83 FR 50053 - Maintenance of and Access to Records Pertaining to Individuals

DEPARTMENT OF TRANSPORTATION
Office of the Secretary

Federal Register Volume 83, Issue 193 (October 4, 2018)

Page Range		50053-50055
FR Document		2018-21440

This proposed rulemaking would amend the Department of Transportation's Privacy Act regulations to exempt the Department of Transportation's new insider threat program system of records from certain requirements of the Privacy Act to protect properly classified information from disclosure, preserve the integrity of insider threat inquiries, and protect the identities of sources in such inquiries and any related investigations.

Federal Register, Volume 83 Issue 193 (Thursday, October 4, 2018)

[Federal Register Volume 83, Number 193 (Thursday, October 4, 2018)]
[Proposed Rules]
[Pages 50053-50055]
From the Federal Register Online [www.thefederalregister.org]
[FR Doc No: 2018-21440]

[[Page 50053]]

=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Office of the Secretary

49 CFR Part 10

[Docket No. OST-2016-0028]
RIN 2105-AE46

Maintenance of and Access to Records Pertaining to Individuals

AGENCY: Office of the Secretary (OST), U.S. Department of
Transportation (DOT).

ACTION: Noticed of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: This proposed rulemaking would amend the Department of
Transportation's Privacy Act regulations to exempt the Department of
Transportation's new insider threat program system of records from
certain requirements of the Privacy Act to protect properly classified
information from disclosure, preserve the integrity of insider threat
inquiries, and protect the identities of sources in such inquiries and
any related investigations.

DATES: Submit comments on or before December 3, 2018.

ADDRESSES: You may file comments identified by the docket number DOT-
OST-2016-0028 by any of the following methods:
Federal Rulemaking Portal: Go to http://www.regulations.gov and follow the online instructions for submitting
comments.
Mail: Docket Management Facility, U.S. Department of
Transportation, 1200 New Jersey Ave. SE, West Building Ground Floor,
Room W12-140, Washington, DC 20590-0001.
Hand Delivery or Courier: West Building Ground Floor, Room
W12-140, 1200 New Jersey Ave. SE, between 9:00 a.m. and 5:00 p.m. ET,
Monday through Friday, except Federal holidays.
Fax: 202-493-2251.
Instructions: You must include the agency name and docket number
DOT-OST-2016-0028 or the Regulatory Identification Number (RIN) for the
rulemaking at the beginning of your comment. All comments received will
be posted without change to http://www.regulations.gov, including any
personal information provided.
Privacy Act: Anyone is able to search the electronic form of all
comments received in any of our dockets by the name of the individual
submitting the comment (or signing the comment, if submitted on behalf
of an association, business, labor union, etc.) You may review DOT's
system of records notice for dockets in the Federal Register notice
published on January 17, 2008 (73 FR 3316-3317).
Docket: For access to the docket to read background documents or
comments received, go to http://www.regulations.gov or to the street
address listed above. Follow the online instructions for accessing the
docket.

FOR FURTHER INFORMATION CONTACT: Claire Barrett, Departmental Chief
Privacy Officer, Office of the Chief Information Officer, U.S.
Department of Transportation, 1200 New Jersey Avenue SE, Washington, DC
20590 or privacy@dot.gov or (202) 366-8135.

SUPPLEMENTARY INFORMATION: Executive Order 13587, Structural Reforms to
Improve the Security of Classified Networks and the Responsible Sharing
and Safeguarding of Classified Information, directs Federal departments
and agencies to establish insider threat programs consistent with
guidance and standards developed by the National Insider Threat Task
Force, which was established under section 6 of Executive Order 13587.
The National Insider Threat Policy and Minimum Standards for Executive
Branch Insider Threat Programs were issued in November 2012. As
described in Executive Order 13587 and the National Insider Threat
Policy and Minimum Standards for Executive Branch Insider Threat
Programs, insider threat programs are intended to deter and detect
insider threats and mitigate the risks associated with an individual
using his or her authorized access to Government information and
facilities to do harm to the security of the United States. The
potential harms posed by an insider threat can include espionage,
terrorism, unauthorized disclosure of national security information, or
the loss or degradation of Government resources or capabilities.
The DOT has established an Insider Threat Program within the Office
of the Secretary (OST) and the Federal Aviation Administration (FAA).
Together, these programs are referred to as the ``DOT Insider Threat
Program.'' The DOT Insider Threat Program will adhere to the
requirements of Executive Order 13587, and the National Insider Threat
Policy and Minimum Standards for Executive Branch Insider Threat
Programs, and include protocols for reporting and responding to
potential or suspected insider threat activity.
The Privacy Act of 1974, 5 U.S.C. 552a, requires that agencies tell
the public when they maintain information about a person in a file
which is retrieved by reference to that person's name or some other
identifying particular. A group of these files is a ``system of
records,'' and the existence of each system must be published in a
``system of records notice'' (SORN). In accordance with the Privacy
Act, DOT proposes to create a new DOT system of records titled, ``DOT/
ALL 26 Insider Threat Program'' for insider threat program records.
This notice will be published in the Federal Register.
The DOT Insider Threat Program will maintain information about DOT
employees about whom the DOT Insider Threat Program has received
reports of indicia of potential insider threats from other Federal
agencies, DOT employees, or any other source. As defined in Executive
Order 12968, a DOT employee, for purposes of the DOT Insider Threat
Program, means ``a person, other than the President and Vice President,
employed by, detailed or assigned to, an agency, including members of
the Armed Forces; an expert or consultant to an agency; an industrial
or commercial contractor, licensee, certificate holder; or any other
category of person who acts for or on behalf of an agency, as
determined by the'' Secretary of Transportation or, for the FAA, the
FAA Administrator. A licensee, certificate holder (such an airman), or
grantee, who is not also a DOT employee, is generally excluded from the
DOT Insider Threat Program; however, such individuals may be included
if a determination is made that the nature and extent of an
individual's access to DOT personnel, facilities, equipment, systems,
networks, operations, and information necessitates their inclusion.
The DOT Insider Threat Program will review reports of indicia of
potential insider threats in accordance with established DOT and FAA
Insider Threat Program management policy and procedures, as applicable.
Based on this review, an appropriate authorized OST or FAA official
will determine whether to proceed with an insider threat inquiry, refer
the matter to appropriate law enforcement officials, close the matter,
or take other appropriate action. Insider threat inquiries will be
comprised primarily of existing DOT information assets, including, but
not limited to, records from information security, personnel security,
and human resources, and also may include information obtained from
other Federal agencies or from publicly available resources (such as
internet searches). The DOT Insider Threat Program records also will be
used to track reports of indicia of potential insider threats, whether
or not an inquiry was opened, the rationale for opening or not opening
an inquiry; the disposition of all inquiries, and referrals to law

[[Page 50054]]

enforcement (such as the DOT Office of the Inspector General or the
Federal Bureau of Investigation), and to report on DOT's Insider Threat
Program activities.
An agency wishing to exempt portions of some systems of records
from certain provisions of the Privacy Act must notify the public of
that exemption in both the SORN and in an exemption rule. This proposed
rule would exempt certain records maintained by the DOT Insider Threat
Program from the access and notification provisions of the Privacy Act.
An exemption from these requirements would be necessary to: Protect
classified national security information; preclude the subject of an
inquiry from frustrating an inquiry or evading detection; avoid
disclosure of insider threat inquiry techniques; protect the identity
of confidential informants and third parties; and support DOT and FAA's
ability to obtain information relevant to resolving an insider threat
concern. The DOT or FAA may take administrative or other appropriate
action within scope of their respective legal authorities in response
to an insider threat inquiry or, if circumstances indicate a potential
violation of law or a national security concern, refer the matter to
the appropriate law enforcement or intelligence entity, such as the DOT
Office of Inspector General or the Federal Bureau of Investigation.
Thus, the system of records may include some classified national
security information and, thus, insofar as it does, the subsection
(k)(1) exemption (5 U.S.C. 552a(k)(1)) would be applicable. In
addition, an insider threat inquiry is comprised of records compiled
for law enforcement and the subsection (k)(2) exemption (5 U.S.C.
552a(k)(2) would be applicable to this system of records.
In appropriate circumstances, where compliance with the request
would not appear to interfere with or adversely affect the conduct of
an insider threat inquiry or result in the unauthorized disclosure of
classified information, OST or FAA may opt to waive these exemptions.
In addition, some information may be available under the Freedom of
Information Act, 5 U.S.C. 552 (FOIA). Any request for information from
this system under the FOIA would be assessed on a case-by-case basis to
determine what, if any, information could be released consistent with
section (b)(2) of the Privacy Act, 5 U.S.C. 552a(b)(2).
The DOT identifies a system of records that is exempt from one or
more provisions of the Privacy Act (pursuant to 5 U.S.C. 552a(j) or
(k)) both in the SORN published in the Federal Register for public
comment and in an Appendix to DOT's regulations implementing the
Privacy Act (49 CFR part 10, Appendix). This rule would exempt records
in the Insider Threat Program system of records from subsections (c)(3)
(Accounting of Certain Disclosures), (d) (Access to Records), (e)(1)
and (e)(4)(G) through (I) (Agency Requirements) and (f) (Agency Rules)
of the Privacy Act to the extent that records are properly classified,
in accordance with 5 U.S.C. 552a(k)(1), or consist of investigatory
material compiled for law enforcement purposes in accordance with 5
U.S.C. 552a(k)(2).

Regulatory Analysis and Notices

A. Executive Order 12866 (Regulatory Planning and Review) and DOT
Regulatory Policies and Procedures

The DOT has considered the impact of this proposed rulemaking
action under Executive Orders 12866 and 13563 (January 18, 2011,
``Improving Regulation and Regulatory Review''), and the DOT's
regulatory policies and procedures (44 FR 11034; February 26, 1979).
The DOT has determined that this action would not constitute a
significant regulatory action within the meaning of Executive Order
12866 and within the meaning of DOT regulatory policies and procedures.
This rulemaking has not been reviewed by the Office of Management and
Budget. This rulemaking is not anticipated to result in any costs.
Since these records would be exempt from certain provisions of the
Privacy Act, DOT would not have to expend any funds in order to
administer those aspects of the Act.

B. Regulatory Flexibility Act

DOT has evaluated the effect these changes would have on small
entities and does not believe that this rulemaking would impose any
costs on small entities because the reporting requirements themselves
are not changed and because the rule applies only to information on
individuals that is maintained by the Federal Government or that is
already publically available. Therefore, I hereby certify that this
proposal would not have a significant economic impact on a substantial
number of small entities.

C. National Environmental Policy Act

The Department has analyzed the environmental impacts of this
proposed action pursuant to the National Environmental Policy Act of
1969 (42 U.S.C. 4321 et seq.) and has determined that it is
categorically excluded pursuant to DOT Order 5610.1C, Procedures for
Considering Environmental Impacts (44 FR 56420, Oct. 1, 1979).
Categorical exclusions are actions identified in an agency's NEPA
implementing procedures that do not normally have a significant impact
on the environment and therefore do not require either an environmental
assessment (EA) or environmental impact statement (EIS). See 40 CFR
1508.4. In analyzing the applicability of a categorical exclusion, the
agency must also consider whether extraordinary circumstances are
present that would warrant the preparation of an EA or EIS. Id.
Paragraph 3.c.5 of DOT Order 5610.1C incorporates by reference the
categorical exclusions for all DOT Operating Administrations. This
action is covered by the categorical exclusion listed in the Federal
Highway Administration's implementing procedures, ``[p]romulgation of
rules, regulations, and directives.'' 23 CFR 771.117(c)(20). The
purpose of this rulemaking is to amend the Appendix to DOT's Privacy
Act regulations. The Department does not anticipate any environmental
impacts and there are no extraordinary circumstances present in
connection with this rulemaking.

D. Executive Order 12898 (Environmental Justice)

The Department evaluated the environmental effects of this proposed
rule in accordance with Executive Order 12898, Federal Actions to
Address Environmental Justice in Minority Populations and Low-Income
Populations, and DOT Order, 5010.2(a), 91 FR 27534 (May 10, 2012)
(available online at www.fhwa.dot.gov/enviornment/environmental_justice/ej_at_dot/order_56102a/index.cfm), which require
DOT to achieve environmental justice (EJ) as part of its mission by
identifying and addressing, as appropriate, disproportionately high and
adverse human health or environmental effects, including interrelated
social and economic effects, of its programs, policies, and activities
on minority and low income populations in the United States. The DOT
Order requires DOT to address compliance with the Executive Order and
the DOT Order in all rulemaking activities. The Department has
evaluated this proposed rule under the Executive Order and the DOT
Order, and has determined preliminarily that the rule would not cause
disproportionately high and adverse human health and environmental
effects on minority or low income populations.

[[Page 50055]]

E. Executive Order 13132 (Federalism)

This proposed action has been analyzed in accordance with the
principles and criteria contained in Executive Order 13132, Federalism,
dated August 4, 1999, and it has been determined that it would not have
a substantial direct effect on, or sufficient Federalism implications
for, the States, nor would it limit the policymaking discretion of the
States. Therefore, the preparation of a Federalism Assessment is not
necessary.

F. Executive Order 13084 (Consultation and Coordination With Indian
Tribal Governments)

This action has been analyzed in accordance with the principles and
criteria contained in Executive Order 13084 (``Consultation and
Coordination with Indian Tribal Governments''). Because it would not
effect on Indian Tribal Governments, the funding and consultation
requirements of Executive Order 13084 do not apply.

G. Paperwork Reduction Act

Under the Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3501, et
seq.), Federal agencies must obtain approval from the Office of
Management and Budget for each collection of information they conduct,
sponsor, or require through regulations. The DOT has determined that
this action would not contain a collection of information requirement
for the purposes of the PRA.

H. Unfunded Mandates Reform Act

Title II of the Unfunded Mandates Reform Act of 1995 (UMRA) (Pub.
L. 104-4, 109 Stat. 48, March 22, 1995) requires Federal agencies to
assess the effects of certain regulatory actions on State, local, and
tribal governments; and the private sector. The UMRA requires a written
statement of economic and regulatory alternatives for proposed and
final rules that contain Federal mandates. A ``Federal mandate'' is a
new or additional enforceable duty, imposed on any State, local, or
tribal Government; or the private sector. If any Federal mandate causes
those entities to spend, in aggregate, $143.1 million or more in any
one year (adjusted for inflation), an UMRA analysis is required. This
proposed rule would not impose Federal mandates on any State, local, or
tribal governments; or the private sector.

List of Subjects in 49 CFR Part 10

Penalties, Privacy.

In consideration of the foregoing, DOT proposes to amend part 10 of
title 49, Code of Federal Regulations, as follows:

0
1. The authority citation for part 10 continues to read as follows:

Authority: 5 U.S.C. 552a; 49 U.S.C. 322.

0
2. Amend the Appendix to Part 10 by:
0
a. In Part II, adding paragraphs A.10, B.4., F.5., and G.2.
The revisions and additions read as follows:

APPENDIX TO PART 10--EXEMPTIONS

Part II. Specific Exemptions
A. * * *
10. Insider Threat Program (DOT/ALL 26),
B. * * *
4. Insider Threat Program (DOT/ALL 26).
* * * * *
F. * * *
5. Insider Threat Program (DOT/ALL 26).
* * * * *
G. * * *
2. Insider Threat Program (DOT/ALL 26).

Issued in Washington, DC, on August 17, 2018.
Elaine L. Chao,
Secretary.
[FR Doc. 2018-21440 Filed 10-3-18; 8:45 am]
BILLING CODE 4910-9X-P

Federal Register / Vol. 83, No. 193 / Thursday, October 4, 2018 / Proposed Rules 50055

E. Executive Order 13132 (Federalism) ■ 1. The authority citation for part 10 devices (ELDs) to participate to address
This proposed action has been continues to read as follows: potential implementation issues, should
analyzed in accordance with the Authority: 5 U.S.C. 552a; 49 U.S.C. 322. changes to the HOS rules be made. The
principles and criteria contained in listening session will be held at the U.S.
■ 2. Amend the Appendix to Part 10 by: Department of Transportation in
Executive Order 13132, Federalism, ■ a. In Part II, adding paragraphs A.10,
dated August 4, 1999, and it has been Washington, DC. The listening session
B.4., F.5., and G.2.
determined that it would not have a will be webcast for the benefit of those
The revisions and additions read as
substantial direct effect on, or sufficient not able to attend in person. The
follows:
Federalism implications for, the States, listening session will allow interested
nor would it limit the policymaking APPENDIX TO PART 10— persons to present comments, views,
discretion of the States. Therefore, the EXEMPTIONS and relevant research on topics
preparation of a Federalism Assessment Part II. Specific Exemptions mentioned above. All comments will be
is not necessary. A. * * * transcribed and placed in the
10. Insider Threat Program (DOT/ALL 26), rulemaking docket for the FMCSA’s
F. Executive Order 13084 (Consultation B. * * * consideration.
and Coordination With Indian Tribal 4. Insider Threat Program (DOT/ALL 26).
Governments) DATES: The listening session will be
* * * * * October 10, 2018, in Washington, DC, at
This action has been analyzed in F. * * * the U.S. Department of Transportation,
accordance with the principles and 5. Insider Threat Program (DOT/ALL 26). 1200 New Jersey Avenue SE,
criteria contained in Executive Order * * * * * Washington, DC 20590. The listening
13084 (‘‘Consultation and Coordination G. * * * session will begin at 1 p.m. (EDT) and
with Indian Tribal Governments’’). 2. Insider Threat Program (DOT/ALL 26). end at 3 p.m., or earlier, if all
Because it would not effect on Indian Issued in Washington, DC, on August 17, participants wishing to express their
Tribal Governments, the funding and 2018. views have done so.
consultation requirements of Executive Elaine L. Chao, ADDRESSES: The October 10, 2018,
Order 13084 do not apply.
Secretary. meeting will be held at the U.S.
G. Paperwork Reduction Act [FR Doc. 2018–21440 Filed 10–3–18; 8:45 am] Department of Transportation, 1200
Under the Paperwork Reduction Act BILLING CODE 4910–9X–P New Jersey Avenue SE, Washington, DC
of 1995 (PRA) (44 U.S.C. 3501, et seq.), 20590.
Federal agencies must obtain approval You may submit comments identified
from the Office of Management and DEPARTMENT OF TRANSPORTATION by Docket Number FMCSA–2018–0248
Budget for each collection of using any of the following methods:
information they conduct, sponsor, or
Federal Motor Carrier Safety • Federal eRulemaking Portal: http://
Administration www.regulations.gov. Follow the online
require through regulations. The DOT
has determined that this action would instructions for submitting comments.
not contain a collection of information 49 CFR Part 395 • Mail: Docket Management Facility,
requirement for the purposes of the [Docket No. FMCSA–2018–0248] U.S. Department of Transportation, 1200
PRA. New Jersey Avenue SE, West Building,
RIN 2126–AC19 Ground Floor, Room W12–140,
H. Unfunded Mandates Reform Act Washington, DC 20590–0001.
Hours of Service • Hand Delivery or Courier: West
Title II of the Unfunded Mandates
Reform Act of 1995 (UMRA) (Pub. L. AGENCY: Federal Motor Carrier Safety Building, Ground Floor, Room W12–
104–4, 109 Stat. 48, March 22, 1995) Administration (FMCSA), DOT. 140, 1200 New Jersey Avenue SE,
requires Federal agencies to assess the ACTION: Notice of public listening Washington, DC, between 9 a.m. and 5
effects of certain regulatory actions on session. p.m., Monday through Friday, except
State, local, and tribal governments; and Federal holidays.
the private sector. The UMRA requires SUMMARY: The FMCSA announces that it • Fax: 202–493–2251.
a written statement of economic and will hold a public listening session • Submissions Containing
regulatory alternatives for proposed and concerning potential changes to its Confidential Business Information (CBI):
final rules that contain Federal hours-of-service (HOS) rules for truck Mr. Brian Dahlin, Chief, Regulatory
mandates. A ‘‘Federal mandate’’ is a drivers. On August 23, 2018, FMCSA Analysis Division, 1200 New Jersey
new or additional enforceable duty, published an Advance Notice of Avenue SE, Washington, DC 20590.
imposed on any State, local, or tribal Proposed Rulemaking (ANPRM) seeking To avoid duplication, please use only
Government; or the private sector. If any public comment on four specific aspects one of these four methods. See the
Federal mandate causes those entities to of the HOS rules for which the Agency ‘‘Public Participation and Request for
spend, in aggregate, $143.1 million or is considering changes: The short-haul Comments’’ portion of the
more in any one year (adjusted for HOS limit; the HOS exception for SUPPLEMENTARY INFORMATION section for
inflation), an UMRA analysis is adverse driving conditions; the 30- instructions on submitting comments,
required. This proposed rule would not minute rest break provision; and the including collection of information
impose Federal mandates on any State, split-sleeper berth rule to allow drivers comments for the Office of Information
daltland on DSKBBV9HB2PROD with PROPOSALS

local, or tribal governments; or the to split their required time in the sleeper and Regulatory Affairs, OMB.
private sector. berth. In addition, the Agency requested FOR FURTHER INFORMATION CONTACT: For
public comment on petitions for special accommodations for the HOS
List of Subjects in 49 CFR Part 10
rulemaking from the Owner-Operator listening session, such as sign language
Penalties, Privacy. Independent Drivers Association interpretation, contact Ms. Shannon L.
In consideration of the foregoing, DOT (OOIDA) and TruckerNation.org Watson, Senior Advisor to the Associate
proposes to amend part 10 of title 49, (TruckerNation). The Agency Administrator for Policy, (202) 385–
Code of Federal Regulations, as follows: encourages vendors of electronic logging 2395 or at shannon.watson@dot.gov,

VerDate Sep<11>2014 16:40 Oct 03, 2018 Jkt 247001 PO 00000 Frm 00018 Fmt 4702 Sfmt 4702 E:\FR\FM\04OCP1.SGM 04OCP1

Document Created: 2018-10-04 02:02:56
Document Modified: 2018-10-04 02:02:56

Category		Regulatory Information
Collection		Federal Register
sudoc Class		AE 2.7: GS 4.107: AE 2.106:
Publisher		Office of the Federal Register, National Archives and Records Administration
Section		Proposed Rules
Action		Noticed of proposed rulemaking.
Dates		Submit comments on or before December 3, 2018.
Contact		Claire Barrett, Departmental Chief Privacy Officer, Office of the Chief Information Officer, U.S. Department of Transportation, 1200 New Jersey Avenue SE, Washington, DC 20590 or [email protected] or (202) 366-8135.
FR Citation		83 FR 50053
RIN Number		2105-AE46
CFR Associated		Penalties and Privacy

83 FR 50053 - Maintenance of and Access to Records Pertaining to Individuals

DEPARTMENT OF TRANSPORTATIONOffice of the Secretary

Federal Register Volume 83, Issue 193 (October 4, 2018)

DEPARTMENT OF TRANSPORTATION
Office of the Secretary