Federal Register, Volume 74 Issue 174 (Thursday, September 10, 2009)

[Federal Register Volume 74, Number 174 (Thursday, September 10, 2009)]
[Notices]
[Pages 46655-46658]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E9-21802]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

National Highway Traffic Safety Administration


Privacy Act of 1974; System of Records Notice

AGENCY: National Highway Traffic Safety Administration (NHTSA), 
Department of Transportation (DOT).

ACTION: Notice to alter a Privacy Act system of records.

-----------------------------------------------------------------------

SUMMARY: NHTSA is republishing the Privacy Act system of records notice 
(SORN) for the Consumer Assistance to Recycle and Save program (CARS 
program) database system replacing the previously published SORN of 
July 27, 2009 in order to: (1) Expand the routine uses of records 
maintained in the system to include sharing complaint records with 
State Attorneys General and the National Association of Attorneys 
General (NAAG), for purposes of investigating and prosecuting criminal 
violations, including fraud associated with the CARS program, and (2) 
update the system location, storage and retrievability sections of the 
SORN to reflect the use of word-searchable electronic files (i.e., 
Excel spreadsheets) to store complaint information, including that to 
be shared with the State Attorneys General and NAAG. These changes are 
more thoroughly detailed below and in the accompanying updated Privacy 
Impact Assessment (PIA) that may be found on the DOT Privacy Web site 
at http://www.dot.gov/privacy.

DATES: Effective September 10, 2009. The CARS Program is a temporary 
program covering eligible automobile purchases/leases occurring between 
July 1, 2009 and November 1, 2009. The Consumer Assistance to Recycle 
and Save Act of 2009 (the CARS Act), which authorized the CARS Program, 
requires the Secretary of Transportation, acting through NHTSA, to take 
steps to identify, prevent and penalize fraud associated with the 
Program. Since the inception of the CARS Program, NHTSA has received a 
substantial number of complaints from consumers located nation-wide, 
including time-sensitive complaints of dealer misconduct associated 
with the conduct of the Program. In order for these consumer complaints 
to be investigated and resolved in a timely manner (i.e., while the 
CARS Program remains operational and before the complaints become 
moot), NHTSA has sought the assistance of State Attorneys General. For 
this reason, NHTSA must begin sharing consumer complaint information, 
including personally identifiable information (PII) of consumers, with 
State Attorneys General and NAAG prior to completion of a 30-day public 
notice and comment period under this SORN. NHTSA nonetheless seeks and 
will accept public comment on this SORN for a 30 day period. Because 
our ability to consider comments received may be limited, we encourage 
the earliest possible submission of comments. If feasible, we may 
publish a further alteration to this SORN in light of any comments 
received.

ADDRESSES: Send comments to Dee Smith, NHTSA Privacy Officer, NHTSA 
Office of the CIO, NPO-420, U.S. Department of Transportation, 1200 New 
Jersey Avenue, SE., Washington, DC 20590 or [email protected].

FOR FURTHER INFORMATION CONTACT: For privacy issues please contact: Dee 
Smith, NHTSA Privacy Officer, NHTSA Office of the CIO, NPO-420, U.S. 
Department of Transportation, 1200 New Jersey Avenue, SE., Washington, 
DC 20590 or [email protected].

SUPPLEMENTARY INFORMATION:

I. CARS Program

    On June 24, 2009, the President signed into law the Consumer 
Assistance to Recycle and Save Act of 2009 (the CARS Act) (Pub. L. 111-
32). The Act establishes, within DOT's National Highway Traffic Safety 
Administration (NHTSA), a temporary program under which an owner of a 
motor vehicle meeting statutorily specified criteria may trade in the 
vehicle and receive a monetary credit from the dealer toward the 
purchase or lease of a new motor vehicle meeting statutorily specified 
criteria (the CARS Program or Program).
    The Program covers qualifying transactions that occur between July 
1, 2009 and November 1, 2009. If all of the conditions of eligibility 
are met and the dealer provides NHTSA with sufficient documentation 
relating to the transaction, NHTSA will make an electronic payment to 
the dealer equal

[[Page 46656]]

to the amount of the credit extended by the dealer to the consumer, not 
exceeding the statutorily authorized amount. The dealer must agree to 
transfer the trade-in vehicle to a salvage auction or disposal facility 
that will crush or shred it so that it will never be returned to the 
road, although parts of the vehicle other than the engine block may be 
sold prior to disposal.
    Under the Program, NHTSA must collect a variety of information from 
individuals and entities about qualifying transactions. Vehicle 
manufacturers must provide data about vehicles and authorized dealers. 
Dealers must provide information about their business operations and 
individual financial transactions. Salvage auctions and disposal 
facilities may be required to provide comparable data about their 
business operations and information confirming the sale or destruction 
of trade-in vehicles. This information is required to ensure compliance 
with the terms of the CARS Act--specifically, to verify that purchasing 
consumers, new and trade-in vehicles, dealers, salvage auctions and 
disposal facilities are eligible to participate in the Program; to 
identify, prevent and penalize fraud; and to confirm appropriate 
disposal of the trade-in vehicles. Participating car buyers also will 
be asked to complete a survey about the Program for use in reporting to 
Congress on the efficacy of the Program, as mandated by the CARS Act. 
Surveys will be voluntary and anonymous. Additionally, under the Act, 
NHTSA is required to coordinate with the U.S. Department of Justice 
(DOJ) to ensure that the National Motor Vehicle Title Information 
System (NMVTIS) (which is administrated by the American Association of 
Motor Vehicle Administrators (AAMVA)) is updated appropriately to 
reflect the disposal of vehicles traded in under the CARS Program.

II. CARS Database System

    In order to support the CARS Program, NHTSA will utilize one or 
more secure databases (i.e., the CARS Database System) to collect, 
process and store information about eligible transactions and about car 
purchasers/lessees, dealers, salvage auctions and disposal facilities 
participating in the CARS Program. This information will include 
Personally Identifiable Information (PII), including financial 
transaction information of individual car purchasers/lessees, and may 
include PII about a limited number of salvage auctions and disposal 
facilities participating in the program, which in some States may be 
operated by individuals (sole proprietors).

III. The Privacy Act

    The Privacy Act (5 U.S.C. 552a) governs the means by which the 
United States Government collects, maintains, and uses PII in a system 
of records. A ``system of records'' is a group of any records under the 
control of a Federal agency from which information about individuals is 
retrieved by name or other personal identifier.
    The Privacy Act requires each agency to publish in the Federal 
Register a notice (SORN) identifying and describing each system of 
records the agency maintains, including the purposes for which the 
agency uses PII in the system, the routine uses for which the agency 
discloses such information outside the agency, and how individual 
record subjects can exercise their rights under the Privacy Act (e.g., 
to determine if the system contains information about them).

IV. Privacy Impact Assessment

    NHTSA is publishing an updated Privacy Impact Assessment (PIA) to 
coincide with the expansion of the SORN.
    In accordance with 5 U.S.C. 552a(r), a report on the alteration of 
this existing system of records has been sent to Congress and to the 
Office of Management and Budget.
SYSTEM NUMBER:
    DOT/NHTSA 464.

SYSTEM NAME:
    CARS Database System.

SECURITY CLASSIFICATION:
    Sensitive, unclassified.

SYSTEM LOCATION:
    Servers: The Servers hosting the CARS Database System are housed in 
a contractor-owned facility at Oracle On Demand in Austin, Texas.
    Portals: This system is accessed via portals located at:
     Registered, participating new car dealers via the Internet 
at http://www.cars.gov.
     NHTSA Headquarters, located at 1200 New Jersey Avenue, and 
in various of NHTSA's regional offices and at other off-site locations 
used in connection with CARS Program.
     The off-site facilities of NHTSA and DOT Contractors.
    Authorized users at NHTSA Headquarters access their records in the 
CARS Database System via the DOT Intranet. Authorized users at the 
NHTSA portal locations and at the contractor portal locations access 
their records in the CARS Database System via the Internet at http://www.cars.gov.
    Some system software is maintained by Oracle On Demand in Austin, 
Texas. The CARS Database System interfaces with participating new car 
dealers, and with other DOT systems used to pay the dealers, through 
that system software, as well as other software maintained by the 
Federal Aviation Administration's Enterprise Services Center (ESC) at 
the Mike Monroney Aeronautical Center, Oklahoma City, OK.
    Any electronic or hard-copy files containing CARS-related records 
will be maintained at the pertinent NHTSA, DOT or Contractor portal 
locations.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The system covers the following individuals:
     Individual buyers/lessees of new cars participating in the 
CARS program.
     Sole proprietors of salvage auctions and automobile 
disposal facilities participating in the CARS program.

CATEGORIES OF RECORDS IN THE SYSTEM:
     Records about individual car buyers/lessees participating 
in the CARS Program consist of transaction records containing the 
following PII data elements: name and address of the purchaser/lessee; 
the purchaser/lessee's State driver's license number or other State 
identification number; the State driver's license number or other State 
identification number of the co-purchaser/lessee (if any), as listed in 
the title; and the Vehicle Identification Number (VIN) of the trade-in 
vehicle and the VIN of the new vehicle. Depending on the State and 
content of the sales contract, PII also may be found on the following 
documents required to be scanned by dealers and entered into the 
system: Document of title of trade-in vehicle (or, in certain States, 
documentation of paperless title), proof of insurance for trade-in 
vehicle (cards or letter from insurer), trade-in registration, sales 
summary sheet, and salvage certificate.
     Records about any sole proprietors of salvage auctions and 
disposal facilities participating in the CARS Program consist of 
business operation records that may include the following PII elements: 
Name, home address, telephone number and email address, to the extent 
that such individuals operate their businesses out of their homes.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Public Law 111-32, 123 Stat. 1859.

PURPOSE(S):
    The purpose for collecting records in the CARS Database System is 
to implement the CARS Program and

[[Page 46657]]

ensure compliance with the terms of the CARS Act. Specifically:
     NHTSA personnel and contractors use the information that 
each car dealer enters into the CARS database to verify that 
purchasing/leasing consumers, new and trade-in vehicles, dealers, 
salvage auctions and disposal facilities are eligible to participate in 
the Program.
     NHTSA personnel and contractors use information entered 
into the system to determine if individual transactions satisfy CARS 
program requirements.
     NHTSA personnel and contractors use the system to send 
information about eligible transaction to a DOT financial management 
system to process vouchers and cause dealers to be paid by DOT/NHTSA 
for eligible transactions.
     Both to establish eligibility and for audit purposes, 
NHTSA compares dealer-entered information in the CARS Database System 
to purchaser/lessee and transactional information already within the 
system.
     NHTSA personnel and contractors and the DOT Inspector 
General may use information about individual transactions, purchasers/
lessees, dealers, salvage auctions and disposal facilities 
participating in the CARS Program to prevent, identify and investigate 
program violations and fraud.
     NHTSA personnel and contractors will use survey data 
provided by purchasers/lessees to report to Congress on the efficacy of 
the Program.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    The CARS Database System shares PII about individual purchasers/
leasees and their new and trade-in vehicles, and about any sole 
proprietors of salvage auctions and automobile disposal facilities, as 
follows:
     NHTSA personnel and contractors will use VINs from the 
system to update DOJ's NMVTIS database, as required by the CARS Act.
     NHTSA personnel and contractors, as well as the DOT 
Inspector General, may provide to the U.S. Department of Justice, State 
Attorneys General and the National Association of Attorneys General 
(NAAG) information about certain transactions, including PII about 
individual purchasers/lessees and any sole proprietors of salvage 
auctions and disposal facilities participating in the CARS Program, for 
purposes of investigating complaints and investigating and prosecuting 
criminal violations, including fraud.
     NHTSA personnel and contractors will provide to States 
lists of VINs of trade-in vehicles for which they issued car titles, 
for purposes of cancelling the car titles.
     Salvage auctions and disposal facilities receive the VIN 
and voucher transaction code for each trade-in car sent to them for 
sale or destruction. They include the VIN and code on a certificate 
that they return to DOT/NHTSA.
    Other possible routine uses of the information, applicable to all 
DOT systems, are published in the Federal Register at 65 FR 19476 
(April 11, 2000), under ``Prefatory Statement of General Routine Uses'' 
(available at http://www.dot.gov/privacy/privacyactnotices/).

DISCLOSURE TO CONSUMER REPORTING AGENCIES:
    None.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM--
STORAGE:
    Records are stored in databases, on magnetic tape, on magnetic disk 
and in secure electronic and hard-copy files at DOT, NHTSA and 
contractor portal locations, as required. The databases are on servers; 
the data is typically stored on a Storage Area Network (SAN) and 
backed-up on tape stored in Oklahoma City, Oklahoma, Kansas City, 
Kansas and Austin, Texas. Magnetic tape and disk records are maintained 
at the central maintenance site in Oklahoma City, at the disaster 
recovery site in Kansas City, and at the remote hosting site in Austin. 
Storage of electronic or hard-copy file folders is at the geographic 
location of the pertinent portal location.

RETRIEVABILITY:
    Records related to individual purchasing/leasing consumers 
participating in the CARS program are retrieved by State identification 
number (ID). This will be either a State driver's license and/or 
another form of State ID (i.e., driver's permit or standard ID). 
Complaint records relating to consumers participating in the CARS 
program also may be retrieved from electronic files (i.e., Excel 
spreadsheets) by word searches.
    Records related to any sole proprietors of automobile disposal 
facilities are retrieved through the use of a unique number given to 
the proprietors through the Environmental Protection Agency (EPA). The 
EPA number will be listed on the http://www.cars.gov Web site for 
disposal facilities that are authorized to receive CARS vehicles.

SAFEGUARDS:
    Access to records in the CARS Database system will be limited to 
NHTSA personnel and contractors through password security, encryption, 
firewalls, and secured operating system, except for bank account 
information and a limited amount of eligible transaction information 
which will be encrypted and sent securely to DOT's financial management 
system for purposes of effecting payments to participating dealers for 
eligible transactions.
    Registered dealers entering data into the system will be able to 
access only records relating to transactions initiated by the same 
dealer--and not records relating to other transactions entered into the 
system.
    Any electronic or hard copies of CARS-related records containing 
PII at DOT, NHTSA and contractor portal locations will be kept in 
secure electronic files or in hard-copy file folders locked in secure 
file cabinets during non-duty hours.

RETENTION AND DISPOSAL:
    Under the CARS Final Rule, records created under the CARS program 
will be kept for 5 years. Records that are needed longer, such as to 
resolve claims and audit exceptions and prosecute fraud, will be 
retained until such matters are resolved.
    The records may be moved at a future date to one or more different 
locations in response to the operational needs of DOT, NHTSA, the CARS 
Program or DOT/NHTSA contractors.

SYSTEM MANAGER AND ADDRESS:
    The CARS Database System Manager (NPO-400), Office of the Chief 
Information Officer, NHTSA, 1200 New Jersey Avenue, SE., Washington, DC 
20590.

NOTIFICATION PROCEDURE:
    Individuals or business entities wishing to know if their records 
appear in this system should direct their requests to the System 
Manager identified above.

RECORD ACCESS PROCEDURE:
    Individuals seeking access to information about them in this system 
should follow the same procedure as indicated under ``Notification 
Procedure.''

CONTESTING RECORDS PROCEDURE:
    Individuals seeking to contest the content of information about 
them in this system should follow the same procedure as indicated under 
``Notification Procedure.''

[[Page 46658]]

RECORD SOURCE CATEGORIES:
    Transaction information pertaining to individual purchasers/lessees 
is obtained by car dealers, on behalf of NHTSA, directly from the 
individuals, from source documents the individuals provide (some of 
which are scanned into the database by the dealer), and/or directly 
from their new and trade-in cars. Dealers scan and/or enter the 
information into the CARS database and manually compare the information 
to the source documents or systems to verify its accuracy. NHTSA 
personnel and contractors then review the records to ensure accuracy 
prior to assessing the eligibility of individual transactions.
    Business operations information about any sole proprietor salvage 
auctions and disposal facilities is obtained directly from the 
proprietors.
    Consumer complaint information is obtained by DOT/NHTSA employees 
or contractors directly from consumers, including through NHTSA's CARS 
Hotline.

EXEMPTIONS CLAIMED FOR THIS SYSTEM:
    None.

    Dated: September 3, 2009.
Habib Azarsina,
Departmental Privacy Officer.
[FR Doc. E9-21802 Filed 9-9-09; 8:45 am]
BILLING CODE 4910-9X-P