-2022-0131]


Privacy Act of 1974; System of Records

AGENCY: Office of the Departmental Chief Information Officer, Office of 
the Secretary of Transportation, DOT.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
Transportation (DOT) proposes to establish a new system of records 
(hereafter referred to as ``Notice'') titled, ``Department of 
Transportation, Federal Aviation Administration DOT/FAA 855 Science, 
Technology, Engineering, and Math (STEM) Aviation and Space Education 
(AVSED) Outreach Program.'' This system of records allows the Federal 
Aviation Administration (FAA) to collect, use, maintain, and 
disseminate the records needed for students, parents, teachers, and 
other similar educators to register for outreach events and contests 
that are hosted by the FAA. This includes collecting, using, 
maintaining, and disseminating information when complying with the 
Children's Online Privacy Protection Act of 1998 (COPPA), 15 U.S.C. 
6501-6506 (2001) requirement to obtain parental consent. Additionally, 
this system of records will provide FAA with a means to document 
participation, and completion of FAA outreach events and contests.

DATES: Submit comments on or before December 28, 2022. The Department

[[Page 73067]]

may publish an amended Systems of Records Notice considering any 
comments received. This new system will be effective immediately upon 
publication. The routine uses will be effective December 28, 2022.

ADDRESSES: You may submit comments, identified by docket number OST-
2022-0131 by any of the following methods:
     Federal e-Rulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     Mail: Docket Management Facility, U.S. Department of 
Transportation, 1200 New Jersey Ave. SE, West Building Ground Floor, 
Room W12-140, Washington, DC 20590-0001.
     Hand Delivery or Courier: West Building Ground Floor, Room 
W12-140, 1200 New Jersey Ave. SE, between 9 a.m. and 5 p.m. ET, Monday 
through Friday, except Federal Holidays.
     Fax: (202) 493-2251. Instructions: You must include the 
agency name and docket number OST-2022-0131. All comments received will 
be posted without change to https://www.regulations.gov, including any 
personal information provided.
    Privacy Act: Anyone is able to search the electronic form of all 
comments received in any of our dockets by the name of the individual 
submitting the comment (or signing the comment, if submitted on behalf 
of an association, business, labor union, etc.).
    Docket: For access to the docket to read background documents or 
comments received, go to https://www.regulations.gov or to the street 
address listed above. Follow the online instructions for accessing the 
docket.

FOR FURTHER INFORMATION CONTACT: For questions, please contact Karyn 
Gorman, Acting Departmental Chief Privacy Officer, Privacy Office, 
Department of Transportation, Washington, DC 20590; [email protected]; or 
202-366-3140.

SUPPLEMENTARY INFORMATION:

Background

    In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the DOT 
FAA proposes to issue a new system of records notice titled, ``DOT/FAA 
855 Science, Technology, Engineering, and Math (STEM) Aviation and 
Space Education (AVSED) Outreach Program.'' The STEM AVSED Program has 
been an integral part of FAA outreach and the national education system 
for decades. The program was established to expose students to aviation 
and aerospace careers and to promote STEM education and outreach 
events.
    One example of these outreach events is the recently established 
Airport Design Challenge (ADC). The ADC is a program that teaches 
children how to build an airport to FAA specifications using Minecraft 
gaming software as an online design platform. The program, like many of 
the FAA's STEM education and outreach programs, is open to children in 
grades K-12. In order to enter into an outreach event or contest, 
students, parents or legal guardians, teachers, and other similar 
educators need to create a user account, for themselves or for students 
they wish to register. The student's name, username, and password, 
grade category (kindergarten through 6th or 7th through 12th), email 
address, and country that the student resides in will be provided by 
student, parent, teachers or other similar educators. The parent or 
legal guardian of the minor student will provide the information and in 
addition to the child's information, provide their name, email address, 
home address, and phone number (optional).
    Some of STEM AVSED's outreach events, including the ADC, may 
involve collection of personal information from children; in these 
instances, the FAA collects additional information from parents and 
legal guardians in accordance with the Children's Online Privacy 
Protection Act of 1998 (COPPA), 15 U.S.C. 6501-6506 (2001). 
Specifically, under COPPA, parents or legal guardians of children under 
thirteen years of age must provide consent for the collection, use, or 
disclosure of the personal information of their children collected on 
FAA websites and other online services. To ensure parents are aware of 
and have control of information collected from their children, the FAA 
obtains verifiable parental consent from the child's parent prior to 
collecting any information online from the child. At times, to ensure 
full transparency, the FAA obtains verifiable parental consent for 
student users who are thirteen and over as well as those under 
thirteen.
    The FAA at times may use third party vendors to verify parents' 
identities and facilitate the process of obtaining parental consent. 
The third-party vendor's platform streamlines the consent process by 
using automated process to verify the identity of a person designated 
as the parent of any child enrolled in our program. The FAA will 
collect the parent's email address, student grade category 
(kindergarten through 6th or 7th through 12th), and country the child 
currently resides in, and provide the information to the third-party 
vendor. The third-party vendor will use the information provided to 
send the parent an email in order to confirm the identity of the 
parent/legal guardian and verify that the parent/legal guardian 
consents to the collection, use, or disclosure of the personal 
information of any child that they wish to enroll in the STEM AVSED 
Program. The third-party vendor will notify the FAA if verifiable 
parental consent is confirmed.
    Parents and legal guardians can opt out of having their identity 
verified by the third-party vendor. In those instances, the FAA will 
obtain the parent's or legal guardian's consent through a form that 
parents will print, sign, and then scan and email back to the FAA. No 
information in addition to what is referenced above will be collected.
    Once verifiable parental consent is confirmed, all students will 
complete the outreach event or contest in which they have selected to 
attend. However, this system of record will maintain records on contest 
completion, the students' placement in the contest, awards earned and/
or received, and certificate of completion.

Privacy Act

    The Privacy Act (5 U.S.C. 552a) governs the means by which the 
Federal Government collects, maintains, and uses personally 
identifiable information (PII) in a System of Records. A ``System of 
Records'' is a group of any records under the control of a Federal 
agency from which information about individuals is retrieved by name or 
other personal identifier. The Privacy Act requires each agency to 
publish in the Federal Register a System of Records Notice (SORN) 
identifying and describing each System of Records the agency maintains, 
including the purposes for which the agency uses PII in the system, the 
routine uses for which the agency discloses such information outside 
the agency, and how individuals to whom a Privacy Act record pertains 
can exercise their rights under the Privacy Act (e.g., to determine if 
the system contains information about them and to contest inaccurate 
information). In accordance with 5 U.S.C. 552a(r), DOT has provided a 
report of this system of records to the Office of Management and Budget 
and to Congress.

SYSTEM NAME AND NUMBER:
    Department of Transportation, Federal Aviation Administration, DOT/
FAA 855 Science, Technology, Engineering, and Math (STEM) Aviation and 
Space Education (AVSED) Outreach Program.

SECURITY CLASSIFICATION:
    Sensitive, unclassified

[[Page 73068]]

SYSTEM LOCATION(S):
    FAA Office of Human Resource Management (AHR) 1350 Duane Avenue 
Santa Clara, CA 95054. Blackboard Managed Hosting (BMH) facility in the 
Chantilly, VA backup site at Equinix, c/o Blackboard, Inc., 1350 Duane 
Avenue Santa Clara, CA 95054.

SYSTEM MANAGER(S):
    Office of Human Resource Management (AHR) 1350 Duane Avenue Santa 
Clara, CA 95054. Contact information for system manager is 
[email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Children's Online Privacy Protection Act of 1998 (COPPA), 15 U.S.C. 
6501-6506 (2001); Airport and Airway Development Act of 1970, Public 
Law 94-353; National and Community Service Act of 1990, 49 U.S.C. 
12501; and Title VI: Aviation Workforce of the FAA Reauthorization Act 
of 2018 (Pub. L. 115-254).

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system of record notice is for students, 
parents, teachers, and other similar educators to register students for 
outreach events and contests that are hosted or organized by the FAA; 
document participation, and completion of FAA outreach events and 
contest; and obtain verifiable parental consent so that the FAA 
complies with COPPA requirements.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system contains information on individuals and participants 
that are enrolled or wishing to participate in FAA contests and events, 
such as the Airport Design Challenge Contest, to include but are not 
limited to the students, parents, legal guardians, or teachers of minor 
children enrolled.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Categories of records include name, username and password, grade 
category (kindergarten through 6th or 7th through 12th), email address, 
student's country of residence, home address, and phone number 
(optional). In addition, course completions, grade (pass/fail), and 
certificate of completion will also be included in the categories of 
records.

RECORD SOURCE CATEGORIES:
    Sources of records includes students, parents, legal guardians, 
teachers or other similar educators and third-party vendors.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside of DOT 
FAA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    System Specific Routine Uses:
    1. The FAA will share the parent or legal guardian's email address, 
student grade category (kindergarten through 6th or 7th through 12th) 
and country that the student lives with any vendor performing 
verifiable parental consent. This information will be used to identify, 
verify, and obtain consent of the parent or legal guardian for their 
child to attend an educational program. If parents or legal guardians 
opt out of using the third-party vendor for this process, the FAA will 
not disclose their information to the third party vendor.
    2. To other individuals or organizations, including Federal, State, 
or local agencies, and nonprofit, educational, or private entities, who 
are participating in FAA STEM programs as necessary for the purpose of 
assisting FAA in the efficient administration of its program.
    3. To educational institutions or training providers as evidence of 
participation or successful completion, as needed to continue 
education.
    Departmental Routine Uses:
    4. In the event that a system of records maintained by DOT to carry 
out its functions indicates a violation or potential violation of law, 
whether civil, criminal or regulatory in nature, and whether arising by 
general statute or particular program pursuant thereto, the relevant 
records in the system of records may be referred, as a routine use, to 
the appropriate agency, whether Federal, State, local or foreign, 
charged with the responsibility of investigating or prosecuting such 
violation or charged with enforcing or implementing the statute, or 
rule, regulation, or order issued pursuant thereto.
    5. A record from this system of records may be disclosed, as a 
routine use, to a Federal, State, or local agency maintaining civil, 
criminal, or other relevant enforcement information or other pertinent 
information, such as current licenses, if necessary to obtain 
information relevant to a DOT decision concerning the hiring or 
retention of an employee, the issuance of a security clearance, the 
letting of a contract, or the issuance of a license, grant or other 
benefit.
    6. A record from this system of records may be disclosed, as a 
routine use, to a Federal agency, in response to its request, in 
connection with the hiring or retention of an employee, the issuance of 
a security clearance, the reporting of an investigation of an employee, 
the letting of a contract, or the issuance of a license, grant, or 
other benefit by the requesting agency, to the extent that the 
information is relevant and necessary to the requesting agency's 
decision on the matter.
    7a. Routine Use for Disclosure for Use in Litigation. It shall be a 
routine use of the records in this system of records to disclose them 
to the Department of Justice or other Federal agency conducting 
litigation when (a) DOT, or any agency thereof, or (b) Any employee of 
DOT or any agency thereof, in his/her official capacity, or (c) Any 
employee of DOT or any agency thereof, in his/her individual capacity 
where the Department of Justice has agreed to represent the employee, 
or (d) The United States or any agency thereof, where DOT determines 
that litigation is likely to affect the United States, is a party to 
litigation or has an interest in such litigation, and the use of such 
records by the Department of Justice or other Federal agency conducting 
the litigation is deemed by DOT to be relevant and necessary in the 
litigation, provided, however, that in each case, DOT determines that 
disclosure of the records in the litigation is a use of the information 
contained in the records that is compatible with the purpose for which 
the records were collected.
    7b. Routine Use for Agency Disclosure in Other Proceedings. It 
shall be a routine use of records in this system to disclose them in 
proceedings before any court or adjudicative or administrative body 
before which DOT or any agency thereof, appears, when (a) DOT, or any 
agency thereof, or (b) Any employee of DOT or any agency thereof in 
his/her official capacity, or (c) Any employee of DOT or any agency 
thereof in his/her individual capacity where DOT has agreed to 
represent the employee, or (d) The United States or any agency thereof, 
where DOT determines that the proceeding is likely to affect the United 
States, is a party to the proceeding or has an interest in such 
proceeding, and DOT determines that use of such records is relevant and 
necessary in the proceeding, provided, however, that in each case, DOT 
determines that disclosure of the records in the proceeding is a use of 
the information contained in the records that is compatible with the 
purpose for which the records were collected.
    8. The information contained in this system of records will be 
disclosed to the Office of Management and Budget,

[[Page 73069]]

OMB in connection with the review of private relief legislation as set 
forth in OMB Circular No. A-19 at any stage of the legislative 
coordination and clearance process as set forth in that Circular.
    9. Disclosure may be made to a Congressional office from the record 
of an individual in response to an inquiry from the Congressional 
office made at the request of that individual. In such cases, however, 
the Congressional office does not have greater rights to records than 
the individual. Thus, the disclosure may be withheld from delivery to 
the individual where the file contains investigative or actual 
information or other materials which are being used, or are expected to 
be used, to support prosecution or fines against the individual for 
violations of a statute, or of regulations of the Department based on 
statutory authority. No such limitations apply to records requested for 
Congressional oversight or legislative purposes; release is authorized 
under 49 CFR 10.35(9).
    10. One or more records from a system of records may be disclosed 
routinely to the National Archives and Records Administration in 
records management inspections being conducted under the authority of 
44 U.S.C. 2904 and 2906.
    11. DOT may make available to another agency or instrumentality of 
any government jurisdiction, including State and local governments, 
listings of names from any system of records in DOT for use in law 
enforcement activities, either civil or criminal, or to expose 
fraudulent claims, regardless of the stated purpose for the collection 
of the information in the system of records. These enforcement 
activities are generally referred to as matching programs because two 
lists of names are checked for match using automated assistance. This 
routine use is advisory in nature and does not offer unrestricted 
access to systems of records for such law enforcement and related 
antifraud activities. Each request will be considered on the basis of 
its purpose, merits, cost effectiveness and alternatives using 
Instructions on reporting computer matching programs to the Office of 
Management and Budget, OMB, Congress, and the public, published by the 
Director, OMB, dated September 20, 1989.
    12a. To appropriate agencies, entities, and persons when (1) DOT 
suspects or has confirmed that there has been a breach of the system of 
records; (2) DOT has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, DOT (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with DOT's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm.
    12b. To another Federal agency or Federal entity, when DOT 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    13. DOT may disclose records from this system, as a routine use, to 
the Office of Government Information Services for the purpose of (a) 
resolving disputes between FOIA requesters and Federal agencies and (b) 
reviewing agencies' policies, procedures, and compliance in order to 
recommend policy changes to Congress and the President.
    14. DOT may disclose records from this system, as a routine use, to 
contractors and their agents, experts, consultants, and others 
performing or working on a contract, service, cooperative agreement, or 
other assignment for DOT, when necessary to accomplish an agency 
function related to this system of records.
    15. DOT may disclose records from this system, as a routine use, to 
an agency, organization, or individual for the purpose of performing 
audit or oversight operations related to this system of records, but 
only such records as are necessary and relevant to the audit or 
oversight activity. This routine use does not apply to intra-agency 
sharing authorized under Section (b)(1) of the Privacy Act.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored in a hard copy format and electronically in 
databases.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are primarily retrievable by name and email address.

POLICIES AND PRACTICE FOR RETENTION AND DISPOSAL OF RECORDS:
    Personal information collected by FAA for the purpose of 
participating in contests and outreach events are maintained only as 
long as necessary for participation in and administration of the 
outreach activity. Student, parent or legal guardian, or teacher 
account registration information is maintained in accordance with 
National Archives and Records Administration (NARA) General Records 
Schedules (GRS) 6.5 item 20 (DAA-GRS-2017-0002-0002) and is destroyed 
after six months after account inactivity. Other information collected 
for participation in an outreach program is maintained in accordance 
with NARA schedule GRS 5.2 item 10 (DAA-GRS-2017-0003-0001). These 
records are typically destroyed no more than 90 days after the 
conclusion of the outreach program. Information collected from children 
may be deleted at the request of their parent or guardian. 
Additionally, the FAA is developing a new records retention and 
disposition schedule for STEM AVSED Program de-identified statistical 
records. FAA proposes to maintain these records for 10 years. The new 
records retention and disposition schedule is pending approval of NARA, 
and FAA will maintain the records indefinitely until NARA's approval.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records in this system are safeguarded in accordance with 
applicable rules and policies, including all applicable DOT FAA 
automated systems security and access policies. Strict controls have 
been imposed to minimize the risk of compromising the information that 
is being stored. Access to the computer system containing the records 
in this system is limited to individuals who have a need to know the 
information for the performance of their official duties and who have 
appropriate clearances or permissions.

RECORD ACCESS PROCEDURES:
    Individuals seeking notification of whether this system of records 
contains information about them may contact the System Manager at the 
address provided in the section ``System Manager''. When seeking 
records about yourself from this system of records or any other 
Departmental system of records your request must conform to the Privacy 
Act regulations set forth in 49 CFR part 10. You must sign your request 
and your signature must either be notarized or submitted under 28 
U.S.C. 1746, a law that permits statements to be made under penalty of 
perjury as a substitute for notarization. If your request is seeking 
records pertaining to another living individual, you must include a 
statement from that individual certifying his/her agreement for you to 
access his/her records.

[[Page 73070]]

CONTESTING RECORDS PROCEDURE:
    See ``Record Access Procedures'' above.

NOTIFICATION PROCEDURE:
    See ``Record Access Procedures'' above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

    Issued in Washington, DC.
Karyn Gorman,
Acting Chief Privacy Officer.
[FR Doc. 2022-25847 Filed 11-25-22; 8:45 am]
BILLING CODE P