Privacy Act of 1974; Department of Transportation, Federal Motor Carrier Safety Administration (FMCSA) 007 Pre-Employment Screening Program

Federal Register, Volume 77 Issue 139 (Thursday, July 19, 2012)

Federal Register Volume 77, Number 139 (Thursday, July 19, 2012)

Notices

Pages 42548-42552

From the Federal Register Online via the Government Printing Office www.gpo.gov

FR Doc No: 2012-17597

-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Federal Motor Carrier Safety Administration

Docket No. FMCSA-2012-0243

Privacy Act of 1974; Department of Transportation, Federal Motor Carrier Safety Administration (FMCSA) 007 Pre-Employment Screening Program

AGENCY: Federal Motor Carrier Safety Administration (FMCSA) Department of Transportation (DOT).

ACTION: Notice to amend a system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of Transportation proposes to update and reissue a Department of Transportation system of records notice titled Department of Transportation/Federal Motor Carrier Safety Administration--007 Pre-

Employment Screening Program. The updated system of records consists of information that is created and used by the Department's Pre-Employment Screening program to provide commercial drivers and persons conducting pre-employment screening services for the motor carrier industry electronic access to driver history reports extracted from the Department's Motor Carrier Management Information System (MCMIS).

As a result of biennial review of this system, the Privacy Office has made the five major modifications to the systems of records. The category of records identified as ``Financial Transaction Records'' in the previously published System of Records Notice for this system has been removed as the Department does not maintain these records. The ``Access Transaction Records'' record category also has been revised to clarify the types of information maintained about the two categories of users permitted to request access to records for the purposes of pre-

employment screening. The routine uses have been updated to clarify disclosure of Pre-Employment Screening Program (PSP) records to industry service providers directly involved in the hiring of commercial motor vehicle (CMV) drivers on behalf of motor carriers and/

or CMV drivers and the routine use concerning the sharing of CMV driver access transaction records with Validation Authorities (e.g. Lexis-

Nexis). The system owner information has been modified to omit the contact information for the MCMIS and Freedom of Information Act systems of records and, instead, include only contact information for the PSP system

Page 42549

of records. Additionally, this Notice includes non-substantive changes to simplify the formatting and text of the previously published Notice. This updated system will be included in the Department of Transportation's inventory of record systems.

DATES: Effective August 21, 2012. Written comments should be submitted on or before the effective date. If no comments are received, the proposal will become effective on the above date. If comments are received, the comments will be considered and, where adopted, the documents will be republished with changes.

ADDRESSES: You may submit comments, identified by Docket No. FMCSA-

2012-0243 by one of the following methods:

squf Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.

squf Mail: Department of Transportation Docket Management, Room W12-140, 1200 New Jersey Ave. SE. Washington, DC 20590.

squf Instructions: All submissions received must include the agency name and docket number for this rulemaking. All comments received will be posted without change to www.regulations.gov, including any personal information provided.

squf Docket: For access to the docket to read background documents or comments received go to www.regulations.gov. Follow the online instructions for accessing the docket.

squf Fax: 202-493-2251. Instructions: You must include the agency name and Docket Number FMCSA-2012-0243. All comments received will be posted without change to http://www.regulations.gov, including any personal information provided.

Privacy Act: Anyone is able to search the electronic form of all comments received in any of our dockets by the name of the individual submitting the comment (or signing the comment, if submitted on behalf of an association, business, labor union, etc.). You may review DOT's Privacy Act notice in the Federal Register published on January 17, 2008 (73 FR 3316-3317), or you may visit www.dot.gov/privacy.

Docket: For access to the docket to read background documents or comments received, go to http://www.regulations.gov or to the street address listed above. Follow the online instructions for accessing the docket.

FOR FURTHER INFORMATION CONTACT: For general questions, please contact: Arlene Thompson, (202) 366-2094, Arlene.Thompson@dot.gov. For privacy issues please contact: Claire W. Barrett, Departmental Chief Privacy Officer, Privacy Office, Department of Transportation, Washington, DC 20590; privacy@dot.gov; or (202) 527-3284.

SUPPLEMENTARY INFORMATION: In accordance with the Privacy Act of 1974, the Department of Transportation (DOT)/Federal Motor Carrier Administration (FMCSA or Administration) proposes to update and reissue a current DOT system of records notice titled, ``Department of Transportation/Federal Motor Carrier Safety Administration--007 Pre-

Employment Screening Program.'' The FMCSA's primary mission is to prevent commercial motor vehicle-related fatalities and injuries. The FMCSA contributes to safe motor carrier operations through strong enforcement of safety regulations; targeting high-risk carriers and commercial motor vehicle drivers; improving safety information systems and commercial motor vehicle technologies; strengthening commercial motor vehicle equipment and operating standards; and increasing safety awareness. To accomplish these activities, the FMCSA works with Federal, State, and local enforcement agencies, the motor carrier industry, labor safety interest groups, and others.

This system of records is used to satisfy requirements mandated by Congress in the Safe, Accountable, Flexible, Efficient Transportation Equity Act: A Legacy for Users, 49 U.S.C. 31150, Public Law 109-59, Section 4117. FMCSA believes that making this driver data available to potential employers and operator-applicants will improve the quality of safety data and help employers make more informed decisions when hiring commercial drivers. The PSP is a screening tool that allows motor carriers and individual drivers to purchase driving records from the FMCSA MCMIS system. A record purchased through PSP contains the most recent five years of crash data and the most recent three years of roadside inspection data, including serious safety violations for an individual driver. The record displays a snapshot in time, based on the most recent MCMIS data extract loaded into the PSP system.

This SORN makes four primary changes to the existing system of records. It removes an existing category of records, clarifies the information maintained in the ``Access Transaction Records,'' adds a new routine use, and clarifies an existing routine use. The category of records has been revised to exclude the category of ``Financial Transaction Records'' as this information is maintained exclusively by DOT's PSP Service Provider and these records are not considered federal records under the stewardship of the DOT. The ``Access Transaction Records'' record category was revised to clarify that information is maintained on the two categories of users permitted to request access to records for the purposes of pre-employment screening. In addition to transactions initiated by motor carriers, the record will include information on transactions initiated by industry service providers as authorized by the routine use added as part of this system of records notice. The category of records more clearly states the information maintained on requests initiated by operator-applicant requesting his or her own PSP record. This information establishes a record of account access to ensure that operator-applicants only access their own information. These changes have been made to more clearly reflect existing FMCSA processes and do not introduce changes in actual operations.

The routine uses have been updated to permit disclosure of PSP records to industry service providers directly involved in the hiring of commercial motor vehicle (CMV) drivers on behalf of motor carriers and/or CMV drivers. This change reflects motor carrier business models which may include the use of industry service providers to directly hire commercial motor vehicle drivers on behalf of motor carriers. Additionally, the routine use concerning the sharing of CMV driver Access Transaction Records with Validation Authorities (e.g. Lexis-

Nexis) was clarified by removing information incorrectly included in the routine use that should be discussed in the Notice's categories of information.

The system owner information has been modified to include only contact information for the PSP system of records and no longer included information for the MCMIS and Freedom of Information Act (FOIA) systems, which are separate and distinct system of records. The complete system of records notices for these systems may be found at www.dot.gov/privacy.

FMCSA plans to introduce PSP Mobile iOS Application as an alternative means of providing information available through the PSP Web site to the authorized users. FMCSA does not require individuals to register or provide any PII as a condition of downloading PSP iOS application. Individuals downloading the PSP iOS application must fulfill Apple's registration requirements prior to downloading the application. Apple does not provide FMCSA any PII of individuals who download the PSP iOS application from its site. Requesters seeking information on CMV drivers

Page 42550

through the PSP iOS mobile application can only access PSP records using the same authorization process and data elements described in this System of Records Notice.

This updated system will be included in DOT's inventory of record systems.

SYSTEM NUMBER:

DOT/FMCSA 007.

SYSTEM NAME:

Department of Transportation Federal Motor Carrier Safety Administration Pre-Employment Screening Program.

SECURITY CLASSIFICATION:

Unclassified, Sensitive.

SYSTEM LOCATION:

Records are maintained at the DOT Service Provider sites managed by AT&T in Ashburn, VA and Allen, TX.

CATETORIES OF INDIVIDUALS COVERED BY THE SYSTEM OF RECORDS:

PSP records will include personally identifiable information (PII) pertaining to Commercial Motor Vehicle (CMV) drivers, as defined by 49 CFR 390.5, (referred to in this system of records notice as operator-

applicants). PSP will also include access transaction records. For CMV drivers, this will include personal information submitted by the CMV driver to access his or her personal PSP record. For motor carriers or authorized industry service provider, Access Transaction Records will include the unique username and password submitted by the user to access the PSP system and the CMV driver information submitted by the motor carrier or authorized industry service provider to retrieve a PSP record.

CATEGORIES OF RECORDS:

Categories of records in this system include:

CMV crash and inspection records. Data extract from the FMCSA Motor Carrier Management Information System (MCMIS) containing the most recent five years' crash data and the most recent three years' inspection information for operator-applicants including:

squf CMV driver name (last, first)

squf CMV driver date of birth

squf CMV driver license number

squf CMV driver license State

Access transaction records. In the case of a motor carrier or industry service provider accessing a CMV driver's PSP record, transaction records include information about the subject of the electronic record request including:

squf CMV driver name (last, first, middle initial)

squf CMV driver date of birth

squf CMV driver license number

squf CMV driver license State

Access Transaction Records also include information about the motor carrier or industry service provider accessing the record including:

squf User unique system username

squf User unique system password

In the case of an operator-applicant requesting his or her own PSP record, the Access Transaction Record will include:

squf CMV driver name (last, first, middle initial)

squf CMV driver date of birth

squf CMV driver license number

squf CMV driver license State

squf CMV driver address.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

49 U.S.C. 31150, as added by section 4117 of Public Law 109-59 Safe, Accountable, Flexible, Efficient Transportation Equity Act: A Legacy for Users (SAFETEA-LU).

PURPOSE(S):

The purpose of this system is to make CMV crash and inspection records available to authorized operator-applicants, authorized industry service providers, and authorized motor carriers. Records maintained in the system will also support operational management of the PSP program.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PRUPOSES OF USE:

In addition to those disclosures generally permitted under Section (b) of the Privacy Act, 5 U.S.C. 552a(b), all or a portion of the records or information contained in this system may be disclosed outside of DOT as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

1. To authorized industry service providers and motor carriers as part of the operator-applicant's PSP record; authorized industry service providers and motor carriers may use PSP records only for purposes of pre-employment safety screening of operator-applicants and must have the operator-applicant's consent to access the PSP record;

2. To the DOT Validation Authority (e.g., Lexis-Nexis) to verify and validate the presented identity of the individual operator-

   applicant requesting access to his or her own inspection and crash data.

3. Other possible routine uses of the information, applicable to all DOT Privacy Act systems of records, are published in the Federal Register at 75 FR 82132, December 29, 2010, under ``Prefatory Statement of General Routine Uses'' (available at http://www.dot.gov/privacy/privacyactnotices).

   DISCLOSURE TO CONSUMER REPORTING AGENCIES:

   None.

   POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS:

   STORAGE:

   Records in this system are stored electronically or on paper in secure facilities. Electronic records may be stored on magnetic disc, tape, digital media, and CD-ROM. Any paper records received or required for purposes of processing data requests will be stored in secure file folders at the DOT Service Provider's secure storage facility.

   RETRIEVABILITY:

   Records will be retrieved by using the operator-applicant's last name, date of birth, license number, and license State.

   SAFEGUARDS:

   All records in the system will be protected from unauthorized access through appropriate administrative, physical, and technical safeguards. Electronic files will be stored in a database secured by password security, encryption, firewalls, and secured operating systems, to which only authorized Service Provider or DOT/FMCSA personnel will have access, on a need-to-know basis. Paper files will be stored in file cabinets in a locked file room to which only the authorized Service Provider and DOT/FMCSA personnel will have access, on a need-to-know basis. All access to the electronic system and paper files will be logged and monitored. All PII data elements will be encrypted in the PSP system.

   The Service Provider will be subject to routine audits of the PSP program by FMCSA to ensure compliance with the Privacy Act, applicable sections of the Fair Credit Reporting Act and other applicable Federal laws, regulations, or other requirements.

   Access by external users (operator-applicants, authorized industry service providers and motor carriers) will be restricted within the system based upon the user's role as an authorized industry service provider, motor carrier, or validated operator-applicant. An authorized industry service provider or motor carrier is an entity or person who has been provided a unique user identification and password and must use the unique identification and password to access data in PSP. External users will be able to query the CMV

   Page 42551

   crash and inspection database only. The Service Provider will provide users with an advisory statement that authorized industry service providers and motor carriers could be subject to criminal penalties and other sanctions under 18 U.S.C. 1001 for misuse of the PSP system.

   In order for an authorized industry service provider or motor carrier to receive an individual operator-applicant's crash and inspection data, the authorized industry service provider or motor carrier must certify, for each request, under penalty of perjury, that the request is for pre-employment purposes only and that written or electronic consent of the operator-applicant has been obtained. Upon completion of certification, the Service Provider will provide the individual operator-applicant data to the industry service provider or motor carrier via the secure PSP Web site. The authorized industry service provider or motor carrier will access this individual's information by entering a unique identification username and password. Authorized industry service providers or motor carriers will be required to maintain each operator-applicant's signed, written consent form or electronic signature for five years. Authorized industry service providers or motor carriers are subject to random audits by DOT to ensure that written or electronic consent of operator-applicants was obtained.

   The PSP system also allows validated operator-applicants to access their own crash and inspection data upon written or electronic request. Upon receipt of an operator-applicant's request, the Service Provider will validate the identity of the requestor (operator-applicant) by using his or her full name, date of birth, driver license number, driver license State and current address against a validation authority.

   The contractor and FMCSA have established an ongoing, random-

   selection audit process to monitor compliance with the written consent obligation. The audit requirements and penalties process is incorporated by reference as part of the contract between FMCSA and the contractor. The purpose of the audit requirements and penalties process is to ensure that the account holder obtains a driver-signed consent form prior to completing a PSP driver record inquiry in accordance with the Fair Credit Reporting Act, 15 U.S.C. 1681 et seq., and 49 U.S.C. 31150. The contractor will penalize an account holder, who fails to comply with the audit requirements. Based on the nature and frequency of these violations, the contractor may send a written warning, suspend, or terminate the account holder from the PSP.

   Individuals who access the PSP system via the iOS application are subject to the privacy policy integrated in the application.

   RETENTION AND DISPOSAL:

1. CMV crash and inspection records: Pursuant to General Records Schedule (GRS) 20 (``Electronic Records,'' February 2008, see http://www.archives.gov/records-mgmt/ardor/grs20.html), governing extract files, each monthly MCMIS extract in PSP is deleted approximately three months after being superseded by a current MCMIS extract, unless needed longer for administrative, legal, audit or other operational purposes.

2. Access Transaction Records: Pursuant to GRS 24, ``Information Technology Operations and Management Records,'' Item 6, April 2010, see http://www.archives.gov/records-mgmt/grs/grs24.html) Access Transaction Records are retained for a period of five years.

   SYSTEM MANAGER CONTACT INFORMATION:

   PSP System Manager: Office of Information Technology; Federal Motor Carrier Safety Administration; U.S. Department of Transportation; 1200 New Jersey Avenue SE., W65-319; Washington, DC 20590.

   NOTIFICATION PROCEDURE:

   Operator-applicants wishing to know if their inspection and crash records appear in this system may directly access the PSP system or make a request in writing to the PSP System Manager identified under ``System Manager Contact Information.''

   Individual operator-applicants wishing to know if their Access Transaction Records appear in this system may make a written request to the following address: NIC Technologies, 4601 N. Fairfax Drive, Suite 1160, Arlington, VA 22203.

   Any other requests for records about yourself from this system of records or any other Departmental system of records your request must conform with the Privacy Act regulations set forth in 49 CFR part 10. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the Chief Freedom of Information Act Officer, http://www.dot.gov/foia or 202.366.4542. In addition you should provide the following:

   An explanation of why you believe the Department would have information on you;

   squf Identify which component(s) of the Department you believe may have the information about you;

   squf Specify when you believe the records would have been created;

   squf Provide any other information that will help the FOIA staff determine which DOT component agency may have responsive records; and

   squf If your request is seeking records pertaining to another living individual, you must include a statement from that individual certifying his/her agreement for you to access his/her records.

   Without this bulleted information the component(s) may not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations.

   RECORD ACCESS PROCEDURES:

   See ``Notification Procedure'' above.

   CONTESTING RECORDS PROCEDURE:

   Operator-applicants seeking to contest the content of information about them in this system should apply to the System Manager by following the same procedures as indicated under ``Notification Procedure.'' Operator-applicants may also submit a data challenge to FMCSA's online system to record and monitor challenges to FMCSA data, DataQs. The system can be accessed via the DataQs Web site (https://dataqs.fmcsa.dot.gov/login.asp). The DataQs system, provides an electronic means for operator-applicants to file concerns about Federal and State data contained in the PSP report. Specifically, DataQs allows an individual to challenge data maintained by FMCSA on, among other things, crashes, inspections, registration, operating authority, safety audits and enforcement actions. Through this system, data concerns are automatically forwarded to the appropriate Federal or State office for processing and resolution. Any challenges to data provided by State agencies must be resolved by the appropriate State agency. Additionally, FMCSA is not authorized to direct a State to change or alter MCMIS data for violations or inspections originating within a particular State(s). Once a State office makes a determination on the validity of a challenge, FMCSA considers that decision as the final resolution of the challenge. FMCSA cannot change State records without State consent. The system also allows filers to monitor the status of each filing.

   Page 42552

   RECORD SOURCE CATEGORIES:

1. CMV crash and inspection records: All commercial driver crash and inspection data in PSP is received from a monthly MCMIS data extract. The MCMIS SORN identifies the source(s) of the information in MCMIS. (FMCSA modified the MCMIS SORN to describe the system's sharing of PII with the Driver Information Resource and PSP systems. See 74 FR 66391, December 15, 2009). All DOT SORNs may be found at www.dot.gov/privacy.

2. Access transaction records: An audit trail of those entities or persons that accessed the PSP (i.e. authorized motor carriers, authorized industry service providers, or validated operator-

   applicants) is automatically created when requests are initiated and when data is released by the Service Provider. These records are internal documents to be used by the Service Provider and FMCSA for auditing, monitoring and compliance purposes.

   EXEMPTIONS CLAIMED FOR THE SYSTEM:

   None.

   Issued in Washington, DC on July 13, 2012.

   Claire W. Barrett,

   Departmental Privacy Officer.

   FR Doc. 2012-17597 Filed 7-18-12; 8:45 am

   BILLING CODE 4910-EX-P