[Federal Register Volume 84, Number 32 (Friday, February 15, 2019)]
[Notices]
[Pages 4605-4609]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-02356]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Office of the Secretary

[Docket No. DOT-OST-2018-0155]


Privacy Act of 1974; Department of Transportation, Office of the 
Secretary of Transportation; DOT/ALL-17; Freedom of Information and 
Privacy Act Case Files

AGENCY: Office of the Departmental Chief Information Officer, Office of 
the Secretary of Transportation, DOT.

ACTION: Notice of Privacy Act modified system of records and rescission 
of system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Department of 
Transportation proposes to update and reissue a current Department of 
Transportation system of records titled, ``Department of 
Transportation--DOT/ALL 017 Freedom of Information Act (FOIA) and 
Privacy Act Case Files System of Records.'' The Department also intends 
to consolidate the following legacy system, ``DOT/MARAD 003 Freedom of 
Information and Privacy Request Records'' as part of the same and 
rescind DOT/MARAD 003.
    This system of records will allow the Department of Transportation, 
to include its Operating Administrations, the Office of the Inspector 
General, and Secretarial Offices, to collect and retain records and 
related correspondence on individuals who have filed requests for 
information under the Freedom of Information Act and Privacy Act of 
1974, including requests for review of final denials of such requests. 
As a result of a biennial review of this system, records have been 
updated within the following sections; Security Classification to 
include classified and sensitive records, Categories of Individuals to 
include individuals making requests on behalf of the subject individual 
and individuals whose requests have been referred to the Department for 
processing by other agencies as well as individuals involved in 
processing and responding to requests and/or appeals, Categories of 
Records to provide greater clarity of the type of records and 
information included in the system, Purposes to include responding to 
litigation associated with requests, and other activities required to 
assist the Department in executing its responsibilities, Routine Uses 
to include three new routine uses to support processing of FOIA and 
Privacy Act requests, appeals and amendments, and to facilitate 
understanding of DOT processes, Retrievability to expand the set of 
identifiers that may be used to retrieve cases, System Manager to 
provide information on where to find operating administration specific 
contacts, and Exemptions Claimed to clarify that records requested from 
other systems are not part of this system of records. Additionally, 
this notice includes non-substantive changes to simplify the language, 
formatting, and text of the previously published notice to align with 
the requirements of Office of Memorandum and Budget Memoranda A-108. 
This updated system, titled Freedom of Information Act and Privacy Act 
Case Files, will be included in the Department of Transportation's 
inventory of record systems.

DATES: Written comments should be submitted on or before March 18, 
2019. The Department may publish an amended Systems of Records Notice 
in light of any comments received. This new system will be applicable 
March 18, 2019.

ADDRESSES: You may submit comments, identified by docket number DOT-
OST-2018-0155 by any of the following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Mail: Docket Management Facility, U.S. Department of 
Transportation, 1200 New Jersey Ave. SE, West Building Ground Floor, 
Room W12-140, Washington, DC 20590-0001.
     Hand Delivery or Courier: West Building Ground Floor, Room 
W12-140, 1200 New Jersey Ave. SE, between 9 a.m. and 5 p.m. ET, Monday 
through Friday, except Federal Holidays.
     Fax: (202) 493-2251.
    Instructions: You must include the agency name and docket number 
DOT-OST-2018-0155. All comments received will be posted without change 
to http://www.regulations.gov, including any personal information 
provided.
    Privacy Act: Anyone is able to search the electronic form of all 
comments received in any of our dockets by the name of the individual 
submitting the comment (or signing the comment, if submitted on behalf 
of an association, business, labor union, etc.). You may review the 
Department of Transportation's complete Privacy Act statement in the 
Federal Register published on April 11, 2000 (65 FR 19477-78), or you 
may visit http://DocketsInfo.dot.gov.
    Docket: For access to the docket to read background documents or 
comments received, go to http://www.regulations.gov or to the street 
address listed above. Follow the online instructions for accessing the 
docket.

FOR FURTHER INFORMATION CONTACT: For questions, please contact: Claire 
W. Barrett, Departmental Chief Privacy Officer, Office of the Chief 
Information Officer, Department of Transportation, Washington, DC 
20590; [email protected]; or 202.527.3284.

SUPPLEMENTARY INFORMATION:

I. Background

    In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the 
Department of Transportation (DOT)/Office of the Secretary (OST) 
proposes to update and reissue a current DOT wide system of records 
titled, ``Department of Transportation/ALL--017 Freedom of Information 
Act and Privacy Act Case Files.'' The Department also intends to 
rescind the following legacy system, ``DOT/MARAD 003 Freedom of 
Information and Privacy Request Records'' and consolidate records 
managed under that Notice as part of the same.
    The updated system of records consists of information created and 
used by the Department's Freedom of Information Act (FOIA) and Privacy 
Act (PA) staff to process requests as well as to manage the FOIA and PA 
programs.
    The publication of this updated system of records notice supports 
DOT efforts to ensure that all DOT Operating Administrations, 
Secretarial Offices, and the Office of the Inspector General implement 
their Privacy Act obligations

[[Page 4606]]

and processes for collecting and handling FOIA and PA records in a 
consistent manner.
    Changes to the notices Categories of Records, Categories of 
Individuals, Purposes, and Retrievability improve the transparency of, 
but do not reflect substantive changes to, the Notice. The Security 
Classification section has been modified to be comprehensive inclusive 
of all the types of records that may be integrated into a case file in 
terms of records collected that may be responsive to a FOIA and/or PA 
request. The FOIA and PA case files themselves remain unclassified. The 
Department is proposing three new Routine Uses to bolster Department 
transparency and efficiency of its FOIA and Privacy Act programs. The 
first proposed Routine Use supports efforts to promote appropriate 
application of access and appeals rights under the Privacy Act. The 
Department is also proposing a Routine Use to allow disclosure of 
``FOIA logs'' (including requester names, case number) to the public to 
facilitate understanding of DOT FOIA processes. The Department is 
proposing an additional Routine Use, which would permit the sharing of 
initial requestor letters to submitters of responsive records to 
solicit input about the application of FOIA exemptions, like FOIA 
Exemption 4, to requested records submitted to the Department. The 
Department also intends to include a Routine Use to permit the 
Department to share information with the Office of Government 
Information Services (OGIS) for the purpose of resolving disputes 
between requesters seeking information under the Freedom of Information 
Act (FOIA) and DOT, or OGIS' review of DOT's policies, procedures, and 
compliance with FOIA. OGIS was created to resolve disputes related to 
FOIA processing, and FOIA requesters contact OGIS for assistance with 
FOIA matters. Therefore, sharing records from this system with OGIS for 
these purposes is compatible with the purpose of collection.
    This Notice also includes several of DOT's General Routine Uses, to 
the extent they are compatible with the purposes of this System. As 
recognized by the Office of Management and Budget (OMB) in its Privacy 
Act Implementation Guidance and Responsibilities (65 FR 19746, July 9, 
1975), the routine uses include all proper and necessary uses of 
information in the system, even if such uses occur infrequently. The 
DOT has included in this SORN routine uses for disclosures to law 
enforcement when the record, on its face, indicates a violation of law, 
to DOJ for litigation purposes, or when necessary in with investigating 
or responding to a breach of this system or other agencies' systems. 
DOT must take appropriate action to address any apparent violations of 
the law, and to share information with legal counsel in the Department 
of Justice when necessary for litigation. The OMB has long recognized 
that these types of routine uses are ``proper and necessary'' uses of 
information and qualify as compatible with agency systems. 65 FR 19476. 
In addition, by OMB Memorandum M-17-12, OMB directed agencies to 
include routine uses that will permit sharing of information when 
needed to investigate, respond to, and mitigate a breach of a Federal 
information system. The Department also has included routine uses that 
permit sharing with the National Archives and Records Administration 
when necessary for an inspection, to any Federal government agency 
engaged in audit or oversight related to this system, or when DOT 
determines that the disclosure will detect, prevent, or mitigate 
terrorism activity. These types of disclosures are necessary and proper 
uses of information in this system because they further DOT's 
obligation to fulfil its records management and program management 
responsibilities by facilitating accountability to agencies charged 
with oversight in these areas, and the Department's obligation under 
Intelligence Reform and Terrorism Prevention Act of 2004, Public Law 
108-456, and Executive Order 13388 (Oct. 25, 2005) to share information 
necessary and relevant to detect, prevent, disrupt, preempt, or 
mitigate the effects of terrorist activities against the territory, 
people, and interests of the United States. Finally, this system 
includes a routine use to permit sharing with our contractors, 
consultants, experts, grantees, and others when necessary to fulfill a 
DOT function related to this System. Agencies routinely engage 
assistance of these types of individuals in the fulfillment of their 
duties, such as contract support necessary to maintain the database in 
which these records are housed. DOT relies on contract support to 
maintain this system, and disclosures for this purpose is compatible 
with the purpose of the collection--to maintain a system that tracks 
consumer complaints.
    The System Manager and Address information have been updated to 
reflect the current location of DOT records. DOT no longer claims any 
exemptions for this system, however, records responsive to FOIA and 
Privacy Act requests that are part of this System of Records would be 
subject to any exemptions identified in the originating System of 
Records Notice.
    This updated system will be included in DOT's inventory of record 
systems.

II. Privacy Act

    The Privacy Act (5 U.S.C. 552a) governs the means by which the 
Federal Government collects, maintains, and uses personally 
identifiable information (PII) in a System of Records. A ``System of 
Records'' is a group of any records under the control of a Federal 
agency from which information about individuals is retrieved by name or 
other personal identifier. The Privacy Act requires each agency to 
publish in the Federal Register a System of Records notice (SORN) 
identifying and describing each System of Records the agency maintains, 
including the purposes for which the agency uses PII in the system, the 
routine uses for which the agency discloses such information outside 
the agency, and how individuals to whom a Privacy Act record pertains 
can exercise their rights under the Privacy Act (e.g., to determine if 
the system contains information about them and to contest inaccurate 
information).
    In accordance with 5 U.S.C. 552a(r), DOT has provided a report of 
this system of records to the Office of Management and Budget and to 
Congress.

II. Privacy Act

    The Privacy Act (5 U.S.C. 552a) governs the means by which the 
Federal Government collects, maintains, and uses personally 
identifiable information (PII) in a System of Records. A ``System of 
Records'' is a group of any records under the control of a Federal 
agency from which information about individuals is retrieved by name or 
other personal identifier. The Privacy Act requires each agency to 
publish in the Federal Register a System of Records notice (SORN) 
identifying and describing each System of Records the agency maintains, 
including the purposes for which the agency uses PII in the system, the 
routine uses for which the agency discloses such information outside 
the agency, and how individuals to whom a Privacy Act record pertains 
can exercise their rights under the Privacy Act (e.g., to determine if 
the system contains information about them and to contest inaccurate 
information).

[[Page 4607]]

    In accordance with 5 U.S.C. 552a(r), DOT has provided a report of 
this system of records to the Office of Management and Budget and to 
Congress.

SYSTEM NAME AND NUMBER
    Department of Transportation (DOT)/ALL-14, Freedom of Information 
and Privacy Act Case Files.

SECURITY CLASSIFICATION:
    Unclassified, classified, controlled unclassified.

SYSTEM LOCATION:
    Records are maintained at the Department of Transportation and in 
component offices of the Department of Transportation in both 
Washington, DC and field offices.

SYSTEM MANAGER AND ADDRESS:
    For requests for records for Offices of the Secretary, Departmental 
Freedom of Information Act Officer, Department of Transportation, 1200 
New Jersey Avenue SE, Room W94-122, Washington, DC 20590. For all other 
Operating Administrations see www.transportation.gov/foia under ``DOT 
FOIA Service Centers and Liaisons.''

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 552, Freedom of Information Act, as amended; 5 U.S.C. 
552a, the Privacy Act of 1974, as amended.

PURPOSE(S):
    The purpose of this system is to process individuals' record 
requests and administrative appeals under the Freedom of Information 
Act (FOIA) and requests for access to or amendment of records under the 
Privacy Act (PA). Records may also be used to support DOT participation 
in litigation arising from such requests and appeals, and in assisting 
DOT in carrying out any other responsibilities under the Freedom of 
Information Act or Privacy Act.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals who submit FOIA and/or PA requests and administrative 
appeals to DOT.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Categories of records in this system relate to records received, 
created, and compiled in processing FOIA and PA requests, including:
     Records and related correspondence to/from individuals who 
have filed requests for information under provisions of the FOIA and/or 
PA, including initial requests and requests for review of initial 
denials of such requests;
     Correspondence with individuals or entities that submitted 
requested records;
     Documents relevant to appeals and lawsuits under FOIA and 
PA including from Department of Justice and other government 
litigators.

RECORD SOURCE CATEGORIES:
    Records are obtained directly from those individuals who submit 
initial requests and administrative appeals pursuant to FOIA and PA, 
and DOT personnel who handle such requests and appeals.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DOT as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

System Specific Routine Uses

    1. To another Federal agency (a) with an interest in the record in 
connection with a referral of a FOIA request to that agency for its 
views or decisions on disclosure or (b) in order to obtain advice and 
recommendations concerning matters on which the agency has specialized 
experience or particular competence that may be useful to DOT in making 
required determinations under the FOIA.
    2. To a Federal, State, territorial, tribal, local, international, 
or foreign agency or entity for the purpose of consulting with that 
agency or entity;
    a. To assist in making a determination regarding access to or 
amendment of information, or
    b. For the purpose of verifying the identity of an individual or 
the accuracy of information submitted by an individual who has 
requested access to or amendment of records maintained in other DOT 
Privacy Act system of records.
    3. To members of the public to facilitate understanding of DOT FOIA 
processes. Such release will be limited to ``FOIA logs'' and may 
include the request number, date of receipt, name of individual or 
organization making the request, a description of the information 
sought, response date, and the type of response.
    4. To submitters of records for purposes of determining the 
applicability of FOIA exemptions, such as Exemption 4, to the records. 
Such release will be limited to initial request letters.
    5. To the Office of Government Information Services (OGIS) for the 
purpose of resolving disputes between requesters seeking information 
under the Freedom of Information Act (FOIA) and DOT, or OGIS' review of 
DOT's policies, procedures, and compliance with FOIA.

Department General Routine Uses

    6. To the appropriate agency, whether Federal, State, local, or 
foreign, charged with the responsibility of implementing, 
investigating, prosecuting, or enforcing a statute, regulation, rule or 
order, when a record in this system indicates a violation or potential 
violation of law, whether civil, criminal, or regulatory in nature, 
including any records from this system relevant to the implementation, 
investigation, prosecution, or enforcement of the statute, regulation, 
rule, or order that was or may have been violated;
    7. To a Federal, State, or local agency maintaining civil, 
criminal, or other relevant enforcement information or other pertinent 
information, such as current licenses, if necessary for DOT to obtain 
information relevant to a DOT decision concerning the hiring or 
retention or an employee, the issuance of a security clearance, the 
letting of a contract, or the issuance of a license, grant or other 
benefit;
    8. To a Federal agency, upon its request, in connection with the 
requesting Federal agency's hiring or retention of an employee, the 
issuance of a security clearance, the reporting of an investigation or 
an employee, the letting of a contract, or the issuance of a license, 
grant, or other benefit by the requesting agency, to the extent that 
the information requested is relevant and necessary to the requesting 
agency's decision on the matter;
    9. To the Department of Justice, or any other Federal agency 
conducting litigation, when (a) DOT, (b) any DOT employee, in his/her 
official capacity, or in his/her individual capacity if the Department 
of Justice has agreed to represent the employee, or (c) the United 
States or any agency thereof, is a party to litigation or has an 
interest in litigation, and DOT determines that the use of the records 
by the Department of Justice or other Federal agency conducting the 
litigation is relevant and necessary to the litigation; provided, 
however, that DOT determines, in each case, that disclosure of the 
records in the litigation is a use of the information contained in the 
records that is compatible with the purpose for which the records where 
collected.
    10. To parties in proceedings before any court or adjudicative or 
administrative body before which DOT appears when (a) DOT, (b) any DOT 
employee in his or her official capacity, or in his or her individual 
capacity

[[Page 4608]]

where DOT has agreed to represent the employee, or (c) the United 
States or any agency thereof is a party to litigation or has an 
interest in the proceeding, and DOT determined that is relevant and 
necessary to the proceeding; provided, however, that DOT determines, in 
each case, that disclosure of the records in the proceeding is a use of 
the information contained in the records that is compatible with the 
purpose for which the records where collected.
    11. To the National Archives and Records Administration for an 
inspection under 44 U.S.C. 2904 and 2906.
    12. To another agency or instrumentality of any government 
jurisdiction for use in law enforcement activities, either civil or 
criminal, or to expose fraudulent claims; however, this routine use 
only permits the disclosure of names pursuant to a computer matching 
program that otherwise complies with the requirements of the Privacy 
Act.
    13. To the Attorney General of the United States, of his/her 
designee, information indicating that a person meets any of the 
qualifications for receipt, possession, shipment, or transport of a 
firearm under the Brady Handgun Violence Prevention Act. Should the 
validity of the information DOT provides to the Attorney General or 
his/her designee be disputed, DOT may disclose to that National 
Background Information Check System, established by the Brady Handgun 
Violence Prevention Act, any information from this system necessary to 
resolve the dispute.
    14. To appropriate agencies, entities, and persons, when (1) DOT 
suspects or has confirmed that there has been a breach of the system of 
records; (2) DOT has determined that as a result of the suspected or 
confirmed compromise there is a risk of harm to individuals, DOT 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, or persons is reasonably necessary to 
assist in connection with DOT's efforts to respond to the suspected or 
confirmed compromise and prevent, minimize, or remedy such harm.
    15. To DOT's contractors and their agents, DOT's experts, 
consultants, and others performing or working on a contract, service, 
cooperative agreement, or other assignment for DOT, when necessary to 
accomplish an agency function related to this system of records.
    16. To an agency, organization, or individual for the purpose of 
performing an audit or oversight related to this system or records, 
provided that DOT determines the records are necessary and relevant to 
the audit or oversight activity. This routine use does not apply to 
intra-agency sharing authorized under Section (b)(1) of the Privacy 
Act.
    17. To a Federal, State, local, tribal, foreign government, or 
multinational agency, either in response to a request or upon DOT's 
initiative, terrorism information (6 U.S.C. 485(a)(5)), homeland 
security information (6 U.S.C. 482(f)(1)), or law enforcement 
information (Guideline 2, report attached to White House Memorandum, 
``Information Sharing Environment,'' Nov. 22, 2006), when DOT finds 
that disclosure of the record is necessary and relevant to detect, 
prevent, disrupt, preempt, or mitigate the effects of terrorist 
activities against the territory, people, and interests of the United 
States, as contemplated by the Intelligence Reform and Terrorism 
Prevention Act of 2004, Public Law 108-456, and Executive Order 13388 
(Oct. 25, 2005).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in this system are stored electronically and/or on paper in 
secure facilities. Electronic records may be stored on magnetic disc, 
tape, digital media, and CD-ROM.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by the name of the individual who made the 
request/appeal, the name of the authorized representative making a 
request/appeal on behalf of the individual, the case tracking or 
control number assigned to the request or appeal, or chronologically by 
date of initial determination.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records will be retained and disposed in accordance with the 
National Archives and Records Administration (NARA) General Records 
Schedule (GRS) 4.2, Items 020 and 090, Information Access and 
Protection Records. Under Item 020, FOIA and PA requests for access to 
records are destroyed six years after final agency action or three 
years after final adjudication by the courts, whichever is later, but 
longer retention is authorized if required for business use. Under Item 
090, PA amendment request files are destroyed with the records for 
which amendment was requested, or four years after the close of the 
case, whichever is later. Longer retention is authorized if required 
for business use.

ADMINISTRATIVE, TECHNICAL, AND SAFEGUARDS:
    Records in this system are safeguarded in accordance with 
applicable rules and policies, including all applicable DOT automated 
systems security and access policies. Appropriate controls have been 
imposed to minimize the risk of compromising the information that is 
being stored. Access to records in this system is limited to those 
individuals who have a need to know the information for the performance 
of their official duties and who have appropriate clearances or 
permissions.

RECORD ACCESS PROCEEDURES:
    Individuals seeking access to any record contained in this system 
of records may submit a request in writing to the Departmental FOIA 
Office whose contact information is listed under the System manager for 
this notice. If an individual believes more than one component 
maintains Privacy Act records concerning him or her, the individual may 
submit the request to the Departmental Freedom of Information Act 
Office, U.S. Department of Transportation, Room W94-122, 1200 New 
Jersey Ave. SE, Washington, DC 20590, ATTN: FOIA request.
    When seeking records about yourself from this system of records or 
any other Departmental system of records your request must conform with 
the Privacy Act regulations set forth in 49 CFR part 10. You must sign 
your request, and your signature must either be notarized or submitted 
under 28 U.S.C. 1746, a law that permits statements to be made under 
penalty of perjury as a substitute for notarization. While no specific 
form is required, you may obtain forms for this purpose from the Chief 
Freedom of Information Act Officer, http://www.transportation.gov/foia 
or 202.366.4542. In addition you should provide the following:
    An explanation of why you believe the Department would have 
information on you;
     Identify which component(s) of the Department you believe 
may have the information about you;
     Specify when you believe the records would have been 
created;
     Provide any other information that will help the FOIA 
staff determine which DOT component agency may have responsive records; 
and
    If your request is seeking records pertaining to another living 
individual, you must include a statement from that individual 
certifying his/her agreement for you to access his/her records.

[[Page 4609]]

    Without this bulleted information the component(s) may not be able 
to conduct an effective search, and your request may be denied due to 
lack of specificity or lack of compliance with applicable regulations.

CONTESTING RECORD PROCEDURES:
    Individuals seeking to contest the content of any record pertaining 
to him or her in the system may contact the System Manager following 
the procedures described in ``Record Access Procedures'' above.

NOTIFICATION PROCEDURES:
    Individuals seeking notification of whether this system contains 
records about him or her may contact the System Manager following the 
procedures described in the ``Record Access Procedures'' above.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    No exemptions are claimed for the records associated with the 
administrative processing of FOIA and PA requests and appeals. During 
the course of a FOIA or PA action, copies of exempt materials from 
other systems of records may become part of the case records in this 
system. To the extent that copies of exempt records from those `other' 
systems of records are entered into the FOIA/PA case file, the same 
exemptions apply for those records, as are claimed for the original 
systems of records which they are a part.

HISTORY:
    71 FR 35320 (June 19, 2006).

    Issued in Washington, DC, on February 11, 2019.
Claire W. Barrett,
Departmental Chief Privacy Officer.
[FR Doc. 2019-02356 Filed 2-14-19; 8:45 am]
 BILLING CODE 4910-9X-P