[Federal Register Volume 84, Number 199 (Tuesday, October 15, 2019)]
[Notices]
[Pages 55222-55223]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-22398]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Office of the Secretary

[Docket No. DOT-OST-2019-0140]


Privacy Act of 1974; System of Records; Amendment of a General 
Routine Use

AGENCY: Office of the Secretary of Transportation, Department of 
Transportation.

ACTION: Amendment to existing Privacy Act general routine use.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, as amended, the Department of Transportation's Office of the 
Secretary of Transportation (DOT/OST) is amending an existing general 
routine use for all DOT systems of records. The amended routine use is 
consistent with a recommendation in a memorandum issued by the Office 
of Management and Budget (OMB) on January 3, 2017 (Memorandum M-17-12 
``Preparing for and Responding to a Breach of Personally Identifiable 
Information''). OMB's memorandum recommends that all Federal agencies 
publish two routine uses for their systems allowing for the disclosure 
of personally identifiable information to the appropriate parties in 
the course of responding to a breach or suspected breach of data 
maintained in a system of records.

DATES: Submit comments on or before November 14, 2019. Changes to this 
system will be effective November 14, 2019.

ADDRESSES: You may submit comments, identified by Docket Number DOT-
OST-2019-0140, by one of the following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: (202) 493-2251.
     Mail: Claire Barrett, Departmental Chief Privacy Officer, 
Office of the Chief Information Officer, U.S. Department of 
Transportation, 1200 New Jersey Ave. SE, Washington, DC 20590.
     Instructions: All submissions received must include the 
agency name and docket number DOT-OST-2019-0140, for this notice. All 
comments received will be posted without change to http://www.regulations.gov, including any personal information provided.
     Docket: For access to the docket to read background 
documents or comments received, go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Claire Barrett, Departmental Chief 
Privacy Officer, Office of the Chief Information Officer, U.S. 
Department of Transportation, 1200 New Jersey Ave. SE, Washington, DC 
20590 or privacy@dot.gov or (202) 366-8135. For legal questions, 
contact Evan Baylor, Honors Attorney, Office of General Counsel, at 
evan.baylor@dot.gov.

SUPPLEMENTARY INFORMATION: The Privacy Act of 1974, as amended, 5 
U.S.C. 552a, governs the means by which the United States Government 
collects, maintains, and uses personally identifiable information (PII) 
in a system of records. A ``system of records'' is a group of any 
records under the control of a Federal agency from which information 
about individuals is retrieved by name or other personal identifier. 
The Privacy Act requires each agency to publish in the Federal 
Register, for public notice and comment, a system of records notice 
(SORN) identifying and describing each system of records the agency 
maintains, including the purposes for which the agency uses PII in the 
system and the routine uses for which the agency discloses such 
information outside the agency. As provided in ``Privacy Act 
Guidelines'' issued by the Office of Management and Budget (OMB) on 
July 1, 1975 (see 40 FR 28966), once an agency has published a routine 
use that will apply to all of its systems of record (i.e., a general 
routine use) in the Federal Register for public notice and comment, the 
agency may thereafter incorporate the publication by reference in each 
system's SORN without inviting further public comment on that use. To 
date, DOT has published 15 general routine uses (see 65 FR 19476 
published April 11, 2000; 68 FR 8647 published February 23, 2003; 75 FR 
82132 published December 29, 2010; and 77 FR 42796 published July 20, 
2012).
    The amended general routine use reflects a non-substantive change 
to an existing DOT general routine use (see 75 FR 82132, published 
December 29, 2010). The amended general routine use implemented by this 
Notice reflects the two pieces of the existing general routine use in 
two parts: (a) A general routine use for disclosure of records in 
response to a breach or suspected breach of DOT's systems of records 
and (b) a general routine use for disclosure of records in response to 
breach or suspected breach of another agency's systems of records.
    The amended general routine uses are compatible with the purposes 
for which the information to be disclosed under these general routine 
uses was originally collected. Individuals whose personally 
identifiable information is in DOT systems expect their information to 
be secured. Sharing their information with appropriate parties in the 
course of responding to a confirmed or suspected breach of a DOT 
system, or another agency's system, will help DOT and all Federal 
agencies protect them against potential misuse of their information by 
unauthorized persons.
    For the reasons above, the existing general routine use 11 is 
amended to reflect the OMB guidance, reflected in a new 11a and 11b, as 
follows:
    11a. To appropriate agencies, entities, and persons when (1) DOT 
suspects or has confirmed that there has been a breach of the system of 
records; (2) DOT has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, DOT (including 
its information systems, programs, and operations), the Federal

[[Page 55223]]

Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with DOT's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm.
    11b. To another Federal agency or Federal entity, when DOT 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.

Claire Barrett,
DOT Chief Privacy Officer.
[FR Doc. 2019-22398 Filed 10-11-19; 8:45 am]
 BILLING CODE 4910-9X-P


