[Federal Register Volume 71, Number 85 (Wednesday, May 3, 2006)]
[Notices]
[Pages 26167-26168]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E6-6510]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Office of the Secretary


Privacy Act of 1974: System of Records

AGENCY: Department of Transportation (DOT), Office of the Secretary.

ACTION: DOT intends to establish a system of records under the Privacy 
Act of 1974.

-----------------------------------------------------------------------

SUMMARY: The Privacy Act of 1974, as amended, 5 U.S.C. 552a, requires 
that agencies that maintain a system of records publish a notice in the 
Federal Register of the existence and character of the system. In 
accordance with the Privacy Act, DOT is giving notice of a system of 
records to enhance its ability to manage information sharing and 
employee access to various information systems of its Federal Highway 
Administration (FHWA).

DATES: Effective Date: This notice will be effective, without further 
notice, on June 12, 2006, unless modified by a subsequent notice to 
incorporate comments received from the public. Comments must be 
received by June 2, 2006 to be assured consideration.

ADDRESSES: Send comments to James Kabel, Privacy Officer, Department of 
Transportation, Federal Highway Administration, 400 7th Street, SW., 
Room 4428, Washington, DC 20590 or [email protected].

FOR FURTHER INFORMATION CONTACT: Cheryl Ledbetter, Department of 
Transportation, Federal Highway Administration, HAIM-42, 400 7th 
Street, SW., Washington, DC 20590, (202) 366-9030 (voice), (202) 366-
9030 (fax), or [email protected].

SUPPLEMENTARY INFORMATION: DOT intends to establish a system of records 
that will enable the FHWA to adequately monitor and identify possible 
unauthorized access incidents or security breaches of FHWA's electronic 
systems.
DOT/FHWA 219

System name:
    User Profile and Access Control System (UPACS).

Security classification:
    Sensitive, Unclassified.

System location:
    This system is located in the Federal Highway Administration 
(FHWA), Office of Information and Management Services, 400 7th Street 
SW., Room 4331, Washington, DC 20590.

Categories of individuals covered by the system of records:
    Employees and contractors of DOT's FHWA and Federal Motor Carrier 
Safety Administration, State DOT employees and contractors who require 
access to UPACS for their job duties, as well as other external users 
with specific needs.

[[Page 26168]]

Categories of records in the system:
    This system of records may include user's general profile 
information that identifies the user, i.e., name, work address, work 
email address, and the full Social Security Number for FHWA employees, 
user's application rights records, State, organization and routing 
symbol records, application information, log and session records and 
user-base review records.

Authority for maintenance of the system:
    Federal Managers Financial Integrity Act of 1982 as codified in 31 
U.S.C. 3512.

Purposes:
    The User Profile and Access Control System (UPACS) is the security 
control system that manages user authentication and associated access 
rights for individuals needing entry into any of FHWA's applications.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    (1) Respond to user complaints; (2) reply to user feedback 
comments; (3) manage access to restricted applications; (4) manage 
access rights to information within an application; (5) provide 
information to any person(s) authorized to assist in an approved 
investigation of improper access or usage of FHWA computer systems; (6) 
provide access to other government agencies when required by law; and 
(7) fulfill requests for reports and other similar information. These 
reports would be generated for auditing purposes and consist of the 
following information (any combination thereof): user account approvals 
and removals, account transfers, failed login attempts, locked 
passwords and PINs, all resets of passwords and PINs, after-hour 
activity, a user's successful or unsuccessful access and what FHWA 
application the user has accessed. See also the Prefatory Statement of 
General Routine Uses.

Disclosure to consumer reporting agencies:
    None.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    All UPACS data is stored on a secure FHWA server. Database tables 
are setup to detect unauthorized access. FHWA employees and contractors 
who have access to UPACS information must protect sensitive FHWA data 
residing on any media, such as tapes, disks, and printouts. UPACS 
information is provided to only those who have a need to know and 
access to the information is controlled by the user's level of access 
rights.

Retrievability:
    These records of access may be retrieved by a user's name or Social 
Security Number.

Safeguards:
    Access to the system of records is restricted to authorized users.
    Each user is granted access with his or her user name and security 
password. The user privileges of each user are based on his or her 
assigned access rights. User access to sensitive data is granted only 
to limited individuals with the approval of FHWA management.

Retention and disposal:
    The records in this system of records are retained and disposed of 
in accordance with the approved records disposition schedules in FHWA 
Order M 1324.1A, Files Management and Records Disposition Manual.

System manager and address:
    Director, Office of Information and Management Services, Federal 
Highway Administration, 400 7th Street, SW., Room 4423, Washington, DC 
20590.

Notification procedure:
    Write to the System Manager.

Record access procedures:
    Write to the System Manager. Provide full name and a description of 
the information that you seek, including the time frame during which 
the records may have been generated. Individuals requesting access must 
comply with the Department of Transportation's Privacy Act regulations 
on verification of identity (49 CFR 10.37).

Contesting record procedures:
    Write to the System Manager. Identify the information being 
contested, the reason for contesting it, and the correction being 
requested. Individuals requesting access must comply with the 
Department of Transportation's Privacy Act regulations on verification 
of identity (49 CFR 10.37).

Record source categories:
    Information contained in this system is obtained from users when 
they register for or change UPACS profile information and when they 
access different applications through UPACS.

Exemptions claimed for the system:
    None.

OMB Control Number:
    None.

Kara Spooner,
Departmental Privacy Officer.
 [FR Doc. E6-6510 Filed 5-2-06; 8:45 am]
BILLING CODE 4910-22-P