Privacy Act of 1974; Department of Transportation, National Highway Traffic Safety Administration; DOT/NHTSA-415; Vehicle Owner Questionnaire (VOQ) System |
|---|
|
Claire W. Barrett
National Highway Traffic Safety Administration
24 April 2019
[Federal Register Volume 84, Number 79 (Wednesday, April 24, 2019)]
[Notices]
[Pages 17234-17239]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-08171]
-----------------------------------------------------------------------
DEPARTMENT OF TRANSPORTATION
National Highway Traffic Safety Administration
[Docket No. DOT-OST-2019-0057]
Privacy Act of 1974; Department of Transportation, National
Highway Traffic Safety Administration; DOT/NHTSA-415; Vehicle Owner
Questionnaire (VOQ) System
AGENCY: National Highway Traffic Safety Administration, Department of
Transportation.
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act of 1974, the National
Highway Traffic Safety Administration (NHTSA) proposes to update,
reissue, and rename a previously published Department of Transportation
(DOT) system of records titled, ``Department of Transportation--DOT/
NHTSA 415 Artemis/Vehicle Owner Complaint Information.'' This system of
records allows NHTSA to collect and retain complaints, letters
communicating vehicle or equipment concerns, and supporting
documentation which may include photos, videos, police accident
reports, repair invoices or medical information (collectively,
``vehicle owner questionnaires'' or ``VOQs'') submitted by or on behalf
of vehicle or equipment owners and lessees (consumers). NHTSA updated
the notice with regards to: System Name to Vehicle Owner Questionnaire
(VOQ) System to appropriately identify the specific records maintained
in the Artemis system covered by the Privacy Act; System Location to
include NHTSA's current address and the location of the
[[Page 17235]]
Federal disaster recovery facility in Stennis, MS; System Managers to
update the name and contact information for the system's current points
of contact; Authority for Maintenance of the System to reflect the
system's underlying authority; Purposes to provide clarity and
facilitate understanding of NHTSA investigation and recall processes;
Categories of Records to provide greater clarity of the type of records
and information included in the system; Record Source Categories to
provide additional information about the mechanisms used by NHTSA for
collecting records in the system; and Routine Uses to modify an
existing routine use to permit sharing of records with manufacturers
named in VOQs earlier in NHTSA's investigation and recall processes
than permitted under the previously published system of records notice
(SORN), unless a consumer ``opts-out'' at the time of collection, and
to provide additional details and clarification about NTHSA referrals
of complaints to other agencies; and Policies and Practices for
Storage, Retrieval, Retention and Disposal of Records, respectively, to
provide additional information about the location of the system,
methods of retrieval, individuals permitted to retrieve records, and to
specify the applicable NARA record retention schedule; Administration,
Technical and Physical Safeguards to detail the privacy-risk mitigating
controls applicable to the system. Additionally, this notice includes
non-substantive changes to simplify and clarify the language,
formatting, and text of the previously published notice to align with
the requirements of Office of Management and Budget Memoranda A-108.
This updated system, Vehicle Owner Questionnaire (VOQ) System, will be
included in the Department of Transportation's inventory of record
systems.
DATES: Written comments must be submitted on or before May 24, 2019.
The modified system will be effective immediately with the exception of
the modified routine use which will be effective May 24, 2019.
ADDRESSES: You may submit comments, identified by docket number DOT-
OST-2019-0057 by one of the following methods:
Federal e-Rulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments.
Fax: 202-493-2251.
Mail: Department of Transportation Docket Management, Room
W12-140, 1200 New Jersey Ave. SE, Washington, DC 20590.
Instructions: You must include the agency name and docket number,
DOT-OST-2019-0057. All comments received will be posted without change
to http://www.regulations.gov, including any personal information
provided.
Privacy Act: In accordance with 5 U.S.C. 553(c), DOT solicits
comments from the public to better inform its rulemaking process. DOT
posts these comments, without edit, to www.regulations.gov. In order to
facilitate comment tracking and response, we encourage commenters to
provide their name, or the name of their organization; however,
submission of names is completely optional. Whether or not commenters
identify themselves, all timely comments will be fully considered. If
you wish to provide comments containing proprietary or confidential
information, please contact the agency for alternate submission
instructions.
Docket: For access to the docket to read background documents or
comments received, go to https://www.regulations.gov or to the street
address listed above. Follow the online instructions for accessing.
FOR FURTHER INFORMATION CONTACT: For system-related questions please
contact Jeff Giuseppe (202-366-1605), ODI_Privacy@dot.gov, Associate
Administrator, Enforcement, NHTSA, 1200 New Jersey Ave. SE, Washington,
DC 20590. For privacy questions, please contact: Claire W. Barrett
(202-366-8135), privacy@dot.gov. Departmental Chief Privacy Officer,
Department of Transportation, 1200 New Jersey Ave. SE, Washington, DC
20590.
SUPPLEMENTARY INFORMATION:
I. Background
In accordance with the Privacy Act of 1974, NHTSA proposes to
update, reissue, and rename a previously published DOT system of
records titled, ``Department of Transportation--DOT/NHTSA 415 Artemis/
Vehicle Owner Complaint Information.'' The updated system of records
consists of VOQs submitted by or on behalf of consumers.
Under 49 U.S.C. Chapter 301, NHTSA Office of Defects Investigation
(ODI), is responsible for identifying, investigating and ensuring the
remedy, through safety recalls conducted by manufacturers, of safety-
related defects and non-compliance issues in motor vehicles and items
of motor vehicle equipment. To accomplish this, ODI collects and
evaluates information from several different sources: Consumers, motor
vehicle and equipment manufacturers, State and local law enforcement,
insurance companies, automobile dealers, advocacy groups, and other
entities. Among the types of information collected by ODI are VOQs that
can be submitted through NHTSA's website https://www.NHTSA.gov, through
a telephone hotline where an operator inputs the consumer's information
into an electronic form, or a hard copy form sent to NHSTA by mail. ODI
also receives letters from consumers and their Congressional
representatives communicating vehicle and equipment concerns that the
Agency, in addition to or in place of the questionnaire form. This
system enables NHTSA to facilitate the defect investigation and recall
processes, which may include contacting consumers regarding their
complaints or recalls affecting their vehicle. ODI relies on the
Advanced Retrieval (Tire, Equipment, Motor Vehicles) Information System
(ARTEMIS) to provide centralized storage, document management and data
analysis tools for all information collected in support of the defect
investigation process, including VOQs. NHTSA uses the information in
this system to help the Agency identify, investigate and ensure that
manufactures remedy, through recall, replacement or repair, (1)
potential safety defects and failures to comply with Federal Motor
Vehicle Safety Standards (FMVSS) in motor vehicles and items of motor
vehicle equipment, and (2) problems with the scope, administration,
notification or remedy of a recall. NHTSA also may use the email
addresses and Vehicle Identification Numbers (VINs) collected, to
contact consumers whose vehicles are the subject of VOQs, and to notify
consumers via email of open recalls applicable to the vehicles or
equipment referenced in their VOQs.
Changes to the System Name, System Location, System Managers,
Authority, Purpose, Categories of Individuals Covered by the System,
Categories of Records in the System, Record Source Categories, Policies
and Practices for Storage, Retrieval, Retention and Disposal of
Records, and Safeguards improve transparency, but do not reflect
substantive changes to the Notice. In particular, NHTSA's change to the
System Name is intended to clarify for members of the public that only
VOQs (as defined above) and not all documents stored in ARTEMIS, are
part of the VOQ Privacy Act system of records that is the subject of
this notice.
Changes to the SORN include:
1. System Name to Vehicle Owner Questionnaire (VOQ) System to
appropriately identify the specific records maintained in the Artemis
system covered by the Privacy Act;
[[Page 17236]]
2. System Location to include NHTSA's current address and the
location of the Federal disaster recovery facility in Stennis, MS;
3. System Managers to update the name and contact information for
the system's current points of contact;
4. Authority for Maintenance of the System to reflect the system's
underlying authority;
5. Purposes to provide clarity and facilitate understanding of
NHTSA investigation and recall processes;
6. Categories of Records to provide greater clarity of the type of
records and information included in the system;
7. Record Source Categories to provide additional information about
the mechanisms used by NHTSA for collecting records in the system;
8. Routine Uses to modify an existing routine use to permit sharing
of records with manufacturers named in VOQs earlier in NHTSA's
investigation and recall processes than permitted under the previously
published SORN, unless a consumer ``opts-out'' at the time of
collection;
9. Routine uses to replace a general routine use permitting NHTSA
to refer complaints to other state or federal agencies with three
separate routines uses specifying that NHTSA may share consumer
complaints with the National Transportation Safety Board (NTSB) in
connect with NTSB investigations of surface transportation incidents,
and highway accidents and incidents including those at railway grade
crossings; to the Consumer Product Safety Commission to support
enforcement of consumer product safety laws; to the Federal Trade
Commission in matters involving potential unfair or deceptive
practices;
10. Routine uses to add a routine use permitting NHTSA to share
with the Department of Homeland Security consumer complaints indicative
of a cybersecurity vulnerability impacting critical infrastructure;
11. Routine Uses to remove internal uses of the information in the
VOQ by ODI which are more appropriately addressed in the system's
Purpose.
12. Policies and Practices for Storage, Retrieval, Retention and
Disposal of Records, respectively, to provide additional information
about the location of the system, methods of retrieval, individuals
permitted to retrieve records, and to specify the applicable NARA
record retention schedule;
13. Administration, Technical and Physical Safeguards to detail the
privacy-risk mitigating controls applicable to the system.
14. Additionally, this notice includes non-substantive changes to
simplify and clarify the language, formatting, and text of the
previously published notice to align with the requirements of Office of
Management and Budget Memoranda A-108. This updated system, Vehicle
Owner Questionnaire (VOQ) System, will be included in the Department of
Transportation's inventory of record systems.
NHTSA routinely publishes VOQs without personally identifiable
information (PII) on its public facing website. A critical piece of
information included in a VOQ is the VIN. A VIN is coded information
that a vehicle manufacturer assigns to each vehicle it produces. This
code contains seventeen alphanumeric characters that provide
information about the vehicle. The first eleven characters identify the
manufacturer and various generic attributes of the vehicle, such as the
make, model, model year, body style, engine type, wheel base,
supplemental restraint system and production plant, etc. The last six
characters are the number sequentially assigned by the manufacturer in
the production process. This sequential number is the part of the VIN
that identifies a specific vehicle such as build history, standard or
optional equipment packages and service history (and makes it possible
through a search of public records to determine the identity of the
owner). Because the VIN provides significant data, a VIN is critical to
NHTSA's and a manufacturer's assessment and evaluation of potential
safety issues in motor vehicles. NHTSA publishes the first eleven
characters of the seventeen characters of VIN because, without the last
six characters, the VIN cannot be linked to an individual. The public,
including vehicle equipment manufacturers, can view these complaints
with the truncated VIN and access the general make, model, model year
attributes of the vehicle. Without the full seventeen character VIN, a
manufacturer is unable to identify the precise vehicle that has
experienced a potential safety related defect. Without such
information, a manufacturer is unable to learn of vehicle specific
information and focus on or identify potential safety issues.
The previously published SORN permitted NHTSA to share PII,
including the full VIN, in VOQs with the manufacturer of the vehicle or
equipment identified in a VOQ only after the agency has opened a formal
investigation or a manufacturer has commenced a recall. In NHTSA's
view, providing manufacturers and other stakeholders earlier access to
PII in VOQs is critical to improving highway safety because earlier
access will help manufacturers to identify the specific vehicle and its
attributes that is subject to the complaint and remedy safety defects
and noncompliance issues in a more timely manner than under the
previously published SORN. Modifying this routine use will permit NHTSA
to share VOQs with manufacturers on a routine basis as soon as is
practicable after receipt by the Agency. Sharing these records at an
earlier stage than permitted under the previously published SORN is
compatible with the original vehicle safety purposes of the system
because it allows NHTSA to provide manufacturers with information
necessary to definitively identify the build history, equipment
options, and repair history of a vehicles identified in a VOQ, and to
identify, investigate and work with NHTSA to remedy a potential safety
defect, failure to comply with an FMVSS or recall administration, scope
or remedy issue.
To limit the potential privacy risks of sharing consumer contact
information with manufacturer of the vehicles or equipment identified
in the VOQ, NHTSA updated its collection instrument (see 2127-0008) to
include explicit opt-out. Consumers who choose to opt-out will not have
their information shared with the manufacturer of the vehicles or
equipment identified in the VOQs unless the Agency opens an
investigation or a recall is initiated. The Agency takes consumer
privacy seriously and has included this new ``opt out'' feature in the
VOQ form in order to provide consumers with additional control over
their personal information. To enhance transparency, the ``opt-out''
appears in a prominent place in the electronic form maintained on the
Department's public website, and will be communicated to consumers by
hotline operators at the end of each hotline call. If consumers, at the
point and time of collection, either check an ``opt out'' box on the
VOQ form or direct the hotline operator collecting their information
over the telephone to do so, NHTSA will not share with manufacturers
the personal information provided in response to VOQ questions unless
the Agency opens up a defect investigation or a recall takes place. At
that point, an existing routine use permits the Agency to share their
VOQs with the manufacturer of the vehicles or equipment identified in
the VOQs. In addition to the approximately 70,000 VOQs filed annually
directly with NHTSA, the Agency also receives approximately 1500
letters per year
[[Page 17237]]
from consumers or consumers' Congressional representatives
communicating vehicle and equipment concerns that the Agency may
convert into VOQs. It is not practicable for NHTSA to provide this
small subset of consumers with the opportunity to ``opt out'' of
sharing their personal information with the manufacturer of the
vehicles or equipment identified in their letters. For this reason,
NHTSA will pursue a privacy-positive course of action and assign ``opt-
out'' status to the VOQs generated from these letters. NHTSA will not
share their personal information with the manufacturer of the vehicles
or equipment identified in these letters unless the Agency opens a
defect investigation or a recall is commenced.
To further enhance transparency, NHTSA is adding a routine use
concerning comments received in the free form narrative section of the
web based VOQ form and VOQs received through the hotline. The publicly
available VOQs are on NHTSA's website, accessed through NHTSA.gov. As
part of the online VOQ form, NHTSA has a free text narrative section
that requests that the consumer ``In your own words, tell us what
happened.'' NHTSA provides notice to the consumer that any text
submitted will be made public without edits. Once the individual
submits the online form, NHTSA publishes these comments without edit
and other non-personal identifying information in the VOQ to NHTSA's
public website. In order to advise the public how NHTSA uses the
narrative comments in a VOQ, NTHSA is establish a routine use this
system of records. This routine use is compatible with the purpose of
collection, which is to provide the public with information concerning
potential safety related defects and noncompliance with a federal motor
vehicle safety standard.
Finally, NHTSA is replacing pre-existing, generally-worded, routine
use that permits NTHSA to share consumer complaints with ``appropriate
State or Federal agenc[ies] for actions involving matters of law or
regulation beyond the responsibility'' of NHSTA with three separate
routine uses that specify the agencies with and purposes for which
NHTSA shares information. This does not reflect a change in the types
of disclosures NTSHA has or will make under the routine use, but is
merely intended to provide clarity and transparency into how NHTSA
shares information with other agencies. NHTSA also is updating its
routine uses to permit disclosure to DHS when the consumer complaint
evidences a potential cybersecurity vulnerability impacting
transportation critical infrastructure. These routine uses are
compatible with the purpose of the collection as a ``necessary and
proper'' use of the information, as discussed more below. Individuals
who provide VOQ information to NHTSA do so because they are seeking
Federal agency intervention to address a potential issue with their
vehicle. When the potential issue relates to a matter outside of
NHTSA's jurisdiction, individuals may expect that NHTSA will share the
information with the Federal agencies having jurisdiction for the
matter. Thus, this routine use with compatible with the purpose of the
collection, which is to identify, investigate and remedy potential
safety defects.
NHTSA is updating this Notice to include Departmental general
routine uses previously incorporated by reference, to the extent that
they are compatible with the purposes of this System. As recognized by
the Office of Management and Budget (OMB) in its Privacy Act
Implementation Guidance and Responsibilities (65 FR 19746, July 9,
1975), the routine uses include all proper and necessary uses of
information in the system, even if such uses occur infrequently. NHTSA
has included in this Notice general routine uses for disclosures to law
enforcement when the record, on its face, indicates a violation of law,
to DOJ for litigation purposes, or when necessary in investigating or
responding to a breach of this system or other agencies' systems. NHTSA
must work with DOT to take appropriate action to address any apparent
violations of the law, and to share information with legal counsel in
the Department of Justice when necessary for litigation. OMB has long
recognized that these types of routine uses are ``proper and
necessary'' uses of information and qualify as compatible with agency
systems. 65 FR 19476. In addition, by OMB Memorandum M-17-12, OMB
directed agencies to include routine uses that will permit sharing of
information when needed to investigate, respond to, and mitigate a
breach of a Federal information system. NHTSA also has included routine
uses that permit sharing with the National Archives and Records
Administration when necessary for an inspection, to any Federal
government agency engaged in audit or oversight related to this system,
or when DOT determines that the disclosure will detect, prevent, or
mitigate terrorism activity. These types of disclosures are necessary
and proper uses of information in this system because they further
DOT's obligation to fulfil its records management and program
management responsibilities by facilitating accountability to agencies
charged with oversight in these areas, and the Department's obligation
under Intelligence Reform and Terrorism Prevention Act of 2004, Public
Law 108-456, and Executive Order 13388 (Oct. 25, 2005) to share
information necessary and relevant to detect, prevent, disrupt,
preempt, or mitigate the effects of terrorist activities against the
territory, people, and interests of the United States.
Finally, this system includes a routine use to permit sharing with
our contractors, consultants, experts, grantees, and others when
necessary to fulfill a NHTSA function related to this System. Agencies
routinely engage assistance of these types of individuals in the
fulfillment of their duties, such as contract support necessary to
maintain the database in which these records are housed. NHTSA relies
on contract support to maintain this system, and disclosures for this
purpose are compatible with the purpose of the collection.
System Name and Number:
Vehicle Owner Questionnaire System DOT/NHTSA 415.
Security Classification:
Unclassified, Sensitive.
System Location:
Records are maintained at the Department of Transportation
Headquarters, 1200 New Jersey Ave., Washington, DC 20590, and at the
Federal disaster recovery facility in Stennis, MS.
System Manager(s):
Stephen A. Ridella, Ph.D., Director, Office of Defects
Investigation, National Highway Traffic Safety Administration, U.S.
Department of Transportation, 1200 New Jersey Avenue SE, Washington, DC
20590, 202-366-4703, ODI_Privacy@dot.gov.
Authority for Maintenance of the System:
49 U.S.C. 30116, 30118-22, 30166.
Purpose of the System:
To assist NHTSA to identify, investigate and ensure that
manufactures remedy, through recall, replacement or repair, potential
safety defects and failures to comply with FMVSS in motor vehicles and
items of motor vehicle equipment. To assist NHTSA to identify,
investigate and ensure that manufactures remedy problems with the
scope, administration, notification or remedy of a recall. For these
purposes, NHTSA routinely retrieves VOQs by name or
[[Page 17238]]
assigned identifier to contact motor vehicle drivers or owners
experiencing safety problems or witnesses and other individuals with
information relevant to the agency's investigative or remedial efforts.
Categories of Individuals Covered by the System:
Owners of motor vehicles and motor vehicle equipment, as well as
users of leased motor vehicles and motor vehicle equipment, who have
filed, or on whose behalf have been filed VOQs, or who send letters to
the agency directly or through their representatives (e.g., advocates,
attorneys or Congressmen) concerning motor vehicle safety.
Categories of Records in the System:
The standard questionnaire format collects information that assists
NHTSA to identify and identify potential defects, recall issues, and
instances of noncompliance. The information submitted by or on behalf
of an individual includes the following:
Vehicle identification number (VIN).
Make, model and year of relevant vehicle.
Part affected.
A narrative field that permits the individual to describe
in his or her own words what happened.
Photographs/supporting documentation.
Date of incident.
Was there a crash.
Was there a fire.
Was there an injury or fatality.
Speed at time.
Number of miles on the vehicle.
First and last name.
Email address.
Street address.
Telephone/alt telephone number.
Individuals may also submit supporting documentation with a
questionnaire or letter. NHTSA does not control the data submitted in
these records and it may include personal information. Supporting
documentation includes:
Repair invoices.
Insurance claims.
Vehicle crash information.
Police accident reports.
Photographs and video image recordings of vehicles, parts,
bodies or body parts.
Record Source Categories:
Consumers, to include; vehicle owners, drivers of leased vehicles,
and individuals or organizations submitting VOQs to NHTSA on their
behalf.
Routine Uses of Records Maintained in the System, Including Categories
of Users and the Purposes of Such Uses:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the information
contained in this system may be disclosed outside of DOT as a routine
use pursuant to 5 U.S.C. 552a(b)(3) as follows:
System Specific Routine Uses:
1. To manufacturers prior to the initiation of a formal
investigation by the Department, an entire VOQ information to respond
to consumer complaints and research the cause of the complaint, except
when consumers ``opt out'' of such sharing at the point and time of
collection. Information from individuals who submit VOQs by means other
than the NHTSA website will be treated as if the individual has opt-
out;
2. To manufacturers, after the Agency opens an investigation, to
allow them to investigate owner complaints and researching the root
cause of the alleged problem;
3. To the National Transportation Safety Board (NTSB) an entire VOQ
to support NTSB investigations of surface transportation incidents,
highway accidents and incidents, including incidents at railway grade
crossings;
4. To the Consumer Product Safety Commission (CPSC) an entire VOQ
to support identification of violations and enforcement of consumer
product safety laws;
5. To the Federal Trade Commission an entire VOQ in matters
involving potential unfair or deceptive trade practices;
6. To the Department of Homeland Security (DHS) if the VOQ is
indicative of a cybersecurity vulnerability impacting critical
infrastructure; and
7. To members of the public through NHTSA.gov website, information
included in the narrative portion of the form questionnaire.
Individuals are notified at the time of the VOQ submission that all
information provided in the narrative will be made publicly available
without edit.
Department General Routine Uses:
The U.S. Department of Transportation has established general
routine uses applicable to all systems maintained by DOT. The following
DOT general routine uses apply to this system of records:
1. In the event that a system of records maintained by DOT to carry
out its functions indicates a violation or potential violation of law,
whether civil, criminal or regulatory in nature, and whether arising by
general statute or particular program pursuant thereto, the relevant
records in the system of records may be referred, as a routine use, to
the appropriate agency, whether Federal, State, local or foreign,
charged with the responsibility of investigating or prosecuting such
violation or charged with enforcing or implementing the statute, or
rule, regulation, or order issued pursuant thereto.
2a. Routine Use for Disclosure for Use in Litigation. It shall be a
routine use of the records in this system of records to disclose them
to the Department of Justice or other Federal agency conducting
litigation when--
(a) DOT, or any agency thereof, or
(b) Any employee of DOT or any agency thereof (including a member
of the Coast Guard), in his/her official capacity, or
(c) Any employee of DOT or any agency thereof (including a member
of the Coast Guard), in his/her individual capacity where the
Department of Justice has agreed to represent the employee, or
(d) The United States or any agency thereof, where DOT determines
that litigation is likely to affect the United States, is a party to
litigation or has an interest in such litigation, and the use of such
records by the Department of Justice or other Federal agency conducting
the litigation is deemed by DOT to be relevant and necessary in the
litigation, provided, however, that in each case, DOT determines that
disclosure of the records in the litigation is a use of the information
contained in the records that is compatible with the purpose for which
the records were collected.
2b. Routine Use for Agency Disclosure in Other Proceedings. It
shall be a routine use of records in this system to disclose them in
proceedings before any court or adjudicative or administrative body
before which DOT or any agency thereof, appears, when--
(a) DOT, or any agency thereof, or
(b) Any employee of DOT or any agency thereof (including a member
of the Coast Guard) in his/her official capacity, or
(c) Any employee of DOT or any agency thereof (including a member
of the Coast Guard) in his/her individual capacity where DOT has agreed
to represent the employee, or
(d) The United States or any agency thereof, where DOT determines
that the proceeding is likely to affect the United States, is a party
to the proceeding or has an interest in such proceeding, and DOT
determines that use of such records is relevant and necessary in the
proceeding, provided, however, that in each case, DOT determines that
[[Page 17239]]
disclosure of the records in the proceeding is a use of the information
contained in the records that is compatible with the purpose for which
the records were collected.
3. One or more records from a system of records may be disclosed
routinely to the National Archives and Records Administration in
records management inspections being conducted under the authority of
44 U.S.C. 2904 and 2906.
4. DOT may disclose records from this system, as a routine use, to
appropriate agencies, entities, and persons when (1) DOT suspects or
has confirmed that the security or confidentiality of information in
the system of records has been compromised; (2) DOT has determined that
as a result of the suspected or confirmed compromise there is a risk of
harm to economic or property interests, identity theft or fraud, or
harm to the security or integrity of this system or other systems or
programs (whether maintained by DOT or another agency or entity) that
rely upon the compromised information; and (3) the disclosure made to
such agencies, entities, and persons is reasonably necessary to assist
in connection with DOT's efforts to respond to the suspected or
confirmed compromise and prevent, minimize, or remedy such harm.
5. DOT may disclose records from this system, as a routine use, to
the Office of Government Information Services for the purpose of (a)
resolving disputes between FOIA requesters and Federal agencies and (b)
reviewing agencies' policies, procedures, and compliance in order to
recommend policy changes to Congress and the President.
6. DOT may disclose records from this system, as a routine use, to
contractors and their agents, experts, consultants, and others
performing or working on a contract, service, cooperative agreement, or
other assignment for DOT, when necessary to accomplish an agency
function related to this system of records.
7. DOT may disclose records from this system, as a routine use, to
an agency, organization, or individual for the purpose of performing
audit or oversight operations related to this system of records, but
only such records as are necessary and relevant to the audit or
oversight activity. This routine use does not apply to intra-agency
sharing authorized under Section (b)(1) of the Privacy Act.
8. DOT may disclose from this system, as a routine use, records
consisting of, or relating to, terrorism information (6 U.S.C.
485(a)(5)), homeland security information (6 U.S.C. 482(f)(1)), or Law
enforcement information (Guideline 2 Report attached to White House
Memorandum, ``Information Sharing Environment, November 22, 2006) to a
Federal, State, local, tribal, territorial, foreign government and/or
multinational agency, either in response to its request or upon the
initiative of the Component, for purposes of sharing such information
as is necessary and relevant for the agencies to detect, prevent,
disrupt, preempt, and mitigate the effects of terrorist activities
against the territory, people, and interests of the United States of
America, as contemplated by the Intelligence Reform and Terrorism
Prevention Act of 2004 (Pub. L. 108-458) and Executive Order 13388
(October 25, 2005).
Policies and Practices for Storage of Records:
Records are maintained in electronic systems and hard copy at DOT
Headquarters, 1200 New Jersey Ave. SE, Washington, DC 20590 and at the
Federal disaster recovery facility in Stennis, MS.
Policies and Practices for Retrieval of Records:
NHTSA staff and agents routinely retrieve VOQs by consumer name or
personal identifier.
Policies and Practices for Retention and Disposal of Records:
Pursuant to approved NARA Schedule N1-416-05-003 (Office of Defect
Investigation Files), NHTSA: (1) Destroys VOQ information provided by
consumers 15 years after receipt; (2) destroys investigation files,
including any VOQs in the files, 15 years after the date of the
resolution of an investigation when the investigation did not lead to a
court decision; and (3) retains on a permanent basis investigation
files, including any VOQs in the files, when an investigation leads to
a court decision, but transfers legal custody of the files to NARA
after 15 years. Original hard copy records collected from consumers and
others are scanned into ARTEMIS and then destroyed.
Administrative, Technical and Physical Safeguards:
The VOQ system is protected by a multi-layer security approach to
prevent unauthorized access to personally identifiable information
through appropriate administrative, physical, and technical safeguards.
Protective strategies include: Implementing physical access controls at
DOT facilities; ensuring confidentiality of communications using tools
such as encryption, authentication of sending parties, and
compartmentalizing databases; and employing auditing software and
personnel screening to ensure that all personnel with access to data
are screened through background investigations commensurate with the
level of access required to perform their duties. Records maintained in
hard copy are stored in locked file cabinets until they can be scanned
and uploaded to ARTEMIS and subsequently destroyed.
Record Access Procedures:
An individual wishing to gain access to any record pertaining to
him or her in the system should send his or her name, address,
telephone number, and a description of the record(s) sought to the U.S.
Department of Transportation, Privacy Act Officer, Office of the Chief
Information Officer, 1200 New Jersey Avenue SE, Washington, DC 20590.
Contesting Record Procedures:
An individual seeking to contest information contained in a record
pertaining to him or her in this system should address written
inquiries to the U.S. Department of Transportation, Privacy Act
Officer, Office of the Chief Information Officer, 1200 New Jersey
Avenue SE, Washington, DC 20590. Inquiries should include name,
address, telephone number, and a description of the record and
information being contested.
Notification Procedures:
An individual seeking to determine whether a record pertaining to
him or her is contained in this system should address written inquiries
to the U.S. Department of Transportation, Privacy Act Officer, Office
of the Chief Information Officer, 1200 New Jersey Avenue SE,
Washington, DC 20590. Inquiries should include name, address, telephone
number, and identify the system that is the subject of the inquiry.
Exemptions Promulgated for the System:
None.
History:
The last full Federal Register Notice pertaining to this system
that contained all SORN elements was published on September 3, 2004 (69
FR 53971-53972).
Issued in Washington, DC on April 18, 2019.
Claire W. Barrett,
Departmental Chief Privacy Officer, Department of Transportation.
[FR Doc. 2019-08171 Filed 4-23-19; 8:45 am]
BILLING CODE 4910-9X-P