Rule 31-1-10.2 - Security and Privacy Requirements1. The purpose of the Security and Privacy Requirements is to make all employees who use the National Driving Record aware of the controls that are necessary to ensure that NDR information is obtained and used as prescribed by Federal law. The request and receipt of NDR information are subject to the provisions of the NDR Act of 1982 ( Public Law 97-364) and to section 552a of Title 5, United States Code (the Privacy Act of 1974). Each of these laws contains provisions enacted to promote governmental respect for citizens' privacy.2. Since state personnel request and receive NDR information, they must share the responsibility for preventing unauthorized access and use of this information. The chief driver licensing official is ultimately responsible for ensuring that proper controls in relation to NDR information are established and adhered to by all members of the state staff. It is recommended that all employees who handle NDR information be required to become familiar with the contents of this document and to sign the statement of understanding that follows (or a similar statement).3.NDR Access Restrictions:Chief driver licensing officials are authorized to access and use NDR information for purposes of fulfilling their duties with respect to driver licensing, driver improvement, and transportation safety. Transportation safety purposes means information requests submitted on behalf of other parties authorized by the NDR Act of 1982 to receive information, such as employers of motor vehicle and railroad locomotive operators and certain federal agencies. Any other use or access by anyone not prescribed by law is unauthorized.
4.Privacy Requirements:a. The NDR-PDPS is a federal system of records, as defined by the Privacy Act of 1974, and complies with the requirements of that Act. Under that Act, the NDR-PDPS is required, among other things:i. To permit individuals to review any records pertaining to them and have a copy made of all or any portion thereof in a form comprehensible to them.ii. To permit individuals to request amendment of records pertaining to them, to request review of refusals to amend records pertaining to them, and to inform them of the provisions for judicial review of the reviewing official's determination.iii. Other than driver licensing or driver improvement inquiries, not to disclose any NDR-PDP records by any means of communication to anyone except pursuant to a written request or with the prior written consent of the individual to whom the record pertains.b. States are not directly subject to these Privacy Act Requirements. However, because the NDR contains state records, and because the NDR Act permits individuals, and requires other authorized NDR users, to submit their NDR file check requests through the chief driver licensing official of a state, it is necessary for the states to take certain actions to ensure that these requirements are met, namely: i. Permit and assist individuals who wish to access information pertaining to themselves that may be on the NDR file.ii. Ensure that all requests for NDR file checks from individuals and other users are authorized by verifying the identity of the individuals and by ensuring that properly completed and signed request forms and consent forms are submitted for all requests other than driver licensing or driver improvement inquiries.iii. Train existing and new employees on NDR restrictions and penalties for misuse of NDR data.Miss. Code Ann. §§ 45-1-3 and 63-1-201