Privacy Act of 1974; Department of Transportation, National Highway Traffic Safety Administration; DOT/NHTSA-415; Vehicle Owner Questionnaire (VOQ) System |
---|
|
Claire W. Barrett
National Highway Traffic Safety Administration
24 April 2019
[Federal Register Volume 84, Number 79 (Wednesday, April 24, 2019)] [Notices] [Pages 17234-17239] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 2019-08171] ----------------------------------------------------------------------- DEPARTMENT OF TRANSPORTATION National Highway Traffic Safety Administration [Docket No. DOT-OST-2019-0057] Privacy Act of 1974; Department of Transportation, National Highway Traffic Safety Administration; DOT/NHTSA-415; Vehicle Owner Questionnaire (VOQ) System AGENCY: National Highway Traffic Safety Administration, Department of Transportation. ACTION: Notice of a modified system of records. ----------------------------------------------------------------------- SUMMARY: In accordance with the Privacy Act of 1974, the National Highway Traffic Safety Administration (NHTSA) proposes to update, reissue, and rename a previously published Department of Transportation (DOT) system of records titled, ``Department of Transportation--DOT/ NHTSA 415 Artemis/Vehicle Owner Complaint Information.'' This system of records allows NHTSA to collect and retain complaints, letters communicating vehicle or equipment concerns, and supporting documentation which may include photos, videos, police accident reports, repair invoices or medical information (collectively, ``vehicle owner questionnaires'' or ``VOQs'') submitted by or on behalf of vehicle or equipment owners and lessees (consumers). NHTSA updated the notice with regards to: System Name to Vehicle Owner Questionnaire (VOQ) System to appropriately identify the specific records maintained in the Artemis system covered by the Privacy Act; System Location to include NHTSA's current address and the location of the [[Page 17235]] Federal disaster recovery facility in Stennis, MS; System Managers to update the name and contact information for the system's current points of contact; Authority for Maintenance of the System to reflect the system's underlying authority; Purposes to provide clarity and facilitate understanding of NHTSA investigation and recall processes; Categories of Records to provide greater clarity of the type of records and information included in the system; Record Source Categories to provide additional information about the mechanisms used by NHTSA for collecting records in the system; and Routine Uses to modify an existing routine use to permit sharing of records with manufacturers named in VOQs earlier in NHTSA's investigation and recall processes than permitted under the previously published system of records notice (SORN), unless a consumer ``opts-out'' at the time of collection, and to provide additional details and clarification about NTHSA referrals of complaints to other agencies; and Policies and Practices for Storage, Retrieval, Retention and Disposal of Records, respectively, to provide additional information about the location of the system, methods of retrieval, individuals permitted to retrieve records, and to specify the applicable NARA record retention schedule; Administration, Technical and Physical Safeguards to detail the privacy-risk mitigating controls applicable to the system. Additionally, this notice includes non-substantive changes to simplify and clarify the language, formatting, and text of the previously published notice to align with the requirements of Office of Management and Budget Memoranda A-108. This updated system, Vehicle Owner Questionnaire (VOQ) System, will be included in the Department of Transportation's inventory of record systems. DATES: Written comments must be submitted on or before May 24, 2019. The modified system will be effective immediately with the exception of the modified routine use which will be effective May 24, 2019. ADDRESSES: You may submit comments, identified by docket number DOT- OST-2019-0057 by one of the following methods: Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments. Fax: 202-493-2251. Mail: Department of Transportation Docket Management, Room W12-140, 1200 New Jersey Ave. SE, Washington, DC 20590. Instructions: You must include the agency name and docket number, DOT-OST-2019-0057. All comments received will be posted without change to http://www.regulations.gov, including any personal information provided. Privacy Act: In accordance with 5 U.S.C. 553(c), DOT solicits comments from the public to better inform its rulemaking process. DOT posts these comments, without edit, to www.regulations.gov. In order to facilitate comment tracking and response, we encourage commenters to provide their name, or the name of their organization; however, submission of names is completely optional. Whether or not commenters identify themselves, all timely comments will be fully considered. If you wish to provide comments containing proprietary or confidential information, please contact the agency for alternate submission instructions. Docket: For access to the docket to read background documents or comments received, go to https://www.regulations.gov or to the street address listed above. Follow the online instructions for accessing. FOR FURTHER INFORMATION CONTACT: For system-related questions please contact Jeff Giuseppe (202-366-1605), ODI_Privacy@dot.gov, Associate Administrator, Enforcement, NHTSA, 1200 New Jersey Ave. SE, Washington, DC 20590. For privacy questions, please contact: Claire W. Barrett (202-366-8135), privacy@dot.gov. Departmental Chief Privacy Officer, Department of Transportation, 1200 New Jersey Ave. SE, Washington, DC 20590. SUPPLEMENTARY INFORMATION: I. Background In accordance with the Privacy Act of 1974, NHTSA proposes to update, reissue, and rename a previously published DOT system of records titled, ``Department of Transportation--DOT/NHTSA 415 Artemis/ Vehicle Owner Complaint Information.'' The updated system of records consists of VOQs submitted by or on behalf of consumers. Under 49 U.S.C. Chapter 301, NHTSA Office of Defects Investigation (ODI), is responsible for identifying, investigating and ensuring the remedy, through safety recalls conducted by manufacturers, of safety- related defects and non-compliance issues in motor vehicles and items of motor vehicle equipment. To accomplish this, ODI collects and evaluates information from several different sources: Consumers, motor vehicle and equipment manufacturers, State and local law enforcement, insurance companies, automobile dealers, advocacy groups, and other entities. Among the types of information collected by ODI are VOQs that can be submitted through NHTSA's website https://www.NHTSA.gov, through a telephone hotline where an operator inputs the consumer's information into an electronic form, or a hard copy form sent to NHSTA by mail. ODI also receives letters from consumers and their Congressional representatives communicating vehicle and equipment concerns that the Agency, in addition to or in place of the questionnaire form. This system enables NHTSA to facilitate the defect investigation and recall processes, which may include contacting consumers regarding their complaints or recalls affecting their vehicle. ODI relies on the Advanced Retrieval (Tire, Equipment, Motor Vehicles) Information System (ARTEMIS) to provide centralized storage, document management and data analysis tools for all information collected in support of the defect investigation process, including VOQs. NHTSA uses the information in this system to help the Agency identify, investigate and ensure that manufactures remedy, through recall, replacement or repair, (1) potential safety defects and failures to comply with Federal Motor Vehicle Safety Standards (FMVSS) in motor vehicles and items of motor vehicle equipment, and (2) problems with the scope, administration, notification or remedy of a recall. NHTSA also may use the email addresses and Vehicle Identification Numbers (VINs) collected, to contact consumers whose vehicles are the subject of VOQs, and to notify consumers via email of open recalls applicable to the vehicles or equipment referenced in their VOQs. Changes to the System Name, System Location, System Managers, Authority, Purpose, Categories of Individuals Covered by the System, Categories of Records in the System, Record Source Categories, Policies and Practices for Storage, Retrieval, Retention and Disposal of Records, and Safeguards improve transparency, but do not reflect substantive changes to the Notice. In particular, NHTSA's change to the System Name is intended to clarify for members of the public that only VOQs (as defined above) and not all documents stored in ARTEMIS, are part of the VOQ Privacy Act system of records that is the subject of this notice. Changes to the SORN include: 1. System Name to Vehicle Owner Questionnaire (VOQ) System to appropriately identify the specific records maintained in the Artemis system covered by the Privacy Act; [[Page 17236]] 2. System Location to include NHTSA's current address and the location of the Federal disaster recovery facility in Stennis, MS; 3. System Managers to update the name and contact information for the system's current points of contact; 4. Authority for Maintenance of the System to reflect the system's underlying authority; 5. Purposes to provide clarity and facilitate understanding of NHTSA investigation and recall processes; 6. Categories of Records to provide greater clarity of the type of records and information included in the system; 7. Record Source Categories to provide additional information about the mechanisms used by NHTSA for collecting records in the system; 8. Routine Uses to modify an existing routine use to permit sharing of records with manufacturers named in VOQs earlier in NHTSA's investigation and recall processes than permitted under the previously published SORN, unless a consumer ``opts-out'' at the time of collection; 9. Routine uses to replace a general routine use permitting NHTSA to refer complaints to other state or federal agencies with three separate routines uses specifying that NHTSA may share consumer complaints with the National Transportation Safety Board (NTSB) in connect with NTSB investigations of surface transportation incidents, and highway accidents and incidents including those at railway grade crossings; to the Consumer Product Safety Commission to support enforcement of consumer product safety laws; to the Federal Trade Commission in matters involving potential unfair or deceptive practices; 10. Routine uses to add a routine use permitting NHTSA to share with the Department of Homeland Security consumer complaints indicative of a cybersecurity vulnerability impacting critical infrastructure; 11. Routine Uses to remove internal uses of the information in the VOQ by ODI which are more appropriately addressed in the system's Purpose. 12. Policies and Practices for Storage, Retrieval, Retention and Disposal of Records, respectively, to provide additional information about the location of the system, methods of retrieval, individuals permitted to retrieve records, and to specify the applicable NARA record retention schedule; 13. Administration, Technical and Physical Safeguards to detail the privacy-risk mitigating controls applicable to the system. 14. Additionally, this notice includes non-substantive changes to simplify and clarify the language, formatting, and text of the previously published notice to align with the requirements of Office of Management and Budget Memoranda A-108. This updated system, Vehicle Owner Questionnaire (VOQ) System, will be included in the Department of Transportation's inventory of record systems. NHTSA routinely publishes VOQs without personally identifiable information (PII) on its public facing website. A critical piece of information included in a VOQ is the VIN. A VIN is coded information that a vehicle manufacturer assigns to each vehicle it produces. This code contains seventeen alphanumeric characters that provide information about the vehicle. The first eleven characters identify the manufacturer and various generic attributes of the vehicle, such as the make, model, model year, body style, engine type, wheel base, supplemental restraint system and production plant, etc. The last six characters are the number sequentially assigned by the manufacturer in the production process. This sequential number is the part of the VIN that identifies a specific vehicle such as build history, standard or optional equipment packages and service history (and makes it possible through a search of public records to determine the identity of the owner). Because the VIN provides significant data, a VIN is critical to NHTSA's and a manufacturer's assessment and evaluation of potential safety issues in motor vehicles. NHTSA publishes the first eleven characters of the seventeen characters of VIN because, without the last six characters, the VIN cannot be linked to an individual. The public, including vehicle equipment manufacturers, can view these complaints with the truncated VIN and access the general make, model, model year attributes of the vehicle. Without the full seventeen character VIN, a manufacturer is unable to identify the precise vehicle that has experienced a potential safety related defect. Without such information, a manufacturer is unable to learn of vehicle specific information and focus on or identify potential safety issues. The previously published SORN permitted NHTSA to share PII, including the full VIN, in VOQs with the manufacturer of the vehicle or equipment identified in a VOQ only after the agency has opened a formal investigation or a manufacturer has commenced a recall. In NHTSA's view, providing manufacturers and other stakeholders earlier access to PII in VOQs is critical to improving highway safety because earlier access will help manufacturers to identify the specific vehicle and its attributes that is subject to the complaint and remedy safety defects and noncompliance issues in a more timely manner than under the previously published SORN. Modifying this routine use will permit NHTSA to share VOQs with manufacturers on a routine basis as soon as is practicable after receipt by the Agency. Sharing these records at an earlier stage than permitted under the previously published SORN is compatible with the original vehicle safety purposes of the system because it allows NHTSA to provide manufacturers with information necessary to definitively identify the build history, equipment options, and repair history of a vehicles identified in a VOQ, and to identify, investigate and work with NHTSA to remedy a potential safety defect, failure to comply with an FMVSS or recall administration, scope or remedy issue. To limit the potential privacy risks of sharing consumer contact information with manufacturer of the vehicles or equipment identified in the VOQ, NHTSA updated its collection instrument (see 2127-0008) to include explicit opt-out. Consumers who choose to opt-out will not have their information shared with the manufacturer of the vehicles or equipment identified in the VOQs unless the Agency opens an investigation or a recall is initiated. The Agency takes consumer privacy seriously and has included this new ``opt out'' feature in the VOQ form in order to provide consumers with additional control over their personal information. To enhance transparency, the ``opt-out'' appears in a prominent place in the electronic form maintained on the Department's public website, and will be communicated to consumers by hotline operators at the end of each hotline call. If consumers, at the point and time of collection, either check an ``opt out'' box on the VOQ form or direct the hotline operator collecting their information over the telephone to do so, NHTSA will not share with manufacturers the personal information provided in response to VOQ questions unless the Agency opens up a defect investigation or a recall takes place. At that point, an existing routine use permits the Agency to share their VOQs with the manufacturer of the vehicles or equipment identified in the VOQs. In addition to the approximately 70,000 VOQs filed annually directly with NHTSA, the Agency also receives approximately 1500 letters per year [[Page 17237]] from consumers or consumers' Congressional representatives communicating vehicle and equipment concerns that the Agency may convert into VOQs. It is not practicable for NHTSA to provide this small subset of consumers with the opportunity to ``opt out'' of sharing their personal information with the manufacturer of the vehicles or equipment identified in their letters. For this reason, NHTSA will pursue a privacy-positive course of action and assign ``opt- out'' status to the VOQs generated from these letters. NHTSA will not share their personal information with the manufacturer of the vehicles or equipment identified in these letters unless the Agency opens a defect investigation or a recall is commenced. To further enhance transparency, NHTSA is adding a routine use concerning comments received in the free form narrative section of the web based VOQ form and VOQs received through the hotline. The publicly available VOQs are on NHTSA's website, accessed through NHTSA.gov. As part of the online VOQ form, NHTSA has a free text narrative section that requests that the consumer ``In your own words, tell us what happened.'' NHTSA provides notice to the consumer that any text submitted will be made public without edits. Once the individual submits the online form, NHTSA publishes these comments without edit and other non-personal identifying information in the VOQ to NHTSA's public website. In order to advise the public how NHTSA uses the narrative comments in a VOQ, NTHSA is establish a routine use this system of records. This routine use is compatible with the purpose of collection, which is to provide the public with information concerning potential safety related defects and noncompliance with a federal motor vehicle safety standard. Finally, NHTSA is replacing pre-existing, generally-worded, routine use that permits NTHSA to share consumer complaints with ``appropriate State or Federal agenc[ies] for actions involving matters of law or regulation beyond the responsibility'' of NHSTA with three separate routine uses that specify the agencies with and purposes for which NHTSA shares information. This does not reflect a change in the types of disclosures NTSHA has or will make under the routine use, but is merely intended to provide clarity and transparency into how NHTSA shares information with other agencies. NHTSA also is updating its routine uses to permit disclosure to DHS when the consumer complaint evidences a potential cybersecurity vulnerability impacting transportation critical infrastructure. These routine uses are compatible with the purpose of the collection as a ``necessary and proper'' use of the information, as discussed more below. Individuals who provide VOQ information to NHTSA do so because they are seeking Federal agency intervention to address a potential issue with their vehicle. When the potential issue relates to a matter outside of NHTSA's jurisdiction, individuals may expect that NHTSA will share the information with the Federal agencies having jurisdiction for the matter. Thus, this routine use with compatible with the purpose of the collection, which is to identify, investigate and remedy potential safety defects. NHTSA is updating this Notice to include Departmental general routine uses previously incorporated by reference, to the extent that they are compatible with the purposes of this System. As recognized by the Office of Management and Budget (OMB) in its Privacy Act Implementation Guidance and Responsibilities (65 FR 19746, July 9, 1975), the routine uses include all proper and necessary uses of information in the system, even if such uses occur infrequently. NHTSA has included in this Notice general routine uses for disclosures to law enforcement when the record, on its face, indicates a violation of law, to DOJ for litigation purposes, or when necessary in investigating or responding to a breach of this system or other agencies' systems. NHTSA must work with DOT to take appropriate action to address any apparent violations of the law, and to share information with legal counsel in the Department of Justice when necessary for litigation. OMB has long recognized that these types of routine uses are ``proper and necessary'' uses of information and qualify as compatible with agency systems. 65 FR 19476. In addition, by OMB Memorandum M-17-12, OMB directed agencies to include routine uses that will permit sharing of information when needed to investigate, respond to, and mitigate a breach of a Federal information system. NHTSA also has included routine uses that permit sharing with the National Archives and Records Administration when necessary for an inspection, to any Federal government agency engaged in audit or oversight related to this system, or when DOT determines that the disclosure will detect, prevent, or mitigate terrorism activity. These types of disclosures are necessary and proper uses of information in this system because they further DOT's obligation to fulfil its records management and program management responsibilities by facilitating accountability to agencies charged with oversight in these areas, and the Department's obligation under Intelligence Reform and Terrorism Prevention Act of 2004, Public Law 108-456, and Executive Order 13388 (Oct. 25, 2005) to share information necessary and relevant to detect, prevent, disrupt, preempt, or mitigate the effects of terrorist activities against the territory, people, and interests of the United States. Finally, this system includes a routine use to permit sharing with our contractors, consultants, experts, grantees, and others when necessary to fulfill a NHTSA function related to this System. Agencies routinely engage assistance of these types of individuals in the fulfillment of their duties, such as contract support necessary to maintain the database in which these records are housed. NHTSA relies on contract support to maintain this system, and disclosures for this purpose are compatible with the purpose of the collection. System Name and Number: Vehicle Owner Questionnaire System DOT/NHTSA 415. Security Classification: Unclassified, Sensitive. System Location: Records are maintained at the Department of Transportation Headquarters, 1200 New Jersey Ave., Washington, DC 20590, and at the Federal disaster recovery facility in Stennis, MS. System Manager(s): Stephen A. Ridella, Ph.D., Director, Office of Defects Investigation, National Highway Traffic Safety Administration, U.S. Department of Transportation, 1200 New Jersey Avenue SE, Washington, DC 20590, 202-366-4703, ODI_Privacy@dot.gov. Authority for Maintenance of the System: 49 U.S.C. 30116, 30118-22, 30166. Purpose of the System: To assist NHTSA to identify, investigate and ensure that manufactures remedy, through recall, replacement or repair, potential safety defects and failures to comply with FMVSS in motor vehicles and items of motor vehicle equipment. To assist NHTSA to identify, investigate and ensure that manufactures remedy problems with the scope, administration, notification or remedy of a recall. For these purposes, NHTSA routinely retrieves VOQs by name or [[Page 17238]] assigned identifier to contact motor vehicle drivers or owners experiencing safety problems or witnesses and other individuals with information relevant to the agency's investigative or remedial efforts. Categories of Individuals Covered by the System: Owners of motor vehicles and motor vehicle equipment, as well as users of leased motor vehicles and motor vehicle equipment, who have filed, or on whose behalf have been filed VOQs, or who send letters to the agency directly or through their representatives (e.g., advocates, attorneys or Congressmen) concerning motor vehicle safety. Categories of Records in the System: The standard questionnaire format collects information that assists NHTSA to identify and identify potential defects, recall issues, and instances of noncompliance. The information submitted by or on behalf of an individual includes the following: Vehicle identification number (VIN). Make, model and year of relevant vehicle. Part affected. A narrative field that permits the individual to describe in his or her own words what happened. Photographs/supporting documentation. Date of incident. Was there a crash. Was there a fire. Was there an injury or fatality. Speed at time. Number of miles on the vehicle. First and last name. Email address. Street address. Telephone/alt telephone number. Individuals may also submit supporting documentation with a questionnaire or letter. NHTSA does not control the data submitted in these records and it may include personal information. Supporting documentation includes: Repair invoices. Insurance claims. Vehicle crash information. Police accident reports. Photographs and video image recordings of vehicles, parts, bodies or body parts. Record Source Categories: Consumers, to include; vehicle owners, drivers of leased vehicles, and individuals or organizations submitting VOQs to NHTSA on their behalf. Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the information contained in this system may be disclosed outside of DOT as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows: System Specific Routine Uses: 1. To manufacturers prior to the initiation of a formal investigation by the Department, an entire VOQ information to respond to consumer complaints and research the cause of the complaint, except when consumers ``opt out'' of such sharing at the point and time of collection. Information from individuals who submit VOQs by means other than the NHTSA website will be treated as if the individual has opt- out; 2. To manufacturers, after the Agency opens an investigation, to allow them to investigate owner complaints and researching the root cause of the alleged problem; 3. To the National Transportation Safety Board (NTSB) an entire VOQ to support NTSB investigations of surface transportation incidents, highway accidents and incidents, including incidents at railway grade crossings; 4. To the Consumer Product Safety Commission (CPSC) an entire VOQ to support identification of violations and enforcement of consumer product safety laws; 5. To the Federal Trade Commission an entire VOQ in matters involving potential unfair or deceptive trade practices; 6. To the Department of Homeland Security (DHS) if the VOQ is indicative of a cybersecurity vulnerability impacting critical infrastructure; and 7. To members of the public through NHTSA.gov website, information included in the narrative portion of the form questionnaire. Individuals are notified at the time of the VOQ submission that all information provided in the narrative will be made publicly available without edit. Department General Routine Uses: The U.S. Department of Transportation has established general routine uses applicable to all systems maintained by DOT. The following DOT general routine uses apply to this system of records: 1. In the event that a system of records maintained by DOT to carry out its functions indicates a violation or potential violation of law, whether civil, criminal or regulatory in nature, and whether arising by general statute or particular program pursuant thereto, the relevant records in the system of records may be referred, as a routine use, to the appropriate agency, whether Federal, State, local or foreign, charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation, or order issued pursuant thereto. 2a. Routine Use for Disclosure for Use in Litigation. It shall be a routine use of the records in this system of records to disclose them to the Department of Justice or other Federal agency conducting litigation when-- (a) DOT, or any agency thereof, or (b) Any employee of DOT or any agency thereof (including a member of the Coast Guard), in his/her official capacity, or (c) Any employee of DOT or any agency thereof (including a member of the Coast Guard), in his/her individual capacity where the Department of Justice has agreed to represent the employee, or (d) The United States or any agency thereof, where DOT determines that litigation is likely to affect the United States, is a party to litigation or has an interest in such litigation, and the use of such records by the Department of Justice or other Federal agency conducting the litigation is deemed by DOT to be relevant and necessary in the litigation, provided, however, that in each case, DOT determines that disclosure of the records in the litigation is a use of the information contained in the records that is compatible with the purpose for which the records were collected. 2b. Routine Use for Agency Disclosure in Other Proceedings. It shall be a routine use of records in this system to disclose them in proceedings before any court or adjudicative or administrative body before which DOT or any agency thereof, appears, when-- (a) DOT, or any agency thereof, or (b) Any employee of DOT or any agency thereof (including a member of the Coast Guard) in his/her official capacity, or (c) Any employee of DOT or any agency thereof (including a member of the Coast Guard) in his/her individual capacity where DOT has agreed to represent the employee, or (d) The United States or any agency thereof, where DOT determines that the proceeding is likely to affect the United States, is a party to the proceeding or has an interest in such proceeding, and DOT determines that use of such records is relevant and necessary in the proceeding, provided, however, that in each case, DOT determines that [[Page 17239]] disclosure of the records in the proceeding is a use of the information contained in the records that is compatible with the purpose for which the records were collected. 3. One or more records from a system of records may be disclosed routinely to the National Archives and Records Administration in records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906. 4. DOT may disclose records from this system, as a routine use, to appropriate agencies, entities, and persons when (1) DOT suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; (2) DOT has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by DOT or another agency or entity) that rely upon the compromised information; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DOT's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. 5. DOT may disclose records from this system, as a routine use, to the Office of Government Information Services for the purpose of (a) resolving disputes between FOIA requesters and Federal agencies and (b) reviewing agencies' policies, procedures, and compliance in order to recommend policy changes to Congress and the President. 6. DOT may disclose records from this system, as a routine use, to contractors and their agents, experts, consultants, and others performing or working on a contract, service, cooperative agreement, or other assignment for DOT, when necessary to accomplish an agency function related to this system of records. 7. DOT may disclose records from this system, as a routine use, to an agency, organization, or individual for the purpose of performing audit or oversight operations related to this system of records, but only such records as are necessary and relevant to the audit or oversight activity. This routine use does not apply to intra-agency sharing authorized under Section (b)(1) of the Privacy Act. 8. DOT may disclose from this system, as a routine use, records consisting of, or relating to, terrorism information (6 U.S.C. 485(a)(5)), homeland security information (6 U.S.C. 482(f)(1)), or Law enforcement information (Guideline 2 Report attached to White House Memorandum, ``Information Sharing Environment, November 22, 2006) to a Federal, State, local, tribal, territorial, foreign government and/or multinational agency, either in response to its request or upon the initiative of the Component, for purposes of sharing such information as is necessary and relevant for the agencies to detect, prevent, disrupt, preempt, and mitigate the effects of terrorist activities against the territory, people, and interests of the United States of America, as contemplated by the Intelligence Reform and Terrorism Prevention Act of 2004 (Pub. L. 108-458) and Executive Order 13388 (October 25, 2005). Policies and Practices for Storage of Records: Records are maintained in electronic systems and hard copy at DOT Headquarters, 1200 New Jersey Ave. SE, Washington, DC 20590 and at the Federal disaster recovery facility in Stennis, MS. Policies and Practices for Retrieval of Records: NHTSA staff and agents routinely retrieve VOQs by consumer name or personal identifier. Policies and Practices for Retention and Disposal of Records: Pursuant to approved NARA Schedule N1-416-05-003 (Office of Defect Investigation Files), NHTSA: (1) Destroys VOQ information provided by consumers 15 years after receipt; (2) destroys investigation files, including any VOQs in the files, 15 years after the date of the resolution of an investigation when the investigation did not lead to a court decision; and (3) retains on a permanent basis investigation files, including any VOQs in the files, when an investigation leads to a court decision, but transfers legal custody of the files to NARA after 15 years. Original hard copy records collected from consumers and others are scanned into ARTEMIS and then destroyed. Administrative, Technical and Physical Safeguards: The VOQ system is protected by a multi-layer security approach to prevent unauthorized access to personally identifiable information through appropriate administrative, physical, and technical safeguards. Protective strategies include: Implementing physical access controls at DOT facilities; ensuring confidentiality of communications using tools such as encryption, authentication of sending parties, and compartmentalizing databases; and employing auditing software and personnel screening to ensure that all personnel with access to data are screened through background investigations commensurate with the level of access required to perform their duties. Records maintained in hard copy are stored in locked file cabinets until they can be scanned and uploaded to ARTEMIS and subsequently destroyed. Record Access Procedures: An individual wishing to gain access to any record pertaining to him or her in the system should send his or her name, address, telephone number, and a description of the record(s) sought to the U.S. Department of Transportation, Privacy Act Officer, Office of the Chief Information Officer, 1200 New Jersey Avenue SE, Washington, DC 20590. Contesting Record Procedures: An individual seeking to contest information contained in a record pertaining to him or her in this system should address written inquiries to the U.S. Department of Transportation, Privacy Act Officer, Office of the Chief Information Officer, 1200 New Jersey Avenue SE, Washington, DC 20590. Inquiries should include name, address, telephone number, and a description of the record and information being contested. Notification Procedures: An individual seeking to determine whether a record pertaining to him or her is contained in this system should address written inquiries to the U.S. Department of Transportation, Privacy Act Officer, Office of the Chief Information Officer, 1200 New Jersey Avenue SE, Washington, DC 20590. Inquiries should include name, address, telephone number, and identify the system that is the subject of the inquiry. Exemptions Promulgated for the System: None. History: The last full Federal Register Notice pertaining to this system that contained all SORN elements was published on September 3, 2004 (69 FR 53971-53972). Issued in Washington, DC on April 18, 2019. Claire W. Barrett, Departmental Chief Privacy Officer, Department of Transportation. [FR Doc. 2019-08171 Filed 4-23-19; 8:45 am] BILLING CODE 4910-9X-P