SUPPLEMENTARY INFORMATION:

Background

In accordance with the Privacy Act of 1974, the DOT/FMCSA is proposing a new system of records titled “DOT/FMCSA 015 FMCSA Registration Records.” The records covered by this notice contain registration information for all entities regulated by FMCSA under 49 U.S.C. Subtitle IV, Part B (commercial jurisdiction) and 49 U.S.C. Subtitle VI, Part B (safety jurisdiction) including, but not limited to: motor carriers, brokers, freight forwarders, intermodal equipment providers, and hazardous materials safety permit applicants/holders (“regulated entities”). The FMCSA registration system also contains information about cargo tank facilities required to register with FMCSA, including cargo tank motor vehicle manufacturers, assemblers, repairers, testers, and design certifying engineers. This system also maintains registration information on intrastate motor carriers located in states requiring them to register with FMCSA. All registration information contained in this system of records is entered by individuals or third parties acting on their behalf.

The FMCSA registration system replaces the Unified Registration System (URS), the Licensing and Insurance (L&I) System. Registration data previously maintained in Motor Carrier Management Information System (MCMIS) will be migrated, and the ( printed page 25757) MCMIS SORN will be updated accordingly. Implementing the registration system allows FMCSA to operate a single, unified registration system for regulated entities, as contemplated by 49 U.S.C. 13908.

Under the current registration process for USDOT Numbers and operating authorities, the Agency's responsibilities include monitoring and enforcing compliance with regulations governing both safety and commerce. Its focus on both concerns—safety and consumer protection—is reflected in the dual path of its current registration process. Companies may find they are subject to both registration requirements—USDOT Number and interstate operating authority—or either one separately. They may also require more than one operating authority or additional permits.

In December 2015, FMCSA deployed the URS, requiring all first-time applicants registering with FMCSA for a new USDOT number and operating authority registration to use this online system. URS consolidated the public facing functionalities of the L&I System and the registration capabilities in MCMIS into a single, online interface. The registration data submitted using URS was still transmitted to and stored as described in the MCMIS SORN. Registered entities would then use the interface for the Agency's legacy registration systems to update their registration information with FMCSA (on an ad hoc or biennial basis) or add any necessary operating authorities or permits. Implementation of the updated registration system, which replaces URS and L&I, allows FMCSA to truly operate a single, unified registration system for regulated entities, as contemplated by 49 U.S.C. 13908.

The routine uses are compatible with the purposes for which the information was collected. Individuals whose personally identifiable information (PII) is in this system of records have provided it to DOT to enable DOT to provide a central collection point for registration records on interstate motor carriers, as well as all regulated entities as described above. The information contained within this system of records will be collected directly from the individual employees or individuals who are the subject of the record, or third parties acting on their behalf. This system will be included in DOT's inventory of record systems.

Privacy Act

The Privacy Act (5 U.S.C. 552a) governs the means by which the Federal Government collects, maintains, and uses PII in a System of Records. A “System of Records” is a group of any records under the control of a Federal agency from which information about individuals is retrieved by name or other personal identifier. The Privacy Act requires each agency to publish in the Federal Register a System of Records Notice (SORN) identifying and describing each System of Records the agency maintains, including the purposes for which the agency uses PII in the system, the routine uses for which the agency discloses such information outside the agency, and how individuals to whom a Privacy Act record pertains can exercise their rights under the Privacy Act ( e.g., to determine if the system contains information about them and to contest inaccurate information). In accordance with 5 U.S.C. 552a(r), DOT has provided a report of this system of records to the Office of Management and Budget (OMB) and to Congress.

SYSTEM NAME AND NUMBER:

DOT/FMCSA 015—FMCSA Registration Records

SECURITY CLASSIFICATION:

Unclassified

SYSTEM LOCATION:

Records are maintained in a FedRAMP-certified third-party cloud environment (Virginia). The contracts are maintained by DOT at 1200 New Jersey Avenue SE, Washington, DC 20590.

SYSTEM MANAGER(S):

Chief, Registration Division, Office of Registration, FMCSA, U.S Department of Transportation, 1200 New Jersey Avenue SE, Washington, DC 20590. Email: FMCSA-MCRS@dot.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

FMCSA's authority to enhance and update its unified registration system comes not only from specific authorities in the Moving Ahead for Progress in the 21st Century Act (MAP-21) (Pub. L. 112-141, 126 Stat. 405, July 6, 2012), but also under its general authority to regulate commercial motor vehicles (CMVs) in 49 U.S.C. Subtitle III, Chapter 51 (hazardous materials); Subtitle IV, Part B (commercial jurisdiction); and 49 U.S.C. Subtitle VI, Part B (safety jurisdiction). This general authority is codified at 49 U.S.C. 13901-13908, and 31134 and in 49 CFR parts 360, 365, 366, 368, 385, 387, and 390. Authority to collect registration information from cargo tank motor vehicle manufacturers, assemblers, repairers, inspectors, testers, and design certifying engineers is found at 49 U.S.C. 5121(a), 49 CFR 1.87(d)(1), and 49 CFR part 107, subpart F.

PURPOSE(S) OF THE SYSTEM:

The purpose of this system is to provide a central collection point for registration records on interstate motor carriers and other entities regulated by the Agency under 49 U.S.C. Subtitle IV, Part B and 49 U.S.C. Subtitle VI, Part B, including, but not limited to regulated entities as described in the Background section.

The system supports FMCSA's statutory responsibilities related to safety oversight, commercial compliance, consumer protection, fraud detection, enforcement of registration and financial responsibility requirements, interagency information sharing, and historical analysis of regulated entities' compliance with Federal motor carrier safety and commercial regulations.

Information collected will be used only to the extent necessary to support these authorized purposes.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

• Individuals who are sole proprietors, owners, or operators of a regulated entity who have provided personally identifiable information, including a Social Security Number (SSN) when operating as a sole proprietor and electing not to obtain an Employer Identification Number (EIN).
• Individuals associated with regulated entities, including company officials, designated registrant employees, safety managers, and authorized account holders.
• Individuals associated with cargo tank facilities required to register with FMCSA, including manufacturers, assemblers, repairers, inspectors, testers, and design certifying engineers.
• Individuals employed by or acting on behalf of insurers, financial institutions, blanket process agent companies, and third-party service providers who submit registration-related information on behalf of registrants.
• Members of the public who submit registration-related protests.

CATEGORIES OF RECORDS IN THE SYSTEM:

Categories of records include structured registration data as well as limited unstructured data submitted through registration-related protest filings.

FMCSA does not solicit unnecessary PII in free-text fields and provides guidance to users to limit submission of sensitive information.

Categories of records in the system include the following information:

Registration Applicants:

• Business Name and operating name. ( printed page 25758)
• Business Address.
• Email address.
• Payment details (e.g., Pay.gov ID, transaction number, date of transaction, transaction amount, and the business for which payment is made) are collected based on the fees required for the specific registration transaction.

While credit cards are used to process payments, FMCSA does not store credit card numbers, expiration dates, SSID, or any other sensitive payment details.

All payments are securely processed through Pay.gov, and no credit card information is retained by FMCSA.

• Phone numbers.
• Designated Registrant Employee(s) (e.g., owner, company official, safety manager, etc.)
• Tax Identification Number (TIN), to include either an EIN or, in the case of an individual operating as a sole proprietor who chooses not to obtain an EIN for their business (against the recommendation of the Agency), that individual's SSN.
• Other Authorized System Users Who Have Been Designated by the Registration Applicant to Provide Information on Behalf of the Applicant (insurance companies, financial institutions, blanket process agents, third-party service providers, etc.)
• Authorized Account Holder Designee(s).

SSNs are collected only when necessary to uniquely identify individual registrants (owner operators also known as sole proprietors) who do not possess an EIN and are used for identity verification, record matching, and administration of registration requirements. SSNs are not disclosed publicly.

The registration system will store the following types of information:

• Census Files. These files contain the USDOT number, carrier legal name and operating name, carrier address, type and size of operation, commodities carried, and other characteristics of the operation for interstate (and some intrastate) motor carriers, intermodal equipment providers, cargo tank facilities, and hazardous materials shippers. They include motor carrier PII consisting of Tax Identification Numbers, which may be either an SSN or EIN.
• Registration-Related Protest Information. FMCSA posts notice of registration applications on a public website. Members of the public may file a protest against the application, which explains the basis of the protest.

The registration system will share information with MCMIS and the following systems or system components:

• Carrier Safety Measurement System (CSMS). CSMS will import registration data from the system. The CSMS provides an assessment of a carrier's regulatory compliance and safety performance. Access is restricted to FMCSA enforcement, federal and local law enforcement personnel, FMCSA HQ staff, Motor Carrier Safety Assistance Program (MCSAP) State lead agencies and law enforcement agencies that are FMCSA grantees.
• Enforcement Management Information System (EMIS). EMIS will import registration data from the system. EMIS is a web-based application used to monitor, track, and store information related to FMCSA enforcement actions. It manages and tracks enforcement actions associated with notifying the carrier, monitoring the carrier's response, determining whether further compliance action is required, fines assessed and collected, and generating reports for various FMCSA Headquarters, FMCSA Service Center, and FMCSA Division staff.
• Analysis & Information (A&I) Online. A&I will import registration data from the system. The A&I provides quick and efficient access to descriptive statistics and analyses regarding commercial vehicle, driver, and carrier safety information. It is used by Federal, State, and local law enforcement personnel, the motor carrier industry, insurance companies, and the public. A&I provides aggregated and non-PII data to the public. Individual-level registration data containing PII is restricted to authorized users.
• Compliance Analysis and Performance Review Information (CAPRI) System. CAPRI will import registration data from the system. The CAPRI is used by Federal and State enforcement personnel when conducting safety investigations (formerly known as “compliance reviews”), specialized cargo tank facility reviews, household good investigations, and hazardous material (HM) shipper reviews.
• Safety Enforcement Tracking and Investigation (SENTRI) System. SENTRI will import registration data from the system. Motor carrier registration information is used to pre-populate the Sentri safety audit data. The SENTRI is used by Federal and State enforcement personnel to record motor carrier and driver information during the course of a New Entrant Safety Audit.
• Performance and Registration Information Systems Management (PRISM) System. PRISM will import registration data from the system. State vehicle registration offices and law enforcement agencies use the data to improve the safety of interstate commercial motor carriers.
• Query Central (QC). QC will import registration data from the system. QC is a secure web application used by Federal and State safety enforcement personnel to conduct queries based on entity name or USDOT number which is matched to data imported from the registration system to QC.
• SafeSpect. SafeSpect will import registration data from the system. SafeSpect is FMCSA's system for collecting data related to the inspection of a commercial motor vehicle, the motor carrier, and its driver. Federal and State safety enforcement personnel will enter a USDOT number or company name and SafeSpect will populate the company's registration information as maintained in the registration system.
• New Entrant Web System (NEWS). NEWS will import registration data from the system. FMCSA and State Enforcement users manage the assignment and processing of onsite and offsite New Entrant safety audits using NEWS.
• FMCSA Customer Relationship Management (CRM). FMCSA CRM will import registration data from the registration system. FMCSA CRM system is used for customer service, user management, user verification via government issued identification (ID) review, tracking, contact recording, data entry, data dissemination, workflow management, contact center service level agreement (SLA) monitoring, knowledge management, and report building. Federal and contact center personnel will enter a USDOT number, or operating authority and FMCSA CRM will populate the company's registration information as maintained in the registration system.

RECORD SOURCE CATEGORIES:

Information may be submitted to the registration system by the following sources:

Registration Applicants, Other Authorized System Users Who Have Been Designated by the Registration Applicant to Provide Information on Behalf of the Applicant (insurance companies, financial institutions, blanket process agents, third-party service providers, etc.), FMCSA Personnel, and Members of the Public Who File Registration-Related Protests.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b), all or a portion of the records or information contained in this system ( printed page 25759) may be disclosed outside DOT as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

System Specific Routine Uses:

1. To Federal, State, and local government agencies for the confirmations of registration related information on registered entities, in the course of investigations and enforcement of applicable statutes and regulations.

2. To State lead agencies and other law enforcement grantees under the FMCSA Motor Carrier Safety Assistance Grant Program and Border Enforcement Grant program, which are federal grant programs that provide financial assistance to states for their work in reducing the frequency and severity of CMV crashes and hazardous materials incidents.

3. To the National Transportation Safety Board (NTSB) upon request by NTSB in connection with its crash investigations involving an individual or entity registered in the registration system.

Department General Routine Uses:

4. In the event that a system of records maintained by DOT to carry out its functions indicates a violation or potential violation of law, whether civil, criminal or regulatory in nature, and whether arising by general statute or particular program pursuant thereto, the relevant records in the system of records may be referred, as a routine use, to the appropriate agency, whether Federal, State, local or foreign, charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation, or order issued pursuant thereto.

5a. Routine Use for Disclosure for Use in Litigation. It shall be a routine use of the records in this system of records to disclose them to the Department of Justice or other federal agency conducting litigation when—(a) DOT, or any agency thereof, or (b) Any employee of DOT or any agency thereof, in their official capacity, or (c) Any employee of DOT or any agency thereof, in their individual capacity where the Department of Justice has agreed to represent the employee, or (d) The United States or any agency thereof, where DOT determines that litigation is likely to affect the United States, is a party to litigation or has an interest in such litigation, and the use of such records by the Department of Justice or other federal agency conducting the litigation is deemed by DOT to be relevant and necessary in the litigation, provided, however, that in each case, DOT determines that disclosure of the records in the litigation is a use of the information contained in the records that is compatible with the purpose for which the records were collected.

5b. Routine Use for Agency Disclosure in Other Proceedings. It shall be a routine use of records in this system to disclose them in proceedings before any court or adjudicative or administrative body before which DOT or any agency thereof, appears, when—(a) DOT, or any agency thereof, or (b) Any employee of DOT or any agency thereof in their official capacity, or (c) Any employee of DOT or any agency thereof in their individual capacity where DOT has agreed to represent the employee, or (d) The United States or any agency thereof, where DOT determines that the proceeding is likely to affect the United States, is a party to the proceeding or has an interest in such proceeding, and DOT determines that use of such records is relevant and necessary in the proceeding, provided; however, that in each case, DOT determines that disclosure of the records in the proceeding is a use of the information contained in the records that is compatible with the purpose for which the records were collected.

6. Disclosure may be made to a Congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual. In such cases, however, the Congressional office does not have greater rights to records than the individual. Thus, the disclosure may be withheld from delivery to the individual where the file contains investigative or actual information or other materials which are being used, or are expected to be used, to support prosecution or fines against the individual for violations of a statute, or of regulations of the Department based on statutory authority. No such limitations apply to records requested for Congressional oversight or legislative purposes; release is authorized under 49 CFR 10.35(9).

7. One or more records from a system of records may be disclosed routinely to the National Archives and Records Administration (NARA) in records management inspections being conducted under the authority of 44 U.S.C. 2904 and 29069.

8a. To appropriate agencies, entities, and persons when (1) DOT suspects or has confirmed that there has been a breach of the system of records; (2) DOT has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, DOT (including its information systems, programs, and operations), the Federal (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DOT's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

8b. DOT may disclose records from this system, as a routine use, to another Federal agency or Federal entity, when DOT determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

9. DOT may disclose records from this system, as a routine use, to the Office of Government Information Services for the purpose of (a) resolving disputes between FOIA requesters and federal agencies and (b) reviewing agencies' policies, procedures, and compliance in order to recommend policy changes to Congress and the President.

10. DOT may disclose records from the system, as a routine use, to contractors and their agents, experts, consultants, and others performing or working on a contract, service, cooperative agreement, or other assignment for DOT, when necessary to accomplish an agency function related to this system of records.

11. DOT may disclose records from this system, as a routine use, to an agency, organization, or individual for the purpose of performing audit or oversight operations related to this system of records, but only such records as are necessary and relevant to the audit or oversight activity. This routine use does not apply to intra-agency sharing authorized under Section (b)(1) of the Privacy Act.

12. DOT may disclose from this system, as a routine use, records consisting of, or relating to, terrorism information (6 U.S.C. 485(a)(5)), homeland security information (6 U.S.C. 482(f)(1)), or Law enforcement information (Guideline 2 Report attached to White House Memorandum, “Information Sharing Environment”, November 22, 2006) to a Federal, State, local, tribal, territorial, foreign government and/or multinational agency, either in response to its request or upon the initiative of the Component, for purposes of sharing such information as is necessary and relevant for the agencies to detect, prevent, disrupt, preempt, and mitigate the effects of terrorist activities against the territory, people, and interests of the ( printed page 25760) United States of America, as contemplated by the Intelligence Reform and Terrorism Prevention Act of 2004 (Pub. L. 108-458) and Executive Order 13388 (October 25, 2005).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records in this system are stored electronically in a centralized, cloud-based database managed by the U.S. Department of Transportation (DOT).

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

The registration records may be retrieved by the following data elements: Business Name, Business Address, Phone Numbers, Email address, USDOT Number, and Tax Identification Number (including either an Employer Identification Number or a Social Security Number).

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are maintained and disposed of in accordance with a records schedule pending approval from National Archives and Records Administration. Until approval is received, records will be retained permanently.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records in this system are safeguarded in accordance with applicable rules and policies, including all applicable DOT automated systems security and access policies. Appropriate controls have been imposed to minimize the risk of compromising the information that is being stored and ensuring confidentiality of communications using tools such as encryption, authentication of sending parties, and compartmentalizing databases; and employing auditing software. The registration system data is encrypted at rest and in transit. Access to records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions. All personnel with access to data are screened through background investigations commensurate with the level of access required to perform their duties.

RECORD ACCESS PROCEDURES:

Individuals seeking access to and notification of a registration record about themselves contained in this system of records may do so by logging in to the system using the credentials the individual provided when establishing their registration account in the registration system. To the extent that applicants, and other authorized users designated by the applicant, have direct access to information related to their registration, they are not required to follow the Privacy Act regulations set forth in 49 CFR part 10 when seeking registration records about themselves from this system. If there is information that individuals are seeking about themselves in this system that they do not already have direct access to, they may submit a written request to the System Manager using the address provided under “System Manager” above or submit online via the Department's Public Access Link (PAL) at https://pal.dot.gov/​. Requests submitted through these electronic channels must include a digital certification of identity.

When seeking records about yourself from this system of records or any other Departmental system of records your request must conform with the Privacy Act regulations set forth in 49 CFR part 10. The individual must verify their identity by providing their full name, current address, and date and place of birth. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization.

While no specific form is required, you may obtain forms for this purpose from the Chief Freedom of Information Act Officer, http://www.dot.gov/​foia or 202.366.4542. If an individual believes more than one Departmental component maintains Privacy Act records concerning them, the individual may submit the request to the Departmental Freedom of Information Act Office, U.S. Department of Transportation, Room W94-122, 1200 New Jersey Ave. SE, Washington, DC 20590, ATTN: FOIA request.

In addition, you should provide the following:

• An explanation of why you believe the Department would have information on you;
• Identify which component(s) of the Department you believe may have the information about you;
• Specify when you believe the records would have been created;
• Provide any other information that will help the FOIA staff determine which DOT component agency may have responsive records; and

If an individual seeks records pertaining to another living individual, the requesting individual must include a statement from the second individual certifying their agreement to the requested access. Without the above information, the Department may not be able to conduct an effective search, and the individual's request may be denied due to lack of specificity or lack of compliance with applicable regulations.

CONTESTING RECORD PROCEDURES:

Individuals seeking to contest any record pertaining to them in this system may contact the System Manager in writing to the address provided under “System Manager.” Requests for corrections under the Privacy Act must be submitted in accordance with the procedures in 49 CFR part 10, subpart E, Correction of Records. Additionally, requests for correction must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization.

NOTIFICATION PROCEDURES:

Individuals seeking notification of and access to any record in this system of records or seeking to contest the content of any record pertaining to them in the system may do so by following the procedures described in above “Record Access Procedures” or “Contesting Records”.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.

91 FR 25756