[Federal Register Volume 84, Number 79 (Wednesday, April 24, 2019)]
[Notices]
[Pages 17234-17239]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-08171]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

National Highway Traffic Safety Administration

[Docket No. DOT-OST-2019-0057]


Privacy Act of 1974; Department of Transportation, National 
Highway Traffic Safety Administration; DOT/NHTSA-415; Vehicle Owner 
Questionnaire (VOQ) System

AGENCY: National Highway Traffic Safety Administration, Department of 
Transportation.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the National 
Highway Traffic Safety Administration (NHTSA) proposes to update, 
reissue, and rename a previously published Department of Transportation 
(DOT) system of records titled, ``Department of Transportation--DOT/
NHTSA 415 Artemis/Vehicle Owner Complaint Information.'' This system of 
records allows NHTSA to collect and retain complaints, letters 
communicating vehicle or equipment concerns, and supporting 
documentation which may include photos, videos, police accident 
reports, repair invoices or medical information (collectively, 
``vehicle owner questionnaires'' or ``VOQs'') submitted by or on behalf 
of vehicle or equipment owners and lessees (consumers). NHTSA updated 
the notice with regards to: System Name to Vehicle Owner Questionnaire 
(VOQ) System to appropriately identify the specific records maintained 
in the Artemis system covered by the Privacy Act; System Location to 
include NHTSA's current address and the location of the

[[Page 17235]]

Federal disaster recovery facility in Stennis, MS; System Managers to 
update the name and contact information for the system's current points 
of contact; Authority for Maintenance of the System to reflect the 
system's underlying authority; Purposes to provide clarity and 
facilitate understanding of NHTSA investigation and recall processes; 
Categories of Records to provide greater clarity of the type of records 
and information included in the system; Record Source Categories to 
provide additional information about the mechanisms used by NHTSA for 
collecting records in the system; and Routine Uses to modify an 
existing routine use to permit sharing of records with manufacturers 
named in VOQs earlier in NHTSA's investigation and recall processes 
than permitted under the previously published system of records notice 
(SORN), unless a consumer ``opts-out'' at the time of collection, and 
to provide additional details and clarification about NTHSA referrals 
of complaints to other agencies; and Policies and Practices for 
Storage, Retrieval, Retention and Disposal of Records, respectively, to 
provide additional information about the location of the system, 
methods of retrieval, individuals permitted to retrieve records, and to 
specify the applicable NARA record retention schedule; Administration, 
Technical and Physical Safeguards to detail the privacy-risk mitigating 
controls applicable to the system. Additionally, this notice includes 
non-substantive changes to simplify and clarify the language, 
formatting, and text of the previously published notice to align with 
the requirements of Office of Management and Budget Memoranda A-108. 
This updated system, Vehicle Owner Questionnaire (VOQ) System, will be 
included in the Department of Transportation's inventory of record 
systems.

DATES: Written comments must be submitted on or before May 24, 2019. 
The modified system will be effective immediately with the exception of 
the modified routine use which will be effective May 24, 2019.

ADDRESSES: You may submit comments, identified by docket number DOT-
OST-2019-0057 by one of the following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: 202-493-2251.
     Mail: Department of Transportation Docket Management, Room 
W12-140, 1200 New Jersey Ave. SE, Washington, DC 20590.
    Instructions: You must include the agency name and docket number, 
DOT-OST-2019-0057. All comments received will be posted without change 
to http://www.regulations.gov, including any personal information 
provided.
    Privacy Act: In accordance with 5 U.S.C. 553(c), DOT solicits 
comments from the public to better inform its rulemaking process. DOT 
posts these comments, without edit, to www.regulations.gov. In order to 
facilitate comment tracking and response, we encourage commenters to 
provide their name, or the name of their organization; however, 
submission of names is completely optional. Whether or not commenters 
identify themselves, all timely comments will be fully considered. If 
you wish to provide comments containing proprietary or confidential 
information, please contact the agency for alternate submission 
instructions.
    Docket: For access to the docket to read background documents or 
comments received, go to https://www.regulations.gov or to the street 
address listed above. Follow the online instructions for accessing.

FOR FURTHER INFORMATION CONTACT: For system-related questions please 
contact Jeff Giuseppe (202-366-1605), [email protected], Associate 
Administrator, Enforcement, NHTSA, 1200 New Jersey Ave. SE, Washington, 
DC 20590. For privacy questions, please contact: Claire W. Barrett 
(202-366-8135), [email protected]. Departmental Chief Privacy Officer, 
Department of Transportation, 1200 New Jersey Ave. SE, Washington, DC 
20590.

SUPPLEMENTARY INFORMATION:

I. Background

    In accordance with the Privacy Act of 1974, NHTSA proposes to 
update, reissue, and rename a previously published DOT system of 
records titled, ``Department of Transportation--DOT/NHTSA 415 Artemis/
Vehicle Owner Complaint Information.'' The updated system of records 
consists of VOQs submitted by or on behalf of consumers.
    Under 49 U.S.C. Chapter 301, NHTSA Office of Defects Investigation 
(ODI), is responsible for identifying, investigating and ensuring the 
remedy, through safety recalls conducted by manufacturers, of safety-
related defects and non-compliance issues in motor vehicles and items 
of motor vehicle equipment. To accomplish this, ODI collects and 
evaluates information from several different sources: Consumers, motor 
vehicle and equipment manufacturers, State and local law enforcement, 
insurance companies, automobile dealers, advocacy groups, and other 
entities. Among the types of information collected by ODI are VOQs that 
can be submitted through NHTSA's website https://www.NHTSA.gov, through 
a telephone hotline where an operator inputs the consumer's information 
into an electronic form, or a hard copy form sent to NHSTA by mail. ODI 
also receives letters from consumers and their Congressional 
representatives communicating vehicle and equipment concerns that the 
Agency, in addition to or in place of the questionnaire form. This 
system enables NHTSA to facilitate the defect investigation and recall 
processes, which may include contacting consumers regarding their 
complaints or recalls affecting their vehicle. ODI relies on the 
Advanced Retrieval (Tire, Equipment, Motor Vehicles) Information System 
(ARTEMIS) to provide centralized storage, document management and data 
analysis tools for all information collected in support of the defect 
investigation process, including VOQs. NHTSA uses the information in 
this system to help the Agency identify, investigate and ensure that 
manufactures remedy, through recall, replacement or repair, (1) 
potential safety defects and failures to comply with Federal Motor 
Vehicle Safety Standards (FMVSS) in motor vehicles and items of motor 
vehicle equipment, and (2) problems with the scope, administration, 
notification or remedy of a recall. NHTSA also may use the email 
addresses and Vehicle Identification Numbers (VINs) collected, to 
contact consumers whose vehicles are the subject of VOQs, and to notify 
consumers via email of open recalls applicable to the vehicles or 
equipment referenced in their VOQs.
    Changes to the System Name, System Location, System Managers, 
Authority, Purpose, Categories of Individuals Covered by the System, 
Categories of Records in the System, Record Source Categories, Policies 
and Practices for Storage, Retrieval, Retention and Disposal of 
Records, and Safeguards improve transparency, but do not reflect 
substantive changes to the Notice. In particular, NHTSA's change to the 
System Name is intended to clarify for members of the public that only 
VOQs (as defined above) and not all documents stored in ARTEMIS, are 
part of the VOQ Privacy Act system of records that is the subject of 
this notice.
    Changes to the SORN include:
    1. System Name to Vehicle Owner Questionnaire (VOQ) System to 
appropriately identify the specific records maintained in the Artemis 
system covered by the Privacy Act;

[[Page 17236]]

    2. System Location to include NHTSA's current address and the 
location of the Federal disaster recovery facility in Stennis, MS;
    3. System Managers to update the name and contact information for 
the system's current points of contact;
    4. Authority for Maintenance of the System to reflect the system's 
underlying authority;
    5. Purposes to provide clarity and facilitate understanding of 
NHTSA investigation and recall processes;
    6. Categories of Records to provide greater clarity of the type of 
records and information included in the system;
    7. Record Source Categories to provide additional information about 
the mechanisms used by NHTSA for collecting records in the system;
    8. Routine Uses to modify an existing routine use to permit sharing 
of records with manufacturers named in VOQs earlier in NHTSA's 
investigation and recall processes than permitted under the previously 
published SORN, unless a consumer ``opts-out'' at the time of 
collection;
    9. Routine uses to replace a general routine use permitting NHTSA 
to refer complaints to other state or federal agencies with three 
separate routines uses specifying that NHTSA may share consumer 
complaints with the National Transportation Safety Board (NTSB) in 
connect with NTSB investigations of surface transportation incidents, 
and highway accidents and incidents including those at railway grade 
crossings; to the Consumer Product Safety Commission to support 
enforcement of consumer product safety laws; to the Federal Trade 
Commission in matters involving potential unfair or deceptive 
practices;
    10. Routine uses to add a routine use permitting NHTSA to share 
with the Department of Homeland Security consumer complaints indicative 
of a cybersecurity vulnerability impacting critical infrastructure;
    11. Routine Uses to remove internal uses of the information in the 
VOQ by ODI which are more appropriately addressed in the system's 
Purpose.
    12. Policies and Practices for Storage, Retrieval, Retention and 
Disposal of Records, respectively, to provide additional information 
about the location of the system, methods of retrieval, individuals 
permitted to retrieve records, and to specify the applicable NARA 
record retention schedule;
    13. Administration, Technical and Physical Safeguards to detail the 
privacy-risk mitigating controls applicable to the system.
    14. Additionally, this notice includes non-substantive changes to 
simplify and clarify the language, formatting, and text of the 
previously published notice to align with the requirements of Office of 
Management and Budget Memoranda A-108. This updated system, Vehicle 
Owner Questionnaire (VOQ) System, will be included in the Department of 
Transportation's inventory of record systems.
    NHTSA routinely publishes VOQs without personally identifiable 
information (PII) on its public facing website. A critical piece of 
information included in a VOQ is the VIN. A VIN is coded information 
that a vehicle manufacturer assigns to each vehicle it produces. This 
code contains seventeen alphanumeric characters that provide 
information about the vehicle. The first eleven characters identify the 
manufacturer and various generic attributes of the vehicle, such as the 
make, model, model year, body style, engine type, wheel base, 
supplemental restraint system and production plant, etc. The last six 
characters are the number sequentially assigned by the manufacturer in 
the production process. This sequential number is the part of the VIN 
that identifies a specific vehicle such as build history, standard or 
optional equipment packages and service history (and makes it possible 
through a search of public records to determine the identity of the 
owner). Because the VIN provides significant data, a VIN is critical to 
NHTSA's and a manufacturer's assessment and evaluation of potential 
safety issues in motor vehicles. NHTSA publishes the first eleven 
characters of the seventeen characters of VIN because, without the last 
six characters, the VIN cannot be linked to an individual. The public, 
including vehicle equipment manufacturers, can view these complaints 
with the truncated VIN and access the general make, model, model year 
attributes of the vehicle. Without the full seventeen character VIN, a 
manufacturer is unable to identify the precise vehicle that has 
experienced a potential safety related defect. Without such 
information, a manufacturer is unable to learn of vehicle specific 
information and focus on or identify potential safety issues.
    The previously published SORN permitted NHTSA to share PII, 
including the full VIN, in VOQs with the manufacturer of the vehicle or 
equipment identified in a VOQ only after the agency has opened a formal 
investigation or a manufacturer has commenced a recall. In NHTSA's 
view, providing manufacturers and other stakeholders earlier access to 
PII in VOQs is critical to improving highway safety because earlier 
access will help manufacturers to identify the specific vehicle and its 
attributes that is subject to the complaint and remedy safety defects 
and noncompliance issues in a more timely manner than under the 
previously published SORN. Modifying this routine use will permit NHTSA 
to share VOQs with manufacturers on a routine basis as soon as is 
practicable after receipt by the Agency. Sharing these records at an 
earlier stage than permitted under the previously published SORN is 
compatible with the original vehicle safety purposes of the system 
because it allows NHTSA to provide manufacturers with information 
necessary to definitively identify the build history, equipment 
options, and repair history of a vehicles identified in a VOQ, and to 
identify, investigate and work with NHTSA to remedy a potential safety 
defect, failure to comply with an FMVSS or recall administration, scope 
or remedy issue.
    To limit the potential privacy risks of sharing consumer contact 
information with manufacturer of the vehicles or equipment identified 
in the VOQ, NHTSA updated its collection instrument (see 2127-0008) to 
include explicit opt-out. Consumers who choose to opt-out will not have 
their information shared with the manufacturer of the vehicles or 
equipment identified in the VOQs unless the Agency opens an 
investigation or a recall is initiated. The Agency takes consumer 
privacy seriously and has included this new ``opt out'' feature in the 
VOQ form in order to provide consumers with additional control over 
their personal information. To enhance transparency, the ``opt-out'' 
appears in a prominent place in the electronic form maintained on the 
Department's public website, and will be communicated to consumers by 
hotline operators at the end of each hotline call. If consumers, at the 
point and time of collection, either check an ``opt out'' box on the 
VOQ form or direct the hotline operator collecting their information 
over the telephone to do so, NHTSA will not share with manufacturers 
the personal information provided in response to VOQ questions unless 
the Agency opens up a defect investigation or a recall takes place. At 
that point, an existing routine use permits the Agency to share their 
VOQs with the manufacturer of the vehicles or equipment identified in 
the VOQs. In addition to the approximately 70,000 VOQs filed annually 
directly with NHTSA, the Agency also receives approximately 1500 
letters per year

[[Page 17237]]

from consumers or consumers' Congressional representatives 
communicating vehicle and equipment concerns that the Agency may 
convert into VOQs. It is not practicable for NHTSA to provide this 
small subset of consumers with the opportunity to ``opt out'' of 
sharing their personal information with the manufacturer of the 
vehicles or equipment identified in their letters. For this reason, 
NHTSA will pursue a privacy-positive course of action and assign ``opt-
out'' status to the VOQs generated from these letters. NHTSA will not 
share their personal information with the manufacturer of the vehicles 
or equipment identified in these letters unless the Agency opens a 
defect investigation or a recall is commenced.
    To further enhance transparency, NHTSA is adding a routine use 
concerning comments received in the free form narrative section of the 
web based VOQ form and VOQs received through the hotline. The publicly 
available VOQs are on NHTSA's website, accessed through NHTSA.gov. As 
part of the online VOQ form, NHTSA has a free text narrative section 
that requests that the consumer ``In your own words, tell us what 
happened.'' NHTSA provides notice to the consumer that any text 
submitted will be made public without edits. Once the individual 
submits the online form, NHTSA publishes these comments without edit 
and other non-personal identifying information in the VOQ to NHTSA's 
public website. In order to advise the public how NHTSA uses the 
narrative comments in a VOQ, NTHSA is establish a routine use this 
system of records. This routine use is compatible with the purpose of 
collection, which is to provide the public with information concerning 
potential safety related defects and noncompliance with a federal motor 
vehicle safety standard.
    Finally, NHTSA is replacing pre-existing, generally-worded, routine 
use that permits NTHSA to share consumer complaints with ``appropriate 
State or Federal agenc[ies] for actions involving matters of law or 
regulation beyond the responsibility'' of NHSTA with three separate 
routine uses that specify the agencies with and purposes for which 
NHTSA shares information. This does not reflect a change in the types 
of disclosures NTSHA has or will make under the routine use, but is 
merely intended to provide clarity and transparency into how NHTSA 
shares information with other agencies. NHTSA also is updating its 
routine uses to permit disclosure to DHS when the consumer complaint 
evidences a potential cybersecurity vulnerability impacting 
transportation critical infrastructure. These routine uses are 
compatible with the purpose of the collection as a ``necessary and 
proper'' use of the information, as discussed more below. Individuals 
who provide VOQ information to NHTSA do so because they are seeking 
Federal agency intervention to address a potential issue with their 
vehicle. When the potential issue relates to a matter outside of 
NHTSA's jurisdiction, individuals may expect that NHTSA will share the 
information with the Federal agencies having jurisdiction for the 
matter. Thus, this routine use with compatible with the purpose of the 
collection, which is to identify, investigate and remedy potential 
safety defects.
    NHTSA is updating this Notice to include Departmental general 
routine uses previously incorporated by reference, to the extent that 
they are compatible with the purposes of this System. As recognized by 
the Office of Management and Budget (OMB) in its Privacy Act 
Implementation Guidance and Responsibilities (65 FR 19746, July 9, 
1975), the routine uses include all proper and necessary uses of 
information in the system, even if such uses occur infrequently. NHTSA 
has included in this Notice general routine uses for disclosures to law 
enforcement when the record, on its face, indicates a violation of law, 
to DOJ for litigation purposes, or when necessary in investigating or 
responding to a breach of this system or other agencies' systems. NHTSA 
must work with DOT to take appropriate action to address any apparent 
violations of the law, and to share information with legal counsel in 
the Department of Justice when necessary for litigation. OMB has long 
recognized that these types of routine uses are ``proper and 
necessary'' uses of information and qualify as compatible with agency 
systems. 65 FR 19476. In addition, by OMB Memorandum M-17-12, OMB 
directed agencies to include routine uses that will permit sharing of 
information when needed to investigate, respond to, and mitigate a 
breach of a Federal information system. NHTSA also has included routine 
uses that permit sharing with the National Archives and Records 
Administration when necessary for an inspection, to any Federal 
government agency engaged in audit or oversight related to this system, 
or when DOT determines that the disclosure will detect, prevent, or 
mitigate terrorism activity. These types of disclosures are necessary 
and proper uses of information in this system because they further 
DOT's obligation to fulfil its records management and program 
management responsibilities by facilitating accountability to agencies 
charged with oversight in these areas, and the Department's obligation 
under Intelligence Reform and Terrorism Prevention Act of 2004, Public 
Law 108-456, and Executive Order 13388 (Oct. 25, 2005) to share 
information necessary and relevant to detect, prevent, disrupt, 
preempt, or mitigate the effects of terrorist activities against the 
territory, people, and interests of the United States.
    Finally, this system includes a routine use to permit sharing with 
our contractors, consultants, experts, grantees, and others when 
necessary to fulfill a NHTSA function related to this System. Agencies 
routinely engage assistance of these types of individuals in the 
fulfillment of their duties, such as contract support necessary to 
maintain the database in which these records are housed. NHTSA relies 
on contract support to maintain this system, and disclosures for this 
purpose are compatible with the purpose of the collection.

System Name and Number:
    Vehicle Owner Questionnaire System DOT/NHTSA 415.

Security Classification:
    Unclassified, Sensitive.

System Location:
    Records are maintained at the Department of Transportation 
Headquarters, 1200 New Jersey Ave., Washington, DC 20590, and at the 
Federal disaster recovery facility in Stennis, MS.

System Manager(s):
    Stephen A. Ridella, Ph.D., Director, Office of Defects 
Investigation, National Highway Traffic Safety Administration, U.S. 
Department of Transportation, 1200 New Jersey Avenue SE, Washington, DC 
20590, 202-366-4703, [email protected].

Authority for Maintenance of the System:
    49 U.S.C. 30116, 30118-22, 30166.

Purpose of the System:
    To assist NHTSA to identify, investigate and ensure that 
manufactures remedy, through recall, replacement or repair, potential 
safety defects and failures to comply with FMVSS in motor vehicles and 
items of motor vehicle equipment. To assist NHTSA to identify, 
investigate and ensure that manufactures remedy problems with the 
scope, administration, notification or remedy of a recall. For these 
purposes, NHTSA routinely retrieves VOQs by name or

[[Page 17238]]

assigned identifier to contact motor vehicle drivers or owners 
experiencing safety problems or witnesses and other individuals with 
information relevant to the agency's investigative or remedial efforts.

Categories of Individuals Covered by the System:
    Owners of motor vehicles and motor vehicle equipment, as well as 
users of leased motor vehicles and motor vehicle equipment, who have 
filed, or on whose behalf have been filed VOQs, or who send letters to 
the agency directly or through their representatives (e.g., advocates, 
attorneys or Congressmen) concerning motor vehicle safety.

Categories of Records in the System:
    The standard questionnaire format collects information that assists 
NHTSA to identify and identify potential defects, recall issues, and 
instances of noncompliance. The information submitted by or on behalf 
of an individual includes the following:
     Vehicle identification number (VIN).
     Make, model and year of relevant vehicle.
     Part affected.
     A narrative field that permits the individual to describe 
in his or her own words what happened.
     Photographs/supporting documentation.
     Date of incident.
     Was there a crash.
     Was there a fire.
     Was there an injury or fatality.
     Speed at time.
     Number of miles on the vehicle.
     First and last name.
     Email address.
     Street address.
     Telephone/alt telephone number.
    Individuals may also submit supporting documentation with a 
questionnaire or letter. NHTSA does not control the data submitted in 
these records and it may include personal information. Supporting 
documentation includes:
     Repair invoices.
     Insurance claims.
     Vehicle crash information.
     Police accident reports.
     Photographs and video image recordings of vehicles, parts, 
bodies or body parts.

Record Source Categories:
    Consumers, to include; vehicle owners, drivers of leased vehicles, 
and individuals or organizations submitting VOQs to NHTSA on their 
behalf.

Routine Uses of Records Maintained in the System, Including Categories 
of Users and the Purposes of Such Uses:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the information 
contained in this system may be disclosed outside of DOT as a routine 
use pursuant to 5 U.S.C. 552a(b)(3) as follows:

System Specific Routine Uses:
    1. To manufacturers prior to the initiation of a formal 
investigation by the Department, an entire VOQ information to respond 
to consumer complaints and research the cause of the complaint, except 
when consumers ``opt out'' of such sharing at the point and time of 
collection. Information from individuals who submit VOQs by means other 
than the NHTSA website will be treated as if the individual has opt-
out;
    2. To manufacturers, after the Agency opens an investigation, to 
allow them to investigate owner complaints and researching the root 
cause of the alleged problem;
    3. To the National Transportation Safety Board (NTSB) an entire VOQ 
to support NTSB investigations of surface transportation incidents, 
highway accidents and incidents, including incidents at railway grade 
crossings;
    4. To the Consumer Product Safety Commission (CPSC) an entire VOQ 
to support identification of violations and enforcement of consumer 
product safety laws;
    5. To the Federal Trade Commission an entire VOQ in matters 
involving potential unfair or deceptive trade practices;
    6. To the Department of Homeland Security (DHS) if the VOQ is 
indicative of a cybersecurity vulnerability impacting critical 
infrastructure; and
    7. To members of the public through NHTSA.gov website, information 
included in the narrative portion of the form questionnaire. 
Individuals are notified at the time of the VOQ submission that all 
information provided in the narrative will be made publicly available 
without edit.

Department General Routine Uses:
    The U.S. Department of Transportation has established general 
routine uses applicable to all systems maintained by DOT. The following 
DOT general routine uses apply to this system of records:
    1. In the event that a system of records maintained by DOT to carry 
out its functions indicates a violation or potential violation of law, 
whether civil, criminal or regulatory in nature, and whether arising by 
general statute or particular program pursuant thereto, the relevant 
records in the system of records may be referred, as a routine use, to 
the appropriate agency, whether Federal, State, local or foreign, 
charged with the responsibility of investigating or prosecuting such 
violation or charged with enforcing or implementing the statute, or 
rule, regulation, or order issued pursuant thereto.
    2a. Routine Use for Disclosure for Use in Litigation. It shall be a 
routine use of the records in this system of records to disclose them 
to the Department of Justice or other Federal agency conducting 
litigation when--
    (a) DOT, or any agency thereof, or
    (b) Any employee of DOT or any agency thereof (including a member 
of the Coast Guard), in his/her official capacity, or
    (c) Any employee of DOT or any agency thereof (including a member 
of the Coast Guard), in his/her individual capacity where the 
Department of Justice has agreed to represent the employee, or
    (d) The United States or any agency thereof, where DOT determines 
that litigation is likely to affect the United States, is a party to 
litigation or has an interest in such litigation, and the use of such 
records by the Department of Justice or other Federal agency conducting 
the litigation is deemed by DOT to be relevant and necessary in the 
litigation, provided, however, that in each case, DOT determines that 
disclosure of the records in the litigation is a use of the information 
contained in the records that is compatible with the purpose for which 
the records were collected.
    2b. Routine Use for Agency Disclosure in Other Proceedings. It 
shall be a routine use of records in this system to disclose them in 
proceedings before any court or adjudicative or administrative body 
before which DOT or any agency thereof, appears, when--
    (a) DOT, or any agency thereof, or
    (b) Any employee of DOT or any agency thereof (including a member 
of the Coast Guard) in his/her official capacity, or
    (c) Any employee of DOT or any agency thereof (including a member 
of the Coast Guard) in his/her individual capacity where DOT has agreed 
to represent the employee, or
    (d) The United States or any agency thereof, where DOT determines 
that the proceeding is likely to affect the United States, is a party 
to the proceeding or has an interest in such proceeding, and DOT 
determines that use of such records is relevant and necessary in the 
proceeding, provided, however, that in each case, DOT determines that

[[Page 17239]]

disclosure of the records in the proceeding is a use of the information 
contained in the records that is compatible with the purpose for which 
the records were collected.
    3. One or more records from a system of records may be disclosed 
routinely to the National Archives and Records Administration in 
records management inspections being conducted under the authority of 
44 U.S.C. 2904 and 2906.
    4. DOT may disclose records from this system, as a routine use, to 
appropriate agencies, entities, and persons when (1) DOT suspects or 
has confirmed that the security or confidentiality of information in 
the system of records has been compromised; (2) DOT has determined that 
as a result of the suspected or confirmed compromise there is a risk of 
harm to economic or property interests, identity theft or fraud, or 
harm to the security or integrity of this system or other systems or 
programs (whether maintained by DOT or another agency or entity) that 
rely upon the compromised information; and (3) the disclosure made to 
such agencies, entities, and persons is reasonably necessary to assist 
in connection with DOT's efforts to respond to the suspected or 
confirmed compromise and prevent, minimize, or remedy such harm.
    5. DOT may disclose records from this system, as a routine use, to 
the Office of Government Information Services for the purpose of (a) 
resolving disputes between FOIA requesters and Federal agencies and (b) 
reviewing agencies' policies, procedures, and compliance in order to 
recommend policy changes to Congress and the President.
    6. DOT may disclose records from this system, as a routine use, to 
contractors and their agents, experts, consultants, and others 
performing or working on a contract, service, cooperative agreement, or 
other assignment for DOT, when necessary to accomplish an agency 
function related to this system of records.
    7. DOT may disclose records from this system, as a routine use, to 
an agency, organization, or individual for the purpose of performing 
audit or oversight operations related to this system of records, but 
only such records as are necessary and relevant to the audit or 
oversight activity. This routine use does not apply to intra-agency 
sharing authorized under Section (b)(1) of the Privacy Act.
    8. DOT may disclose from this system, as a routine use, records 
consisting of, or relating to, terrorism information (6 U.S.C. 
485(a)(5)), homeland security information (6 U.S.C. 482(f)(1)), or Law 
enforcement information (Guideline 2 Report attached to White House 
Memorandum, ``Information Sharing Environment, November 22, 2006) to a 
Federal, State, local, tribal, territorial, foreign government and/or 
multinational agency, either in response to its request or upon the 
initiative of the Component, for purposes of sharing such information 
as is necessary and relevant for the agencies to detect, prevent, 
disrupt, preempt, and mitigate the effects of terrorist activities 
against the territory, people, and interests of the United States of 
America, as contemplated by the Intelligence Reform and Terrorism 
Prevention Act of 2004 (Pub. L. 108-458) and Executive Order 13388 
(October 25, 2005).

Policies and Practices for Storage of Records:
    Records are maintained in electronic systems and hard copy at DOT 
Headquarters, 1200 New Jersey Ave. SE, Washington, DC 20590 and at the 
Federal disaster recovery facility in Stennis, MS.

Policies and Practices for Retrieval of Records:
    NHTSA staff and agents routinely retrieve VOQs by consumer name or 
personal identifier.

Policies and Practices for Retention and Disposal of Records:
    Pursuant to approved NARA Schedule N1-416-05-003 (Office of Defect 
Investigation Files), NHTSA: (1) Destroys VOQ information provided by 
consumers 15 years after receipt; (2) destroys investigation files, 
including any VOQs in the files, 15 years after the date of the 
resolution of an investigation when the investigation did not lead to a 
court decision; and (3) retains on a permanent basis investigation 
files, including any VOQs in the files, when an investigation leads to 
a court decision, but transfers legal custody of the files to NARA 
after 15 years. Original hard copy records collected from consumers and 
others are scanned into ARTEMIS and then destroyed.

Administrative, Technical and Physical Safeguards:
    The VOQ system is protected by a multi-layer security approach to 
prevent unauthorized access to personally identifiable information 
through appropriate administrative, physical, and technical safeguards. 
Protective strategies include: Implementing physical access controls at 
DOT facilities; ensuring confidentiality of communications using tools 
such as encryption, authentication of sending parties, and 
compartmentalizing databases; and employing auditing software and 
personnel screening to ensure that all personnel with access to data 
are screened through background investigations commensurate with the 
level of access required to perform their duties. Records maintained in 
hard copy are stored in locked file cabinets until they can be scanned 
and uploaded to ARTEMIS and subsequently destroyed.

Record Access Procedures:
    An individual wishing to gain access to any record pertaining to 
him or her in the system should send his or her name, address, 
telephone number, and a description of the record(s) sought to the U.S. 
Department of Transportation, Privacy Act Officer, Office of the Chief 
Information Officer, 1200 New Jersey Avenue SE, Washington, DC 20590.

Contesting Record Procedures:
    An individual seeking to contest information contained in a record 
pertaining to him or her in this system should address written 
inquiries to the U.S. Department of Transportation, Privacy Act 
Officer, Office of the Chief Information Officer, 1200 New Jersey 
Avenue SE, Washington, DC 20590. Inquiries should include name, 
address, telephone number, and a description of the record and 
information being contested.

Notification Procedures:
    An individual seeking to determine whether a record pertaining to 
him or her is contained in this system should address written inquiries 
to the U.S. Department of Transportation, Privacy Act Officer, Office 
of the Chief Information Officer, 1200 New Jersey Avenue SE, 
Washington, DC 20590. Inquiries should include name, address, telephone 
number, and identify the system that is the subject of the inquiry.

Exemptions Promulgated for the System:
    None.

History:
    The last full Federal Register Notice pertaining to this system 
that contained all SORN elements was published on September 3, 2004 (69 
FR 53971-53972).

    Issued in Washington, DC on April 18, 2019.
Claire W. Barrett,
Departmental Chief Privacy Officer, Department of Transportation.
[FR Doc. 2019-08171 Filed 4-23-19; 8:45 am]
 BILLING CODE 4910-9X-P


