DEPARTMENT OF TRANSPORTATION
Federal Motor Carrier Safety Administration (FMCSA)
PRIVACY IMPACT ASSESSMENT
Pre-Employment Screening Program (PSP)
April 14, 2010
TABLE OF CONTENTS
Overview of FMCSA privacy management process for PSP
Personally Identifiable Information (PII) and PSP
Why PSP collects information
How PSP uses information
How PSP shares information
How PSP provides notice and consent
How PSP ensures data accuracy
How PSP provides redress
How PSP secures information
How Long PSP Retains Information
System of Records
The mission of the Federal Motor Carrier Safety Administration (FMCSA), an Operating Administration within the U.S. Department of Transportation (DOT), is to reduce crashes, injuries, and fatalities involving large trucks and buses (motor carriers). To carry out its safety mandate, FMCSA partners with stakeholders including Federal, State, and local enforcement agencies; the motor carrier industry; safety groups; and organized labor on efforts to reduce crashes involving motor carriers. Since the first step towards reducing accidents is to understand them, FMCSA collects and maintains motor carrier and commercial driver safety data as well as a national inventory of motor carriers and shippers subject to Federal Motor Carrier Safety Regulations (FMCSR) and Hazardous Materials Regulations (HMR).
Title 49 of the U.S. Code, Section 31150, titled "Safety performance history screening" as added by Section 4117(a) of the Safe, Accountable, Flexible, Efficient Transportation Equity Act: A Legacy for Users (SAFETEA-LU), Public Law 109-59, August 10, 2005, requires FMCSA to make certain crash and inspection data contained in the Motor Carrier Management Information System (MCMIS) electronically available for the purposes of conducting pre-employment screening. To comply with the statute, FMCSA has established the Pre-Employment Screening Program (PSP). The PSP provides authorized motor carriers and validated commercial motor vehicle (CMV) drivers (operator-applicants) rapid, electronic access to driver crash and inspection data for the purposes of conducting pre-employment screening.
Maintaining the privacy of individual CMV drivers' crash and inspection data is a paramount consideration in developing and deploying PSP. The DOT/FMCSA privacy management process is built upon a methodology that enables DOT/FMCSA to effectively protect Personally Identifiable Information (PII) while allowing FMCSA to achieve its mission. The methodology includes the following:
- Establishing appropriate authorities, responsibilities, and controls for information management with input from systems architecture, technology, security, legal, and other disciplines
- Identifying, documenting, and addressing privacy risks
- Developing and implementing appropriate policies and procedures and updating them when necessary
- Monitoring compliance with applicable laws, regulations, policies, and procedures
- Providing training to all DOT employees and contractors with access to PII
- Effectively maintaining the privacy protection principles of:
- Individual Participation
- Purpose Specification
- Collection Limitation
- Use Limitation
- Data Quality and Integrity
- Security Safeguards
- Accountability and Auditing
Develops and enforces data-driven regulations that balance motor carrier safety with industry In addition, the Privacy Act of 1974 (5 U.S.C. 552a) governs the means by which the United States Government collects, maintains, and uses PII in a system of records. A "system of records" is a group of any records under the control of a Federal agency from which information about individuals is retrieved by name or other personal identifier. The Privacy Act requires each agency to publish in the Federal Register a System of Records Notice (SORN) identifying and describing each system of records the agency maintains, including the purposes for which the agency uses PII in the system, the routine uses for which the agency discloses such information outside the agency, and how individuals to whom a Privacy Act record pertains can exercise their rights under the Privacy Act (e.g., to determine if the system contains information about them). The PSP SORN was published in the Federal Register on March 8, 2010 and may be found at 75 F.R. 10554.
The PSP system is currently administered by National Information Consortium Technologies, LLC (NIC), an FMCSA contractor. Neither NIC, nor any subsequent PSP contractor, is authorized to provide data from the PSP system to any persons other than motor carriers conducting pre-employment screening and commercial drivers seeking a copy of their own safety data. The PSP system only allows commercial drivers to access their own data and motor carriers to access an individual operator-applicant's data if the motor carrier certifies that the data is for pre-employment screening and that it has the operator-applicant's written consent to obtain the data.
A data request from any other person (e.g., a law firm) is treated as a Freedom of Information Act (FOIA) request by FMCSA and processed accordingly. DOT/FMCSA performs audits of the PSP contractor to ensure that performance, privacy, and security objectives are met.
PSP processes, transmits, and stores the following distinct types of PII:
Commercial driver (CMV) crash and inspection information. Each month, FMCSA provides the PSP contractor with an updated MCMIS data extract containing driver crash data from the previous five (5) years and inspection data from the previous three (3) years. This MCMIS extract is used to create a driver profile known as the Driver Information Resource (DIR). A driver's individual DIR is located and verified in MCMIS by using:
- CMV driver name (last, first, middle initial)
- CMV driver date of birth
- CMV driver license number
- CMV driver license state
In accordance with 49 U.S.C. 31150(a), the CMV driver safety information extracted from MCMIS and made available for pre-employment screening comes from the following reports: commercial motor vehicle accident reports; inspection reports that contain no driver-related safety violations; and serious driver-related safety violation inspection reports.
2. Financial transactions. The PSP system also contains PII from the financial database maintained and operated by FMCSA's current PSP contractor NIC to process fees charged to motor carriers and/or commercial drivers (operator-applicants). Records in the NIC financial database include the following types of encrypted (in some cases truncated) PII:
- Credit card holder name
- Credit card account number
- Account holder address
Further, the Card Verification Value (CVV) security code is captured during the session, but the CVV is not stored or retained in the NIC financial database. PSP does not share any data with any other DOT/FMCSA systems.
1. PSP access transaction records. The PSP database also includes records of access and transactions conducted over the PSP website when motor carriers and operator-applicants request driver information. These transaction records provide historical data of PSP usage by motor carriers and operator-applicants and facilitate accounting and compliance audits of the PSP by appropriate DOT/FMCSA officials. Records in the PSP transactional database include the following types of encrypted PII:
- CMV driver name (last, first, middle initial)
- CMV driver date of birth
- CMV driver license number
- CMV driver license state
- CMV driver address
PSP provides access to CMV driver crash and inspection information that is collected by and extracted from MCMIS. The only PII that PSP collects (i.e., from users making access requests) is driver-identifying information necessary to process and document access requests and credit card information necessary to collect fees charged for access requests. The driver-identifying information is used to verify the driver's identity and locate his or her safety data in the MCMIS data extract. Collecting all the PII identifiers (date of birth, driver license number, and issuing state), in addition to driver name, ensures the accuracy of the response from PSP. Drivers may share the same name, but they are unlikely to share all PII identifiers. Collecting credit card data is necessary to provide a prompt payment mechanism for fees associated with access requests, which in turn allows NIC to rapidly respond to data requests. Documentation of access requests is necessary to provide an electronic audit trail for DOT/FMCSA and/or NIC personnel to use in performing checks of the PSP system and program.
DOT/FMCSA uses PSP to make CMV driver crash and inspection data readily accessible to authorized motor carriers and validated CMV drivers (external users) for their pre-employment screening purposes. DOT/FMCSA employees and contractor personnel use the credit card information and access transaction records in PSP to administer external users' access requests and collect fees from them, audit the PSP system and program, and provide system support and maintenance.
DOT/FMCSA shares information from PSP with the following users or systems outside DOT/FMCSA:
- Authorized motor carriers may access a driver's crash and inspection data in PSP with the operator-applicant's written consent and payment of fee.
- Validated drivers may access their own crash and inspection data in PSP by completing the request process, verifying their identity, and paying a fee.
- When additional authentication is required for a driver seeking his or her own data, NIC may use information from a third-party validation authority (e.g. Lexis-Nexis) to verify and validate the operator-applicant's identity by querying the driver to provide additional information or by responding to identity-specific questions.
- Validated drivers are required to provide credit card information to purchase and view their own records. After a driver has been validated, NIC submits the credit card information to a credit card processor Electronic Clearing House Inc for payment processing.
The process by which a CMV driver or motor carrier obtains a driver's DIR is as follows:
- CMV drivers and authorized motor carriers submit a DIR request to the PSP by supplying the secure PSP website with driver-specific CMV information (full name, DOB, license number, license state, and current address). This information forms the basis of the DIR request. After receiving the request, the PSP system compares the individual driver's CMV information with CMV drivers in the MCMIS extract. When the PSP locates an individual driver's safety information in the MCMIS extract, the PSP system generates an individual driver's DIR for delivery.
- The PSP delivers an individual driver's DIR by sending an email to the requesting driver or motor carrier containing a hyperlink to the secure PSP website. The CMV driver or motor carrier must click the hyperlink, which returns the driver or motor carrier to the secure PSP website. Once there, the CMV driver or motor carrier enters the unique user identification and password that was previously furnished by NIC. When the user identification and password are entered and accepted by PSP, the DIR may be viewed or printed by the requestor.
CMV drivers do not provide consent for their crash and inspection data to be include in PSP; inclusion of their safety information in PSP is mandated by statute (49 U.S.C. 31150). Further, the source of the information is the MCMIS database, which receives it from accident reports and inspection reports (not from the drivers themselves). Although drivers do not provide consent for their crash and inspection data to be included in PSP, drivers must provide written consent for that information to be disclosed from PSP to a motor carrier for use in conducting pre-employment screening. The request and consent process is as follows:
Authorized motor carriers must enter into an account holder agreement with DOT/FMCSA's PSP contractor to be "validated" to use PSP NIC. No motor carrier is allowed access to commercial driver safety data in PSP without first entering into an agreement with NIC. The account holder agreements contain the requirements of the PSP system. The account holder agreement may be viewed at www.psp.fmcsa.gov, and clicking on the banner titled "Motor carriers can enroll today."
All other PII that PSP collects (DIR profile information identifying the driver whose safety information is requested to be accessed, and credit card information for payment of the fee) is provided voluntarily by the driver and the credit card holder. The only consequence of not providing the information is inability to use PSP to obtain the requested safety information. Drivers and who do not wish to obtain their safety information from PSP have the option to obtain it by submitting a Privacy Act request to FMCSA; motor carriers have the option to submit a FOIA request for the information.
The MCMIS data extracts transmitted monthly to NIC for inclusion in PSP contain the most current crash and inspection data available in MCMIS. NIC is not permitted to alter or modify the MCMIS data. Under the provisions of the Privacy Act and FOIA, individuals may request searches of PSP to determine if any records have been added that may pertain to them. This is accomplished by sending a written request directly to:
Federal Motor Carrier Safety Administration.
Attn: FOIA Team MC-MMI
1200 New Jersey Avenue SE
Washington, DC 20590
PSP does not directly provide redress, but it assists in directing redress requests to the source system (MCMIS). The PSP website provides a link to the FMCSA "DataQs" system located at https://dataqs.fmcsa.dot.gov/login.asp along with instructions to contact FMCSA if corrections to driver data are required. Drivers may use DataQs to challenge safety information in their driver profile (DIR). After a challenge has been properly submitted, DataQs automatically forwards the challenge to the appropriate office for resolution and allows the party that submitted the challenge to monitor its status. If the information is corrected, the change is then made in MCMIS, and the PSP system receives the change when the MCMIS data is refreshed. Individuals wishing to correct PSP records may also use the procedures documented in "Requests for Records" [49 CFR 10.31] and "Requests for Correction of Records" [49 CFR 10.41].
FMCSA is not authorized to correct state-level violation information. Challenges to state-level violation information are automatically directed to the applicable state for processing and resolution. Additionally, FMCSA is not authorized to direct a State to change or alter MCMIS data for violations or inspections originating within a particular State(s).
All records in PSP are protected from unauthorized access through appropriate administrative, physical, and technical safeguards. Electronic files are stored in a database secured by passwords, encryption, firewalls, and operating systems to which only authorized NIC or DOT/FMCSA personnel with a "need to know" have access. Paper files are stored in file cabinets in a locked file room to which only authorized NIC and DOT/FMCSA personnel with a "need to know" have access. All access to the electronic system and paper files is logged and monitored. NIC is subject to routine audits of the PSP program by DOT/FMCSA to ensure compliance with the Privacy Act, applicable sections of the Fair Credit Reporting Act, and other applicable Federal laws, regulations, and requirements. User access controls have been developed to ensure that the number of individuals with access to restricted information in PSP is kept to a minimum and is restricted to only those with a "need to know." Audit provisions are also included to ensure that PSP is used appropriately by authorized users and monitored for unauthorized usage. The data center in which PSP operates is a restricted access facility.
NIC is required by the Securities and Exchange Commission (SEC) to be compliant with the Sarbanes-Oxley Act (SOA) of 2002 [Public Law 107-204, 116 Stat. 745] and certified by an external auditor. NIC is also in compliance with the Information Technology General Control (ITGC) requirements included in Section 404 of the SOA. NIC is a registered credit card merchant and is required to comply with all Payment Card Industry (PCI) Data Security Standards. NIC provides payment processing services as a Level 1 Service Provider, which requires a third-party audit of its payment processing infrastructure by a PCI Security Standards Council (SSC) Qualified Security Assessor. This audit is required on an annual basis.
An assessment of NIC's Security Management Program is performed annually and results in a Certification of Compliance with Cybertrust Security Management Program requirements. Continuous monitoring activities are also performed annually to provide ongoing oversight of security controls and to detect misuse of information stored in PSP. In addition, PSP is subject to routine audits by DOT/FMCSA to ensure compliance with the Privacy Act of 1974; the Federal Information Processing Standards (FIPS) Publication 200, Minimum Security Requirements for Federal Information and Information Systems dated March 2006; the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Rev. 2, Recommended Security Controls for Federal Information Systems dated December 2007; all applicable sections of the Fair Credit Reporting Act; and all other applicable Federal laws.
- CMV crash and inspection records: Pursuant to General Records Schedule (GRS) 20 ("Electronic Records," February 2008, see http://www.archives.gov/records-mgmt/ardor/grs20.html), which governs disposition of extract files, each monthly MCMIS extract in PSP is deleted approximately three (3) months after being superseded by a current MCMIS extract, unless needed longer for administrative, legal, audit, or other operational purposes.
- Financial transaction records: Credit card information is encrypted/truncated and retained for 30 days.
- Access transaction records: PSP transaction records are retained for a period of five (5) years.
The PSP SORN was published in the Federal Register on March 8, 2010 and may be viewed at 75 F.R. 10554 or online at: http://edocket.access.gpo.gov/2010/pdf/2010-4811.pdf