Privacy Act of 1974; System of Records

AGENCY:

Federal Motor Carrier Safety Administration (FMCSA), Department of Transportation (DOT).

ACTION:

Notice of a new system of records.

SUMMARY:

In accordance with the Privacy Act of 1974, the Department of Transportation (DOT) proposes a new system of records titled “Entry-Level Driver Training Provider Registry” (TPR). This system of records will allow DOT to collect and maintain registered training provider information and entry-level driver training certification information. The information in the system will be used to establish training provider accounts, act as a central repository for entry level-driver training (ELDT) certification information and transmit that information to State Driver Licensing Agencies (SDLAs).

DATES:

Comments on the system will be accepted on or before 30 days from the date of publication of this notice. The system will be effective 30 days after publication of this notice. Routine uses will be effective at that time.

ADDRESSES:

You may submit comments, identified by docket number OST-2021-0037 by one of the following methods:

Federal e-Rulemaking Portal: https://www.regulations.gov .

Mail: Karyn Gorman, Acting Departmental Chief Privacy Officer, Department of Transportation, Washington, DC 20590.

All submissions received must include the agency name and docket number OST-2021-0037. All comments received will be posted without change to https://www.regulations.gov and may include any personal information provided.”

Docket: For access to the docket to read background documents or comments received, to https://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT:

For general and privacy questions, please contact: Karyn Gorman, Acting Departmental Chief Privacy Officer, Department of Transportation, S-81, Washington, DC 20590, Email: privacy@dot.gov, Tel. (202) 366-3140.

SUPPLEMENTARY INFORMATION:

Background

In accordance with the Privacy Act of 1974, the Department of Transportation is proposing a new system of records titled “Department of Transportation (DOT)/Federal Motor Carrier Safety Administration (FMCSA)—012, Entry-Level Driver Training Provider Registry” (TPR). This system will collect information related to registered training providers and entry level-driver training (ELDT) certification information pertaining to individual applicants for commercial driver's licenses (CDLs) or certain endorsements. The Moving Ahead for Progress in the 21st Century Act (MAP-21) requires DOT to regulate ELDT (Pub. L. 112-141, section 32304, 126 Stat. 405, 791 (July 6, 2012)). MAP-21 modified 49 U.C 31305 by adding paragraph (c), which required FMCSA to issue ELDT regulations addressing the knowledge and skills that an individual must acquire before obtaining a CDL or specified endorsement for the first time. MAP-21 also required training providers to demonstrate, by providing certification information, that the individual meets the ELDT requirements. Section 32304(a) allows the Secretary to establish the process by which a training provider must provide certification information. These ELDT regulations are currently located in 49 CFR part 380. The TPR is the tool that training providers and SDLAs will use to meet the ELDT requirements.

Training providers, as defined in 49 CFR 380.605, wishing to provide ELDT must be listed on the TPR. Training providers include, but are not limited to, training schools, educational institutions, rural electric cooperatives, motor carriers, State/local governments, school districts, joint labor management programs, owner-operators, and individuals. To be listed on the TPR, a training provider must certify that it meets the applicable eligibility requirements listed in 49 CFR 380.703(a), including completion of FMCSA's registration process. Registration is accomplished by accessing FMCSA's TPR website and electronically transmitting a completed Training Provider Registration Form (TPRF) affirming, under penalties of perjury, that the provider will teach the FMCSA-prescribed curriculum that is appropriate for the CDL class or endorsement. When a provider meets the applicable requirements, FMCSA will issue the provider a unique TPR number and, as applicable, add the provider's information to the TPR website. The information maintained in the system of records on training providers, some of whom are individuals, includes, but is not limited to, the training entity's legal name, location, phone number, website address, and the type of ELDT offered. Except as noted below, this information will be located on the publicly available portion of the TPR website, which will allow driver-trainees to locate and contact registered training providers. In addition, FMCSA may use the training providers' contact information to communicate with them regarding their registration information on the TPR, or to initiate an audit or investigation of the training provider pursuant to 49 CFR 380.703(a)(6) and 380.719(a)(5). FMCSA acknowledges that some training providers, including those who provide ELDT only for their own employees or prospective employees, may wish to keep their contact information private and therefore not have it publicly displayed on the TPR website. Accordingly, training providers who do not intend to make their services available to all driver-trainee applicants can elect not to include their contact information in the public listing that appears on the TPR website; however, these training providers will be publicly identified by name, city, and State. This option will be made available at the time of initial registration and can be changed anytime the provider so chooses.

The system of records will also serve as a central repository of driver-trainee ELDT certification information.

Each ELDT training provider is responsible for collecting certain information from its driver trainees, to include the driver-trainee's name, permit or driver license number, State of licensure, license class and/or endorsements, the type of training completed (e.g., Class A or B theory and behind-the-wheel (BTW) training), total number of BTW clock hours (if applicable), and date of completion. Upon a driver's completion of the ELDT training administered by a provider listed on the TPR, providers must, by midnight of the second business day following completion, electronically transmit training certification information through the TPR website. 49 CFR 380.717. The purpose of maintaining these records in the TPR system is two-fold: First, it allows users (SDLAs or third-party skills test examiners authorized by the SDLA) to query the TPR and verify electronically that the applicant completed applicable training prior to conducting the skills test, as required in 49 CFR 383.73(b)(11), or administering the knowledge test to an applicant for the hazardous materials (H) endorsement, as required in 49 CFR 383.73(e)(9). (This use of ELDT information by SDLAs is a routine use, discussed further below.) Second, FMCSA intends to use the ELDT certification information to analyze the safety impact of ELDT and to monitor the efficacy, competence, and performance of training providers. If the audits or investigations conducted by FMCSA, or its authorized representatives, identifies material deficiencies pertaining to the training provider's program, operations, or eligibility, FMCSA may consider the removal of the training provider from the TPR pursuant to 49 CFR 380.721.

The Department is proposing three routine uses for this system of records tied directly to the purpose of the system. The first routine use would allow the provision of the training provider's legal name, location, phone number, website address, and the type of ELDT offered, to members of the public to allow entry-level drivers the necessary information to locate a provider in his or her locality. The second proposed routine use would allow the transmission of a driver's ELDT certification information in response to mandatory queries made by SDLAs (and third-party skills testers authorized by the SDLA) prior to conducting the applicable skills test. This routine use will allow CDL skills examiners to verify the driver's eligibility to take the required test(s) as outlined in the ELDT regulations. The third proposed routine use would allow the transmission of a driver's ELDT certification information in response to mandatory queries made by SDLAs prior to conducting the knowledge test for the H endorsement. This routine use will allow SDLAs to verify the driver's eligibility to take the test.

FMCSA has also included DOT General Routine Uses, to the extent they are compatible with the purposes of this System. As recognized by the Office of Management and Budget (OMB) in its Privacy Act Implementation Guidance and Responsibilities (65 FR 19746 (July 9, 1975)), the routine uses include proper and necessary uses of information in the system, even if such uses occur infrequently. FMCSA has included in this notice routine uses for disclosures to law enforcement when the record, on its face, indicates a violation of law, to DOJ for litigation purposes, or when necessary in investigating or responding to a breach of this system or other agencies' systems. DOT may disclose to Federal, State, local, or foreign agency information relevant to law enforcement, litigation, and proceedings before any court or adjudicative or administrative body. OMB has long recognized that these types of routine uses are “proper and necessary” uses of information and qualify as compatible with agency systems (65 FR 19476, April 11, 2000). In addition, OMB Memorandum M-17-12, directed agencies to include routine uses that will permit sharing of information when needed to investigate, respond to, and mitigate a breach of a Federal information system. DOT also has included routine uses that permit sharing with the National Archives and Records Administration when necessary for an inspection, to any federal government agency engaged in audit or oversight related to this system, or when DOT determines that the disclosure will detect, prevent, or mitigate terrorism activity. These types of disclosures are necessary and proper uses of information in this system because they further DOT's obligation to fulfil its records management and program management responsibilities by facilitating accountability to agencies charged with oversight in these areas, and DOT's obligation under Intelligence Reform and Terrorism Prevention Act of 2004, Public Law 108-456, and Executive Order 13388 (Oct. 25, 2005) to share information necessary and relevant to detect, prevent, disrupt, preempt, or mitigate the effects of terrorist activities against the territory, people, and interests of the United States.

Privacy Act

The Privacy Act (5 U.S.C. 552a) governs the means by which the federal government agencies collect, maintain, use, and disseminate individuals' records. The Privacy Act applies to information that is maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency from which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. The Privacy Act extends rights and protections to individuals who are U.S. citizens and lawful permanent residents. Additionally, the Judicial Redress Act (JRA) provides a covered person with a statutory right to make requests for access and amendment to covered records, as defined by the JRA, along with judicial review for denials of such requests. In addition, the JRA prohibits disclosures of covered records, except as otherwise permitted by the Privacy Act.

Below is the description of the Training Provider Registry System of Records. In accordance with 5 U.S.C. 552 a(r), DOT has provided a report of this system of records to the OMB and to Congress.

SYSTEM NAME AND NUMBER:

DOT/FMCSA 012—Entry-Level Driver Training Provider Registry (TPR).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Records are maintained in a FedRAMP-certified third-party cloud environment. The contracts are maintained by DOT at 1200 New Jersey Avenue SE, Washington, DC 20590.

SYSTEM MANAGER(S):

System Manager, Commercial Driver License Division, Office of Safety Programs, FMCSA, U.S. Department of Transportation, 1200 New Jersey Avenue SE, Washington, DC 20590.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Moving Ahead for Progress in the 21st Century Act (MAP-21) (Pub. L. 112-141, section 32304, 126 Stat. 405, 791 (July 6, 2012)).

PURPOSE(S) OF THE SYSTEM:

The purpose of the system is to (1) collect and maintain information on training providers listed on the TPR; (2) collect and maintain certification information on drivers who have completed entry-level training; and (3) allow access to entry-level driver training certification information by SDLAs and third-party examiners for the purposes of ensuring entry-level drivers have completed required training prior to seeking a CDL or endorsement.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Categories of individuals within this system include: Entry-level drivers and training providers operating as individuals (i.e., not affiliated with a motor carrier or independent commercial driver training school).

CATEGORIES OF RECORDS IN THE SYSTEM:

Categories of records in the system include:

Training Provider Information:

• Training provider legal name
• Training provider mailing address
• Training provider location of training and required records
• Training provider telephone number
• Training provider email address
• Unique training provider identification number

ELDT Certification Information:

• Entry-level driver legal name
• Entry-level driver's license/commercial learner's permit/commercial driver's license (as applicable)
• State of licensure
• Commercial driver's license class and/or endorsement and type of training (theory and/or BTW) the driver-trainee completed
• Total number of clock hours the driver-trainee spent to complete the BTW training, as applicable
• Name of the training provider and its unique TPR identification number
• Date(s) of training completion

RECORD SOURCE CATEGORIES:

Training providers submit both records about themselves and of driver-trainees who complete required entry-level driver training.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DOT as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

System Specific Routine Uses

1. To the public, the training provider's legal name, location, phone number, website address, and the type of ELDT offered to allow entry-level drivers the necessary information to locate a provider in his or her locality.

2. To SDLAs, including third-party skills test examiners authorized by the State, the driver's training record, for verification that an applicant seeking a Class A or Class B CDL, and/or a P or S endorsement, has completed the required ELDT before administering requisite skills test(s) to the individual.

3. To SDLAs, the driver's training record, for verification that an applicant seeking a H endorsement has completed the required ELDT before administering the knowledge test for that endorsement.

Department General Routine Users

1. In the event that a system of records maintained by DOT to carry out its functions indicates a violation or potential violation of law, whether civil, criminal or regulatory in nature, and whether arising by general statute or particular program pursuant thereto, the relevant records in the system of records may be referred, as a routine use, to the appropriate agency, whether Federal, State, local or foreign, charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation, or order issued pursuant thereto.

2a. Routine Use for Disclosure for Use in Litigation. It shall be a routine use of the records in this system of records to disclose them to the Department of Justice or other federal agency conducting litigation when—(a) DOT, or any agency thereof, or (b) Any employee of DOT or any agency thereof, in his/her official capacity, or (c) Any employee of DOT or any agency thereof, in his/her individual capacity where the Department of Justice has agreed to represent the employee, or (d) The United States or any agency thereof, where DOT determines that litigation is likely to affect the United States, is a party to litigation or has an interest in such litigation, and the use of such records by the Department of Justice or other federal agency conducting the litigation is deemed by DOT to be relevant and necessary in the litigation, provided, however, that in each case, DOT determines that disclosure of the records in the litigation is a use of the information contained in the records that is compatible with the purpose for which the records were collected.

2b. Routine Use for Agency Disclosure in Other Proceedings. It shall be a routine use of records in this system to disclose them in proceedings before any court or adjudicative or administrative body before which DOT or any agency thereof, appears, when—(a) DOT, or any agency thereof, or (b) Any employee of DOT or any agency thereof in his/her official capacity, or (c) Any employee of DOT or any agency thereof in his/her individual capacity where DOT has agreed to represent the employee, or (d) The United States or any agency thereof, where DOT determines that the proceeding is likely to affect the United States, is a party to the proceeding or has an interest in such proceeding, and DOT determines that use of such records is relevant and necessary in the proceeding, provided, however, that in each case, DOT determines that disclosure of the records in the proceeding is a use of the information contained in the records that is compatible with the purpose for which the records were collected.

3. Disclosure may be made to a Congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual. In such cases, however, the Congressional office does not have greater rights to records than the individual. Thus, the disclosure may be withheld from delivery to the individual where the file contains investigative or actual information or other materials which are being used, or are expected to be used, to support prosecution or fines against the individual for violations of a statute, or of regulations of the Department based on statutory authority. No such limitations apply to records requested for Congressional oversight or legislative purposes; release is authorized under 49 CFR 10.35(9).

4. One or more records from a system of records may be disclosed routinely to the National Archives and Records Administration (NARA) in records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.

5. DOT may make available to another agency or instrumentality of any government jurisdiction, including State and local governments, listings of names from any system of records in DOT for use in law enforcement activities, either civil or criminal, or to expose fraudulent claims, regardless of the stated purpose for the collection of the information in the system of records. These enforcement activities are generally referred to as matching programs because two lists of names are checked for match using automated assistance. This routine use is advisory in nature and does not offer unrestricted access to systems of records for such law enforcement and related antifraud activities. Each request will be considered on the basis of its purpose, merits, cost effectiveness and alternatives using Instructions on reporting computer matching programs to the Office of Management and Budget, OMB, Congress, and the public, published by the Director, OMB, dated September 20, 1989.

6. DOT may disclose records from this system, as a routine use, to appropriate agencies, entities, and persons when (1) DOT suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; (2) DOT has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by DOT or another agency or entity) that rely upon the compromised information; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DOT's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

7. DOT may disclose records from this system, as a routine use, to the Office of Government Information Services for the purpose of (a) resolving disputes between FOIA requesters and federal agencies and (b) reviewing agencies' policies, procedures, and compliance in order to recommend policy changes to Congress and the President.

8. DOT may disclose records from the system, as a routine use, to contractors and their agents, experts, consultants, and others performing or working on a contract, service, cooperative agreement, or other assignment for DOT, when necessary to accomplish an agency function related to this system of records.

9. DOT may disclose records from this system, as a routine use, to an agency, organization, or individual for the purpose of performing audit or oversight operations related to this system of records, but only such records as are necessary and relevant to the audit or oversight activity. This routine use does not apply to intra-agency sharing authorized under Section (b)(1) of the Privacy Act.

10. DOT may disclose from this system, as a routine use, records consisting of, or relating to, terrorism information (6 U.S.C. 485(a)(5)), homeland security information (6 U.S.C. 482(f)(1)), or Law enforcement information (Guideline 2 Report attached to White House Memorandum, “Information Sharing Environment”, November 22, 2006) to a Federal, State, local, tribal, territorial, foreign government and/or multinational agency, either in response to its request or upon the initiative of the Component, for purposes of sharing such information as is necessary and relevant for the agencies to detect, prevent, disrupt, preempt, and mitigate the effects of terrorist activities against the territory, people, and interests of the United States of America, as contemplated by the Intelligence Reform and Terrorism Prevention Act of 2004 (Pub. L. 108-458) and Executive Order 13388 (October 25, 2005).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records in this system are stored electronically on a contractor-maintained cloud storage service.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records of training providers may be retrieved by the following data elements: Training provider's name, location, city, state, type of CDL training offered, and training provider number. Records of driver-trainees may be retrieved by the following data elements: CDL holder's name, license number, and commercial learner's permit number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

FMCSA proposes to maintain training records of individual drivers for 60 years or until notified that the driver is deceased. This retention period is consistent with other CDL driver records maintained by SDLAs. FMCSA proposes to maintain training provider registration information for 60 years. This retention period is consistent with the proposed record scheduled for training records of individuals and allows FMCSA to maintain a complete and accurate history. The records schedule for the TPR records is currently being developed and will be submitted for approval by the National Archives and Records Administration (NARA). All records maintained in the system of records will not be disposed of and will be treated as permanent records until the schedule is approved by NARA.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records in this system are safeguarded in accordance with applicable rules and policies, including all applicable DOT automated systems security and access policies. Appropriate controls have been imposed to minimize the risk of compromising the information that is being stored and ensuring confidentiality of communications using tools such as encryption, authentication of sending parties, and compartmentalizing databases; and employing auditing software. TPR data is encrypted at rest and in transit. Access to records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions. All personnel with access to data are screened through background investigations commensurate with the level of access required to perform their duties.

RECORD ACCESS PROCEDURES:

Individuals seeking access to and notification of any record contained in this system of records, or seeking to contest its content, may submit a request to the System Manager in writing in writing to the address provided under “System Manager and Address.” Individuals may also search the public docket at www.regulations.gov by their name.

When seeking records about yourself from this system of records or any other Departmental system of records your request must conform with the Privacy Act regulations set forth in 49 CFR part 10. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. While no specific form is required, you should provide the following:

• An explanation of why you believe the Department would have information on you;
• Identify which component(s) of the Department you believe may have the information about you;
• Specify when you believe the records would have been created;
• Provide any other information that will help the FOIA staff determine which DOT component agency may have responsive records; and

If your request is seeking records pertaining to another living individual, you must include a statement from that individual certifying his/her agreement for you to access his/her records. Without this bulleted information, the Department may not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations.

CONTESTING RECORD PROCEDURES:

FMCSA depends upon training providers to submit data as accurately as possible. If a driver finds inaccurate information pertaining to ELDT Certification Information in the TPR, or inaccurate information was transmitted to the SDLA, drivers must contact the training provider that conducted the training to request that corrections be submitted to the TRP as appropriate. Once the corrections have been made, the training provider should resubmit the Training Certification Information form to the TPR, noting the corrections made. Upon receipt of the updated certification, the TPR will automatically retain a record of the information. In the event the driver-trainee wishes to obtain the revised training certification information, they will need to contact the training provider that conducted the training.

If a training provider discovers that information contained in the TPR is inaccurate, the training provider may make corrections by accessing their TPR account on the TPR and submitting an updated Training Provider Registration form (OMB Control number 2126-0028).

Individuals seeking to contest the content of any record pertaining to him or her in this system may also contact the System Manager following the Privacy Act procedures in 49 CFR part 10, subpart E, Correction of Records. Written requests for correction must conform with the Privacy Act regulations set forth in 49 CFR part 10. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the FMCSA Freedom of Information Act Officer https://www.fmcsa.dot.gov/foia/foia-requestsorfoia2@dot.gov.

NOTIFICATION PROCEDURES:

Individuals seeking to contest the content of any record pertaining to him or her in the system may contact the System Manager following the procedures described in “Record Access Procedures” above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.