[Federal Register Volume 67, Number 194 (Monday, October 7, 2002)]
[Notices]
[Pages 62511-62512]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 02-25412]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Office of the Secretary


Privacy Act of 1974: System of Records

AGENCY: Office of the Secretary, DOT.

ACTION: Notice to amend a system of records.

-----------------------------------------------------------------------

SUMMARY: DOT intends to amend a system of record under the Privacy Act 
of 1974.

EFFECTIVE DATE: November 18, 2002. If no comments are received, the 
proposal will become effective on the above date. If comments are 
received, the comments will be considered and, where adopted, the 
documents will be republished with changes.

FOR FURTHER INFORMATION CONTACT: Yvonne L. Coates, Department of 
Transportation, Office of the Secretary, 400 7th Street, SW., 
Washington, DC 20590, (202) 366-6964 (telephone), (202) 366-7024 (fax), 
[email protected] (Internet address).

SUPPLEMENTARY INFORMATION: The Department of Transportation system of 
records notice subject to the Privacy Act of 1974 (5 U.S.C. 552a), as 
amended, has been published in the Federal Register and is available 
from the above mentioned address.
DOT/ALL 9

System name:
    Identification Media Record Systems.

Security classification:
    Unclassified, sensitive.

System location:
    The system is located in the:
    a. Office of Security and Administrative Management, M-40, 400 7th 
Street, SW., Washington, DC 20590; (for Office of the Secretary of 
Transportation and all DOT Agencies other than those listed below).
    b. Commandant, United States Coast Guard Headquarters, G-O, 
Washington, DC 20593 and District and Area Offices.
    c. Federal Aviation Administration, Office of Security and 
Investigations, 800 Independence Avenue, SW., Washington, DC 20591; and 
all FAA Regional Offices and Centers.
    d. Federal Highway Administration, Operations and Services 
Divisions, 400 7th Street, SW., Washington, DC 20590, and all FHWA 
Regional Offices.
    e. Transportation Security Administration, 400 7th Street, SW., 
Washington, DC 20590, and Federal Security Directors at various 
airports.

Categories of individuals covered by the system of records:
    Present and former employees, contractor employees, consultants, 
and other individuals or personnel that require access to DOT 
facilities, information, resources or information-based systems in any 
element of DOT.

Categories of records in the system:
    Applications, photographs, receipts for DOT identification and 
verification media and official credentials, temporary building passes, 
security badges, security clearance level and type, date of clearance, 
clearance basis, entry on duty information, current duty assignment 
information, routing symbols, limited relevant portions of the 
background investigation date of background investigation, 
investigating agency and follow-up investigation data, date of birth, 
social security number, position title and position sensitivity, 
assignment to sensitive duty positions, facility access, gender, 
designations, automated information systems access designations, 
records of access authorizations granted, biometric data (fingerprint 
or other biometric data as determined by current standards), PKI 
certificates and encryption information, digital signature codes and 
verification data, personal information number (pin)/identification and 
verification media password, or identification record number and 
expiration date, applications for other identification needed for 
official duties, and other fields as dictated by the Governmental 
SmartCard Interoperability Standard.

Authority for maintenance of the system:
    5 U.S.C. 301; 49 U.S.C. 322; 49 U.S.C. 114(d); 49 U.S.C. 106(f)(2); 
49 U.S.C. 40122.

Purpose(s):
    [sbull] To control access to DOT facilities, information or 
information-based systems by authenticating the identity of each person 
using the system; the system will not be used to monitor or track 
individuals or their usage habits.
    [sbull] To provide a ready concentration of employee personal data 
to facilitate issuance, accountability, and recovery of required 
identification media issued to employees, contractor employees, 
consultants, and other individuals or personnel who require access to 
DOT facilities, information or information-based systems in the 
performance of their duties.
    [sbull] To provide for universal and positive verification and 
control for DOT employees, contractor employees, consultants, and other 
individuals or personnel needed to perform their official duties.
    [sbull] To control and account for DOT identification and 
verification media, credentials, and security badges issued to DOT 
employees, former employees, contractors, and other individuals who 
require access to DOT facilities and information or information-based 
systems in the performance of their DOT or other official duties.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    [sbull] Records may be disclosed to contractors for the limited 
purpose of assisting the Department or one of its elements in issuing, 
controlling and accounting for DOT identification and

[[Page 62512]]

verification media, credentials and security badges and maintaining 
associated databases.
    [sbull] Records may be disclosed to Departmental contractors 
concerning their own current and former employees to facilitate the 
control and accountability of DOT identification and verification 
media, credential and security badges issued to contract employees.
    [sbull] See Prefatory Statement of General Routine Uses.

Disclosure to consumer reporting agencies:
    None.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    The records are maintained in an electronic database and may be on 
computer disks/chips, magnetic tape, and paper forms in file folders. 
The items of information set forth in the category of records section 
may be contained on an electronic computer chip or other media imbedded 
on the identification and verification medium of each employee, 
contractor, or other individual to whom the identification and 
verification media is issued.

Retrievability:
    Retrieval from the system is by name, social security number, date 
of birth, security clearance level, date of investigation, type of 
investigation, identification and verification media or record number, 
digital certificates, duty position location (POD), identification and 
verification media expiration or issue date, other fields as included 
in the Governmental SmartCard Interoperability Standard, or other 
category of records and can be accessed only by authorized individuals.

Safeguards:
    Computers provide privacy and access limitations to records by 
requiring a user name and password match or equivalent safeguards such 
as biometrics and public key infrastructure (PKI) technology. Access to 
decentralized segments is similarly controlled. Only those personnel 
with a need to have access to the system are given user names and 
passwords or equivalent technology. Data are manually and/or 
electronically stored in a locked room with limited access.
    The protection of the data/information and of the identification 
and verification media complies with NIST Standards; at no time will 
any data/information be placed on the media in a manner less secure 
than its original source.

Retention and disposal:
    Hard copy of information including applications, photographs and 
identification media is destroyed immediately upon termination of 
employment and/or expiration of surrendered ID media. Inactive 
electronic records pertaining to applications, photographs, and 
identification media is removed from the video ID system monthly. The 
following schedules apply: General Records Schedule (GRS) 11, item 4, 
Space and Maintenance Records; and GRS 20, item 3a, Electronic Records.

System manager(s) and address:
    a. Office of Security and Administrative Management, M-40, 
Department of Transportation, 400 7th Street, SW., Washington, DC 20590 
(for OST and all DOT agencies other than those listed below).
    b. Commandant, G-O United States Coast Guard, Washington, DC 20593.
    c. Director of Security and Investigations, Federal Aviation 
Administration, 800 Independence Avenue, SW., Washington, DC 20591.
    d. Chief, Operations and Services Division, Federal Highway 
Administration, 400 7th Street, SW., Washington, DC 20590.

Notification procedure:
    Same as System Manager. Correspondence contesting records must 
include the full name and social security number of the individual 
concerned and documentation justifying the claim.

Record access procedures:
    Same as Notification procedure.

Contesting record procedures:
    Same as Notification procedure.

Record source categories:
    Individuals about whom the record is maintained, automated 
personnel systems maintained by DOT or any of its elements, and 
background and clearance investigation systems of records maintained by 
the DOT or any of its elements.

Exemptions claimed for the system:
    None.

    Dated: September 30, 2002.
Yvonne L. Coates,
Privacy Act Coordinator.
[FR Doc. 02-25412 Filed 10-4-02; 8:45 am]
BILLING CODE 4910-62-P