[Federal Register Volume 77, Number 139 (Thursday, July 19, 2012)]
[Notices]
[Pages 42548-42552]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2012-17597]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Federal Motor Carrier Safety Administration

[Docket No. FMCSA-2012-0243]


Privacy Act of 1974; Department of Transportation, Federal Motor 
Carrier Safety Administration (FMCSA) 007 Pre-Employment Screening 
Program

AGENCY: Federal Motor Carrier Safety Administration (FMCSA) Department 
of Transportation (DOT).

ACTION: Notice to amend a system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
Transportation proposes to update and reissue a Department of 
Transportation system of records notice titled Department of 
Transportation/Federal Motor Carrier Safety Administration--007 Pre-
Employment Screening Program. The updated system of records consists of 
information that is created and used by the Department's Pre-Employment 
Screening program to provide commercial drivers and persons conducting 
pre-employment screening services for the motor carrier industry 
electronic access to driver history reports extracted from the 
Department's Motor Carrier Management Information System (MCMIS).
    As a result of biennial review of this system, the Privacy Office 
has made the five major modifications to the systems of records. The 
category of records identified as ``Financial Transaction Records'' in 
the previously published System of Records Notice for this system has 
been removed as the Department does not maintain these records. The 
``Access Transaction Records'' record category also has been revised to 
clarify the types of information maintained about the two categories of 
users permitted to request access to records for the purposes of pre-
employment screening. The routine uses have been updated to clarify 
disclosure of Pre-Employment Screening Program (PSP) records to 
industry service providers directly involved in the hiring of 
commercial motor vehicle (CMV) drivers on behalf of motor carriers and/
or CMV drivers and the routine use concerning the sharing of CMV driver 
access transaction records with Validation Authorities (e.g. Lexis-
Nexis). The system owner information has been modified to omit the 
contact information for the MCMIS and Freedom of Information Act 
systems of records and, instead, include only contact information for 
the PSP system

[[Page 42549]]

of records. Additionally, this Notice includes non-substantive changes 
to simplify the formatting and text of the previously published Notice. 
This updated system will be included in the Department of 
Transportation's inventory of record systems.

DATES: Effective August 21, 2012. Written comments should be submitted 
on or before the effective date. If no comments are received, the 
proposal will become effective on the above date. If comments are 
received, the comments will be considered and, where adopted, the 
documents will be republished with changes.

ADDRESSES: You may submit comments, identified by Docket No. FMCSA-
2012-0243 by one of the following methods:
    [squf] Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
    [squf] Mail: Department of Transportation Docket Management, Room 
W12-140, 1200 New Jersey Ave. SE. Washington, DC 20590.
    [squf] Instructions: All submissions received must include the 
agency name and docket number for this rulemaking. All comments 
received will be posted without change to www.regulations.gov, 
including any personal information provided.
    [squf] Docket: For access to the docket to read background 
documents or comments received go to www.regulations.gov. Follow the 
online instructions for accessing the docket.
    [squf] Fax: 202-493-2251. Instructions: You must include the agency 
name and Docket Number FMCSA-2012-0243. All comments received will be 
posted without change to http://www.regulations.gov, including any 
personal information provided.
    Privacy Act: Anyone is able to search the electronic form of all 
comments received in any of our dockets by the name of the individual 
submitting the comment (or signing the comment, if submitted on behalf 
of an association, business, labor union, etc.). You may review DOT's 
Privacy Act notice in the Federal Register published on January 17, 
2008 (73 FR 3316-3317), or you may visit www.dot.gov/privacy.
    Docket: For access to the docket to read background documents or 
comments received, go to http://www.regulations.gov or to the street 
address listed above. Follow the online instructions for accessing the 
docket.

FOR FURTHER INFORMATION CONTACT: For general questions, please contact: 
Arlene Thompson, (202) 366-2094, [email protected]. For privacy 
issues please contact: Claire W. Barrett, Departmental Chief Privacy 
Officer, Privacy Office, Department of Transportation, Washington, DC 
20590; [email protected]; or (202) 527-3284.

SUPPLEMENTARY INFORMATION: In accordance with the Privacy Act of 1974, 
the Department of Transportation (DOT)/Federal Motor Carrier 
Administration (FMCSA or Administration) proposes to update and reissue 
a current DOT system of records notice titled, ``Department of 
Transportation/Federal Motor Carrier Safety Administration--007 Pre-
Employment Screening Program.'' The FMCSA's primary mission is to 
prevent commercial motor vehicle-related fatalities and injuries. The 
FMCSA contributes to safe motor carrier operations through strong 
enforcement of safety regulations; targeting high-risk carriers and 
commercial motor vehicle drivers; improving safety information systems 
and commercial motor vehicle technologies; strengthening commercial 
motor vehicle equipment and operating standards; and increasing safety 
awareness. To accomplish these activities, the FMCSA works with 
Federal, State, and local enforcement agencies, the motor carrier 
industry, labor safety interest groups, and others.
    This system of records is used to satisfy requirements mandated by 
Congress in the Safe, Accountable, Flexible, Efficient Transportation 
Equity Act: A Legacy for Users, 49 U.S.C. 31150, Public Law 109-59, 
Section 4117. FMCSA believes that making this driver data available to 
potential employers and operator-applicants will improve the quality of 
safety data and help employers make more informed decisions when hiring 
commercial drivers. The PSP is a screening tool that allows motor 
carriers and individual drivers to purchase driving records from the 
FMCSA MCMIS system. A record purchased through PSP contains the most 
recent five years of crash data and the most recent three years of 
roadside inspection data, including serious safety violations for an 
individual driver. The record displays a snapshot in time, based on the 
most recent MCMIS data extract loaded into the PSP system.
    This SORN makes four primary changes to the existing system of 
records. It removes an existing category of records, clarifies the 
information maintained in the ``Access Transaction Records,'' adds a 
new routine use, and clarifies an existing routine use. The category of 
records has been revised to exclude the category of ``Financial 
Transaction Records'' as this information is maintained exclusively by 
DOT's PSP Service Provider and these records are not considered federal 
records under the stewardship of the DOT. The ``Access Transaction 
Records'' record category was revised to clarify that information is 
maintained on the two categories of users permitted to request access 
to records for the purposes of pre-employment screening. In addition to 
transactions initiated by motor carriers, the record will include 
information on transactions initiated by industry service providers as 
authorized by the routine use added as part of this system of records 
notice. The category of records more clearly states the information 
maintained on requests initiated by operator-applicant requesting his 
or her own PSP record. This information establishes a record of account 
access to ensure that operator-applicants only access their own 
information. These changes have been made to more clearly reflect 
existing FMCSA processes and do not introduce changes in actual 
operations.
    The routine uses have been updated to permit disclosure of PSP 
records to industry service providers directly involved in the hiring 
of commercial motor vehicle (CMV) drivers on behalf of motor carriers 
and/or CMV drivers. This change reflects motor carrier business models 
which may include the use of industry service providers to directly 
hire commercial motor vehicle drivers on behalf of motor carriers. 
Additionally, the routine use concerning the sharing of CMV driver 
Access Transaction Records with Validation Authorities (e.g. Lexis-
Nexis) was clarified by removing information incorrectly included in 
the routine use that should be discussed in the Notice's categories of 
information.
    The system owner information has been modified to include only 
contact information for the PSP system of records and no longer 
included information for the MCMIS and Freedom of Information Act 
(FOIA) systems, which are separate and distinct system of records. The 
complete system of records notices for these systems may be found at 
www.dot.gov/privacy.
    FMCSA plans to introduce PSP Mobile iOS Application as an 
alternative means of providing information available through the PSP 
Web site to the authorized users. FMCSA does not require individuals to 
register or provide any PII as a condition of downloading PSP iOS 
application. Individuals downloading the PSP iOS application must 
fulfill Apple's registration requirements prior to downloading the 
application. Apple does not provide FMCSA any PII of individuals who 
download the PSP iOS application from its site. Requesters seeking 
information on CMV drivers

[[Page 42550]]

through the PSP iOS mobile application can only access PSP records 
using the same authorization process and data elements described in 
this System of Records Notice.
    This updated system will be included in DOT's inventory of record 
systems.

SYSTEM NUMBER:
    DOT/FMCSA 007.

SYSTEM NAME:
    Department of Transportation Federal Motor Carrier Safety 
Administration Pre-Employment Screening Program.

SECURITY CLASSIFICATION:
    Unclassified, Sensitive.

SYSTEM LOCATION:
    Records are maintained at the DOT Service Provider sites managed by 
AT&T in Ashburn, VA and Allen, TX.

CATETORIES OF INDIVIDUALS COVERED BY THE SYSTEM OF RECORDS:
    PSP records will include personally identifiable information (PII) 
pertaining to Commercial Motor Vehicle (CMV) drivers, as defined by 49 
CFR 390.5, (referred to in this system of records notice as operator-
applicants). PSP will also include access transaction records. For CMV 
drivers, this will include personal information submitted by the CMV 
driver to access his or her personal PSP record. For motor carriers or 
authorized industry service provider, Access Transaction Records will 
include the unique username and password submitted by the user to 
access the PSP system and the CMV driver information submitted by the 
motor carrier or authorized industry service provider to retrieve a PSP 
record.

CATEGORIES OF RECORDS:
    Categories of records in this system include:
    CMV crash and inspection records. Data extract from the FMCSA Motor 
Carrier Management Information System (MCMIS) containing the most 
recent five years' crash data and the most recent three years' 
inspection information for operator-applicants including:

[squf] CMV driver name (last, first)
[squf] CMV driver date of birth
[squf] CMV driver license number
[squf] CMV driver license State

    Access transaction records. In the case of a motor carrier or 
industry service provider accessing a CMV driver's PSP record, 
transaction records include information about the subject of the 
electronic record request including:


[squf] CMV driver name (last, first, middle initial)
[squf] CMV driver date of birth
[squf] CMV driver license number
[squf] CMV driver license State

    Access Transaction Records also include information about the motor 
carrier or industry service provider accessing the record including:

[squf] User unique system username
[squf] User unique system password

    In the case of an operator-applicant requesting his or her own PSP 
record, the Access Transaction Record will include:

[squf] CMV driver name (last, first, middle initial)
[squf] CMV driver date of birth
[squf] CMV driver license number
[squf] CMV driver license State
[squf] CMV driver address.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    49 U.S.C. 31150, as added by section 4117 of Public Law 109-59 
[Safe, Accountable, Flexible, Efficient Transportation Equity Act: A 
Legacy for Users (SAFETEA-LU)].

PURPOSE(S):
    The purpose of this system is to make CMV crash and inspection 
records available to authorized operator-applicants, authorized 
industry service providers, and authorized motor carriers. Records 
maintained in the system will also support operational management of 
the PSP program.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PRUPOSES OF USE:
    In addition to those disclosures generally permitted under Section 
(b) of the Privacy Act, 5 U.S.C. 552a(b), all or a portion of the 
records or information contained in this system may be disclosed 
outside of DOT as a routine use pursuant to 5 U.S.C. 552a(b)(3) as 
follows:
    1. To authorized industry service providers and motor carriers as 
part of the operator-applicant's PSP record; authorized industry 
service providers and motor carriers may use PSP records only for 
purposes of pre-employment safety screening of operator-applicants and 
must have the operator-applicant's consent to access the PSP record;
    2. To the DOT Validation Authority (e.g., Lexis-Nexis) to verify 
and validate the presented identity of the individual operator-
applicant requesting access to his or her own inspection and crash 
data.
    3. Other possible routine uses of the information, applicable to 
all DOT Privacy Act systems of records, are published in the Federal 
Register at 75 FR 82132, December 29, 2010, under ``Prefatory Statement 
of General Routine Uses'' (available at http://www.dot.gov/privacy/privacyactnotices).

DISCLOSURE TO CONSUMER REPORTING AGENCIES:
    None.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS:
STORAGE:
    Records in this system are stored electronically or on paper in 
secure facilities. Electronic records may be stored on magnetic disc, 
tape, digital media, and CD-ROM. Any paper records received or required 
for purposes of processing data requests will be stored in secure file 
folders at the DOT Service Provider's secure storage facility.

RETRIEVABILITY:
    Records will be retrieved by using the operator-applicant's last 
name, date of birth, license number, and license State.

SAFEGUARDS:
    All records in the system will be protected from unauthorized 
access through appropriate administrative, physical, and technical 
safeguards. Electronic files will be stored in a database secured by 
password security, encryption, firewalls, and secured operating 
systems, to which only authorized Service Provider or DOT/FMCSA 
personnel will have access, on a need-to-know basis. Paper files will 
be stored in file cabinets in a locked file room to which only the 
authorized Service Provider and DOT/FMCSA personnel will have access, 
on a need-to-know basis. All access to the electronic system and paper 
files will be logged and monitored. All PII data elements will be 
encrypted in the PSP system.
    The Service Provider will be subject to routine audits of the PSP 
program by FMCSA to ensure compliance with the Privacy Act, applicable 
sections of the Fair Credit Reporting Act and other applicable Federal 
laws, regulations, or other requirements.
    Access by external users (operator-applicants, authorized industry 
service providers and motor carriers) will be restricted within the 
system based upon the user's role as an authorized industry service 
provider, motor carrier, or validated operator-applicant. An authorized 
industry service provider or motor carrier is an entity or person who 
has been provided a unique user identification and password and must 
use the unique identification and password to access data in PSP. 
External users will be able to query the CMV

[[Page 42551]]

crash and inspection database only. The Service Provider will provide 
users with an advisory statement that authorized industry service 
providers and motor carriers could be subject to criminal penalties and 
other sanctions under 18 U.S.C. 1001 for misuse of the PSP system.
    In order for an authorized industry service provider or motor 
carrier to receive an individual operator-applicant's crash and 
inspection data, the authorized industry service provider or motor 
carrier must certify, for each request, under penalty of perjury, that 
the request is for pre-employment purposes only and that written or 
electronic consent of the operator-applicant has been obtained. Upon 
completion of certification, the Service Provider will provide the 
individual operator-applicant data to the industry service provider or 
motor carrier via the secure PSP Web site. The authorized industry 
service provider or motor carrier will access this individual's 
information by entering a unique identification username and password. 
Authorized industry service providers or motor carriers will be 
required to maintain each operator-applicant's signed, written consent 
form or electronic signature for five years. Authorized industry 
service providers or motor carriers are subject to random audits by DOT 
to ensure that written or electronic consent of operator-applicants was 
obtained.
    The PSP system also allows validated operator-applicants to access 
their own crash and inspection data upon written or electronic request. 
Upon receipt of an operator-applicant's request, the Service Provider 
will validate the identity of the requestor (operator-applicant) by 
using his or her full name, date of birth, driver license number, 
driver license State and current address against a validation 
authority.
    The contractor and FMCSA have established an ongoing, random-
selection audit process to monitor compliance with the written consent 
obligation. The audit requirements and penalties process is 
incorporated by reference as part of the contract between FMCSA and the 
contractor. The purpose of the audit requirements and penalties process 
is to ensure that the account holder obtains a driver-signed consent 
form prior to completing a PSP driver record inquiry in accordance with 
the Fair Credit Reporting Act, 15 U.S.C. 1681 et seq., and 49 U.S.C. 
31150. The contractor will penalize an account holder, who fails to 
comply with the audit requirements. Based on the nature and frequency 
of these violations, the contractor may send a written warning, 
suspend, or terminate the account holder from the PSP.
    Individuals who access the PSP system via the iOS application are 
subject to the privacy policy integrated in the application.

RETENTION AND DISPOSAL:
    1. CMV crash and inspection records: Pursuant to General Records 
Schedule (GRS) 20 (``Electronic Records,'' February 2008, see http://www.archives.gov/records-mgmt/ardor/grs20.html), governing extract 
files, each monthly MCMIS extract in PSP is deleted approximately three 
months after being superseded by a current MCMIS extract, unless needed 
longer for administrative, legal, audit or other operational purposes.
    2. Access Transaction Records: Pursuant to GRS 24, ``Information 
Technology Operations and Management Records,'' Item 6, April 2010, see 
http://www.archives.gov/records-mgmt/grs/grs24.html) Access Transaction 
Records are retained for a period of five years.

SYSTEM MANAGER CONTACT INFORMATION:
    PSP System Manager: Office of Information Technology; Federal Motor 
Carrier Safety Administration; U.S. Department of Transportation; 1200 
New Jersey Avenue SE., W65-319; Washington, DC 20590.

NOTIFICATION PROCEDURE:
    Operator-applicants wishing to know if their inspection and crash 
records appear in this system may directly access the PSP system or 
make a request in writing to the PSP System Manager identified under 
``System Manager Contact Information.''
    Individual operator-applicants wishing to know if their Access 
Transaction Records appear in this system may make a written request to 
the following address: NIC Technologies, 4601 N. Fairfax Drive, Suite 
1160, Arlington, VA 22203.
    Any other requests for records about yourself from this system of 
records or any other Departmental system of records your request must 
conform with the Privacy Act regulations set forth in 49 CFR part 10. 
You must sign your request, and your signature must either be notarized 
or submitted under 28 U.S.C. 1746, a law that permits statements to be 
made under penalty of perjury as a substitute for notarization. While 
no specific form is required, you may obtain forms for this purpose 
from the Chief Freedom of Information Act Officer, http://www.dot.gov/foia or 202.366.4542. In addition you should provide the following:
    An explanation of why you believe the Department would have 
information on you;
    [squf] Identify which component(s) of the Department you believe 
may have the information about you;
    [squf] Specify when you believe the records would have been 
created;
    [squf] Provide any other information that will help the FOIA staff 
determine which DOT component agency may have responsive records; and
    [squf] If your request is seeking records pertaining to another 
living individual, you must include a statement from that individual 
certifying his/her agreement for you to access his/her records.
    Without this bulleted information the component(s) may not be able 
to conduct an effective search, and your request may be denied due to 
lack of specificity or lack of compliance with applicable regulations.

RECORD ACCESS PROCEDURES:
    See ``Notification Procedure'' above.

CONTESTING RECORDS PROCEDURE:
    Operator-applicants seeking to contest the content of information 
about them in this system should apply to the System Manager by 
following the same procedures as indicated under ``Notification 
Procedure.'' Operator-applicants may also submit a data challenge to 
FMCSA's online system to record and monitor challenges to FMCSA data, 
DataQs. The system can be accessed via the DataQs Web site (https://dataqs.fmcsa.dot.gov/login.asp). The DataQs system, provides an 
electronic means for operator-applicants to file concerns about Federal 
and State data contained in the PSP report. Specifically, DataQs allows 
an individual to challenge data maintained by FMCSA on, among other 
things, crashes, inspections, registration, operating authority, safety 
audits and enforcement actions. Through this system, data concerns are 
automatically forwarded to the appropriate Federal or State office for 
processing and resolution. Any challenges to data provided by State 
agencies must be resolved by the appropriate State agency. 
Additionally, FMCSA is not authorized to direct a State to change or 
alter MCMIS data for violations or inspections originating within a 
particular State(s). Once a State office makes a determination on the 
validity of a challenge, FMCSA considers that decision as the final 
resolution of the challenge. FMCSA cannot change State records without 
State consent. The system also allows filers to monitor the status of 
each filing.

[[Page 42552]]

RECORD SOURCE CATEGORIES:
    1. CMV crash and inspection records: All commercial driver crash 
and inspection data in PSP is received from a monthly MCMIS data 
extract. The MCMIS SORN identifies the source(s) of the information in 
MCMIS. (FMCSA modified the MCMIS SORN to describe the system's sharing 
of PII with the Driver Information Resource and PSP systems. See 74 FR 
66391, December 15, 2009). All DOT SORNs may be found at www.dot.gov/privacy.
    2. Access transaction records: An audit trail of those entities or 
persons that accessed the PSP (i.e. authorized motor carriers, 
authorized industry service providers, or validated operator-
applicants) is automatically created when requests are initiated and 
when data is released by the Service Provider. These records are 
internal documents to be used by the Service Provider and FMCSA for 
auditing, monitoring and compliance purposes.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.

    Issued in Washington, DC on July 13, 2012.
Claire W. Barrett,
Departmental Privacy Officer.
[FR Doc. 2012-17597 Filed 7-18-12; 8:45 am]
BILLING CODE 4910-EX-P