Privacy Act of 1974; System of Records, 90829-90832 [2024-26743]

Agencies

• Office of the Secretary
• Department of Transportaion

[Federal Register Volume 89, Number 222 (Monday, November 18, 2024)]
[Notices]
[Pages 90829-90832]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-26743]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTAION

Office of the Secretary

[Docket No. DOT-OST-2024-0003]


Privacy Act of 1974; System of Records

AGENCY: Office of the Departmental Chief Information Officer, Office of 
the Secretary of Transportation (DOT).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
Transportation (DOT), Office of the Secretary (OST), proposes to 
rename, update and reissue an existing system of records notice 
currently titled ``DOT/All 11, Integrated Personnel and Payroll System 
(IPPS).'' The name of this system of records notice will be changed to 
``DOT/ALL 11, Consolidated Automated System for Time and Labor Entry 
(CASTLE).'' The modified system of records notice (hereafter referred 
to as ``Notice'') uses records in this system for fiscal operations 
related to payroll, attendance, leave, insurance, taxes, retirement, 
budget, and cost accounting programs. This system is also used to 
control and facilitate payment of salaries to DOT employees.

DATES: Submit comments on or before December 18, 2024. The Department 
may publish an amended Systems of Records Notice considering any 
comments received. This modified system will be effective immediately 
upon publication. The routine uses will be effective December 18, 2024.

ADDRESSES: You may submit comments, identified by docket number DOT-
OST-2024-0003 by one of the following methods:
     Federal e-Rulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     Mail: Department of Transportation Docket Management, Room 
W12-140, 1200 New Jersey Ave. SE, Washington, DC 20590.
     Hand Delivery or Courier: West Building Ground Floor, Room 
W12-140, 1200 New Jersey Ave. SE, between 9 a.m. and 5 p.m. ET, Monday 
through Friday, except Federal holidays.
     Instructions: You must include the agency name and docket 
number DOT-OST-2024-0003.
     Instructions: You must include the agency name and docket 
number DOT-OST-2024-0003. All comments received will be posted without 
change to https://www.regulations.gov, including any personal 
information provided. You may review the Department of Transportation's 
complete Privacy Act statement in the Federal Register published on 
April 11, 2000 (65 FR 19477-78).
    Privacy Act: Anyone is able to search the electronic form of all 
comments received in any of our dockets by the name of the individual 
submitting the comment (or signing the comment, if submitted on behalf 
of an association, business, labor union, etc.).
    Docket: For access to the docket to read background documents or 
comments received, go to https://www.regulations.gov or to the street 
address listed above. Follow the online instructions for accessing the 
docket.

FOR FURTHER INFORMATION CONTACT: For questions, please contact Karyn 
Gorman, Departmental Chief Privacy Officer, Privacy Office, Department 
of Transportation, Washington, DC 20590; email: [email protected]; or 
202-366-3140.

SUPPLEMENTARY INFORMATION:

Notice Updates

    This Notice includes both substantive changes and non-substantive 
changes to the previously published Notice. The substantive changes 
have been made to the system name, system location, system manager, 
authority for maintenance of the system, purpose of the system, 
categories of individuals covered by the system, categories of records 
in the system, routine uses maintained in the system, policies and 
practices for storage of record, policies and practices for retrieval, 
retention and disposal of the records in the system, and 
administrative, technical, and physical safeguards. Non-substantive 
changes have been made to record access procedures and contesting 
record procedures as well as revisions to align with the requirements 
of Office of Management and Budget Memoranda (OMB) A-108 and to ensure 
consistency with other Notices issued by the Department of 
Transportation.

Background

    In accordance with the Privacy Act of 1974, the Department of 
Transportation proposes to modify and re-issue an existing system of 
records titled ``DOT/ALL 11, Integrated Personal and Payroll System, 
(IPPS)'' and change the name to ``Consolidated Automated System for 
Time and Labor Entry, (CASTLE).'' This system of records covers records 
collected and maintained for the purposes of fiscal operations related 
to payroll, attendance, leave, insurance, taxes, retirement, budget, 
and cost accounting programs. This system is also used to control and 
facilitate payment of salaries to DOT employees. The following 
substantive changes have been made to the Notice:
    1. System Name: This Notice updates the system name to 
``Consolidated Automated System for Time and Labor Entry, (CASTLE)'' 
from the previous system name of ``DOT/ALL 11, Integrated Personal and 
Payroll System, (IPPS)''. The update to the system name is to better 
align with the collection of personally identifiable information in the 
system and the purpose of the collection. This system is also used to 
facilitate payment of salaries of DOT employees.
    2. System Location: This Notice updates the system locations to 
notify

[[Page 90830]]

the public the location maintaining the system is changed for all of 
DOT and its Operating Administrations. The previous SORN had an 
outdated address and information listed as U.S. DOT, OST, 400 7th 
Street SW, Washington DC 20590 and additional information that no 
longer applies.
    3. System Manager: This Notice updates the system manager name and 
address to reflect the change in system owner and address. The previous 
address listed was U.S. DOT, 400 7th Street SW, Washington, DC 20590.
    4. Authority: This Notice updates the authorities of Maintenance of 
the System to expand and include relevant regulations to align with the 
collection of personally identifiable information and data in the 
system.
    5. Purpose: This Notice updates the purpose to better clarify the 
how records are used in the system and for what purpose.
    6. Categories of Individuals: This Notice updates categories of 
individuals to clearly define and identify who is covered by this 
system of records.
    7. Categories of Records: This Notice updates categories of records 
to better describe the type of records maintained in the system to 
include employee biographical and employment information, salary and 
benefits information, timekeeping information.
    8. Routine Uses: This Notice updates routine uses to include system 
specific routine uses that allows sharing between the DOT and the 
Department of Interior for payroll purposes. This notice also includes 
the Department of Transportation's general routine uses applicable to 
this system as they were previously only incorporated by reference. OMB 
Circular A-108 recommends that agencies include all routine uses in one 
notice rather than incorporating general routine uses by reference.
    9. Records Storage: This Notice updates policies and practices for 
the storage of records to inform the public that records are no longer 
stored on magnetic tape or disks, microfiche, and paper and now are 
digitized and input records are maintained on electronic storage media.
    10. Records Retrieval: This Notice updates the policies and 
practices for the retrieval of records to inform the public records may 
be retrieved by a combination of Social Security Number (SSN), employee 
ID number, organization code or home address.
    11. Retention and Disposal: This Notice updates the policies and 
practices for the retrieval of records to reflect updated NARA record 
schedules. The previous NARA record schedule no longer applies to the 
records in the system.
    12. Administrative, Technical, and Physical Safeguards: Updated to 
account for the agency's transition from paper to electronic 
recordkeeping and the Information Technology measures that are in place 
to protect the records.
    The following non-substantive changes have been made to the Notice:
    13. Record Access: This Notice updates the record access procedures 
to reflect signatures on signed requests for records must either be 
notarized or accompanied by a statement made under penalty of perjury 
in compliance with 28 U.S.C. 1746.

Privacy Act

    The Privacy Act (5 U.S.C. 552a) governs the means by which the 
Federal Government collects, maintains, and uses personally 
identifiable information (PII) in a System of Records. A ``System of 
Records'' is a group of any records under the control of a Federal 
agency from which information about individuals is retrieved by name or 
other personal identifier. The Privacy Act requires each agency to 
publish in the Federal Register a System of Records Notice (SORN) 
identifying and describing each System of Records the agency maintains, 
including the purposes for which the agency uses PII in the system, the 
routine uses for which the agency discloses such information outside 
the agency, and how individuals to whom a Privacy Act record pertains 
can exercise their rights under the Privacy Act (e.g., to determine if 
the system contains information about them and to contest inaccurate 
information). In accordance with 5 U.S.C. 552a(r), DOT has provided a 
report of this system of records to the Office of Management and Budget 
and to Congress.

SYSTEM NAME AND NUMBER:
    Department of Transportation, DOT/ALL 11, Consolidated Automated 
System for Time and Labor Entry (CASTLE).

SECURITY CLASSIFICATION:
    Sensitive, Unclassified.

SYSTEM LOCATION:
    Mike Monroney Aeronautical Center, 6500 South MacArthur Blvd., 
Oklahoma City, OK 73169.

SYSTEM MANAGER(S):
    Director of Financial Management, OST-B30, 1200 New Jersey Avenue 
SE, Washington, DC 20590.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    49 U.S.C. 322, 5 U.S.C. 5101, 5 U.S.C. 3512; and E.O. 9397 (SSN), 
as amended.

PURPOSE(S) OF THE SYSTEM:
    Records in this system are used for fiscal operations related to 
payroll, attendance, leave, insurance, taxes, retirement, budget, 
telework, remote work, employee offboarding and cost accounting 
programs. This system is also used to facilitate payment of salaries of 
DOT employees.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    All current and former U.S. DOT Federal employees and DOT 
components. This system may include limited information regarding 
employee family members, emergency contacts, and medical provider 
contact information.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Employee Biographical and Employment Information: Employee name, 
other names used, union and association affiliation, Social Security 
Number (SSN), records related to position, occupation, duty location, 
medical information, disability information, personal and/or work 
telephone number, personal and/or work email address, home mailing 
address, involuntary debt (garnishments or child support payments), 
employee common identifier (ECI), organization code, user 
identification and any other employment information. Family member 
information, emergency contact, and medical provider contact 
information. Salary and Benefits Information: Salary data, retirement 
fund data, retirement plan, tax data, deductions, health benefit 
enrollment code and deduction, union dues, flexible spending account 
deduction, Thrift Savings Plan deductions, pay plan, and award amount. 
Timekeeping Information: Time and attendance records and leave records. 
This system may also contain correspondence, documents and other 
relevant information required to administer payroll, leave, and related 
functions.

RECORD SOURCE CATEGORIES:
    Data are collected from individual employees, time and attendance 
clerks, supervisors, official personnel records, personal financial 
statements, correspondence with the debtor, records relating to 
hearings on the debt, and from the Departmental Accounting and 
Financial Information system of records.

[[Page 90831]]

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or portion of the records or 
information contained in this system may be disclosed outside of DOT as 
a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    System Specific Routine Uses:
    1. To the Department of Interior Federal Personnel and Payroll 
System (DOI FPPS) for the purpose of facilitating employee wage 
payments.
    Departmental Routine Uses:
    2. In the event that a system of records maintained by DOT to carry 
out its functions indicates a violation or potential violation of law, 
whether civil, criminal or regulatory in nature, and whether arising by 
general statute or particular program pursuant thereto, the relevant 
records in the system of records may be referred, as a routine use, to 
the appropriate agency, whether Federal, State, local or foreign, 
charged with the responsibility of investigating or prosecuting such 
violation or charged with enforcing or implementing the statute, or 
rule, regulation, or order issued pursuant thereto.
    3. A record from this system of records may be disclosed, as a 
routine use, to a Federal, State, or local agency maintaining civil, 
criminal, or other relevant enforcement information or other pertinent 
information, such as current licenses, if necessary to obtain 
information relevant to a DOT decision concerning the hiring or 
retention of an employee and/or the issuance of a security clearance.
    4a. Routine Use for Disclosure for Use in Litigation. It shall be a 
routine use of the records in this system of records to disclose them 
to the Department of Justice or other Federal agency conducting 
litigation when--
    (a) DOT, or any agency thereof, or
    (b) Any employee of DOT or any agency thereof, in his/her official 
capacity, or
    (c) Any employee of DOT or any agency thereof, in his/her 
individual capacity where the Department of Justice has agreed to 
represent the employee, or
    (d) The United States or any agency thereof, where DOT determines 
that litigation is likely to affect the United States, is a party to 
litigation or has an interest in such litigation, and the use of such 
records by the Department of Justice or other Federal agency conducting 
the litigation is deemed by DOT to be relevant and necessary in the 
litigation, provided, however, that in each case, DOT determines that 
disclosure of the records in the litigation is a use of the information 
contained in the records that is compatible with the purpose for which 
the records were collected.
    4b. Routine Use for Agency Disclosure in Other Proceedings. It 
shall be a routine use of records in this system to disclose them in 
proceedings before any court or adjudicative or administrative body 
before which DOT or any agency thereof, appears, when--
    (a) DOT, or any agency thereof, or
    (b) Any employee of DOT or any agency thereof in his/her official 
capacity, or
    (c) Any employee of DOT or any agency in his/her individual 
capacity where DOT has agreed to represent the employee, or
    (d) The United States or any agency thereof, where DOT determines 
that the proceeding is likely to affect the United States, is a party 
to the proceeding or has an interest in such proceeding, and DOT 
determines that use of such records is relevant and necessary in the 
proceeding, provided, however, that in each case, DOT determines that 
disclosure of the records in the proceeding is a use of the information 
contained in the records that is compatible with the purpose for which 
the records were collected.
    5. Disclosure may be made to a Congressional office from the record 
of an individual in response to an inquiry from the Congressional 
office made at the request of that individual. In such cases, however, 
the Congressional office does not have greater rights to records than 
the individual. Thus, the disclosure may be withheld from delivery to 
the individual where the file contains investigative or actual 
information or other materials which are being used, or are expected to 
be used, to support prosecution or fines against the individual for 
violations of a statute, or of regulations of the Department based on 
statutory authority. No such limitations apply to records requested for 
Congressional oversight or legislative purposes; release is authorized 
under 49 CFR 10.35(9).
    6. One or more records from a system of records may be disclosed 
routinely to the National Archives and Records Administration in 
records management inspections being conducted under the authority of 
44 U.S.C. 2904 and 2906.
    7a. To appropriate agencies, entities, and persons when (1) DOT 
suspects or has confirmed that there has been a breach of the system of 
records; (2) DOT has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, DOT (including 
its information systems, programs, and operations), the Federal (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with DOT's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    7b. To another Federal agency or Federal entity, when DOT 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach. resolving disputes between FOIA 
requesters and Federal agencies and reviewing agencies' policies, 
procedures, and compliance in order to recommend policy changes to 
Congress and the President.
    8. DOT may disclose records from this system, as a routine use, to 
an agency, organization, or individual for the purpose of performing 
audit or oversight operations related to this system of records, but 
only such records as are necessary and relevant to the audit or 
oversight activity. This routine use does not apply to intra-agency 
sharing authorized under Section (b)(1) of the Privacy Act.
    9. DOT may disclose from this system, as a routine use, records 
consisting of, or relating to, terrorism information (6 U.S.C. 
485(a)(5)), homeland security information (6 U.S.C. 482(f)(1)), or Law 
enforcement information (Guideline 2 Report attached to White House 
Memorandum, ``Information Sharing Environment, November 22, 2006) to a 
Federal, State, local, tribal, territorial, foreign government and/or 
multinational agency, either in response to its request or upon the 
initiative of the Component, for purposes of sharing such information 
as is necessary and relevant for the agencies to detect, prevent, 
disrupt, preempt, and mitigate the effects of terrorist activities 
against the territory, people, and interests of the United States of 
America, as contemplated by the Intelligence Reform and Terrorism 
Prevention Act of 2004 (Pub. L. 108-458) and Executive Order 13388 
(October 25, 2005).
    10. Disclosure pursuant to 5 U.S.C. 552a (b)(12). Disclosures may 
be made from this system to consumer reporting agencies as defined in 
the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal 
Claims Act of 1966 (31 U.S.C. 3701(a)(3)).

[[Page 90832]]

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Pre-existing paper and microfiche records were digitized. Input 
records are maintained digitally on electronic storage media in 
accordance with the safeguards below.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records can be retrieved by name, SSN, employee IDs, organizational 
code, home address, or a combination of the information listed in the 
categories of records.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records in the system are maintained in accordance with the 
following NARA's records retention and schedules: General Records 
Schedule (GRS) 2.3, Employee Relations Records, Item 10, Employee 
relations programs' administrative records, DAA-GRS-2018-0002-0001, 
Temporary. Destroy when 3 years old, but longer retention is authorized 
if required for business use; Item 40, Telework/alternate worksite 
program, DAA GRS-2018-0002-0004, Temporary. Destroy when 3 years old, 
but longer retention is authorized if required for business use. GRS 
2.4, Employee Compensation and Benefits Records, Item 10, Records used 
to calculate payroll, arrange paycheck deposit, and change previously 
issued paychecks, DAA-2018-0002-0001: Temporary. Destroy when 3 years 
old, but longer retention is authorized if required for business use. 
Item 30, Time and attendance records, DAAGRS-2019-0004-0002, Temporary, 
destroy when 3 years old, but longer retention is authorized if 
required for business use. Item 40, Agency payroll record for each pay 
period, DAA-GRS-2016-00015-0004, Destroy when 56 years old. GRS 4.2, 
Information Access, and Protection Records, Item 130, Personally 
identifiable information extracts, DAA-GRS-2013-0007-0012, Temporary. 
Destroy when 90 days old or no longer needed pursuant to supervisory 
authorization, whichever is appropriate.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Administrative Procedures: Access to the records is limited to 
person(s) responsible for servicing the records in performance of their 
official duties, who are properly screened, trained on policies and 
procedures, and cleared for need to-know. Personnel who access the 
system and its data must take security awareness training and sign a 
Rules of Behavior initially (prior to access) and, at least, annually 
thereafter. Technical: Regular monitoring of users and the system are 
implemented to ensure only authorized personnel have access to 
information in the system. Strict controls are in place to minimize the 
compromise of stored or accessed in the system. Physical: The system 
and the data are housed in secure data center.

RECORD ACCESS PROCEDURES:
    Individuals seeking access to records about themselves contained in 
this system should address inquiries to the System Manager at the 
address identified in ``System Manager and Address'' above. Request 
must be in writing, include SORN ID and name of this system of records 
notice, information on the Operating Administration-Department, 
specific date range and specific type of records seeking. Request must 
be signed by the requester, must be notarized as required by 28 U.S.C. 
1746 in the following format: If executed without the United States: 
``I declare (or certify, verify, or state) under penalty of perjury 
under the laws of the United States of America that the foregoing is 
true and correct. Executed on (date). (Signature)''. If executed within 
the United States, its territories, possessions, or commonwealths: ``I 
declare (or certify, verify, or state) under penalty of perjury that 
the foregoing is true and correct. Executed on (date). (Signature)''.

CONTESTING RECORD PROCEDURES:
    See ``Records Access Procedures'' above.

NOTIFICATION PROCEDURES:
    See ``Records Access Procedures'' above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    A full notice of this system of records, DOT/ALL 11, Integrated 
Personnel Payroll System, was published in the Federal Register on 
November 7, 2008 (73 FR 66285), April 11, 2000 (65 FR 19845).

    Issued in Washington, DC.
Karyn Gorman,
Chief Privacy Officer.
[FR Doc. 2024-26743 Filed 11-15-24; 8:45 am]
BILLING CODE 4910-9X-P