DEPARTMENT OF TRANSPORTATION
Federal Motor Carrier Safety Administration (FMCSA)
PRIVACY IMPACT ASSESSMENT
Motor Carrier Management Information System (MCMIS)
December 12, 2003
Overview of Federal Motor Carrier Safety Administration (FMCSA) privacy management process for MCMIS
The Federal Motor Carrier Safety Administration (FMCSA), within the Department of Transportation (DOT), has been given the responsibility to reduce crashes, injuries, and fatalities involving large trucks and buses. In carrying out its safety mandate, the FMCSA:
- Develops and enforces data-driven regulations that balance motor carrier (truck and bus companies) safety with industry efficiency;
- Harnesses safety information systems to focus on higher risk carriers in enforcing the safety regulations; and
- Targets educational messages to carriers, commercial drivers, and the public.
To meet these goals, the FMCSA partners with stakeholders, including Federal, State, and local enforcement agencies, the motor carrier industry, safety groups, and organized labor on efforts to reduce bus and truck-related crashes. Since a first step to reduce accidents is to understand them, FMCSA collects and maintains commercial vehicle safety data, as well as a national inventory of motor carriers and shippers subject to the Federal Motor Carrier Safety Regulations and Hazardous Materials Regulations.
MCMIS supports the DOT strategic goals of Safety, Homeland Security, and Organizational Excellence. In support of Safety and Homeland Security goals, the MCMIS provides multiple agencies, namely the Bureau of Customs and Border Protection (Department of Homeland Security), and Federal and State roadside commercial vehicle inspectors, who conduct commercial motor vehicle enforcement activities and monitor hazardous materials shipping by motor carrier, with access to a Federally-based central repository. This central repository maximizes the efficient sharing of current, accurate, and timely information about truck drivers and motor carriers at the U.S. - Mexican and U.S. - Canadian borders, enabling FMCSA's partners to act quickly in times of possible security breaches.
MCMIS supports the Safety goal by providing data on the New Entrant Program, which is used to monitor new motor carriers applying for a USDOT registration. The carriers are monitored for an 18-month time frame before permanent USDOT registration is issued. This program also monitors FMCSA performance on the number of motor carriers that are educated about Federal Motor Carrier Safety Regulations (FMCSR) and Hazardous Materials Regulations (HMR).
MCMIS also supports Organizational Excellence by improving government to government, government to business, and government to citizen services. MCMIS is built to increase system reliability and customer satisfaction (through ease of use and reducing customer complaints/inquiries), improve data quality by maintaining accurate data, reduce repetitive manual data entry (by increasing the number of online filings of MCS-150 and MCS-150 biennial updates), and provide a data warehouse of information needed by FMCSA employees who strive to meet agency goals and protect our highways. This investment supports future changes to the 49 Code of Federal Regulations (CFR) regulations that produce the information requirements that MCMIS supports.
Privacy management is an integral part of the MCMIS project. DOT/FMCSA has retained the services of privacy experts to help assess its privacy management program; utilizing proven technology, sound policies and procedures, and proven methodologies.
The privacy management process is built upon a methodology that has been developed and implemented in leading companies around the country and globally. The methodology is designed to help ensure that DOT and FMCSA will have the information, tools and technology necessary to manage privacy effectively and employ the highest level of fair information practices while allowing FMCSA to achieve its mission of protecting and enhancing a most important U.S. transportation system. The methodology is based upon the following:
- Establish priority, authority and responsibility. Appoint a cross-functional privacy management team to ensure input from systems architecture, technology, security, legal, and other disciplines necessary to ensure that an effective privacy management program is developed.
- Assess the current privacy environment. This involves interviews with key individuals involved in the MCMIS system and the development of a data flow map to ensure that all uses of personally identifiable data, along with the risks involved with such use, are identified and documented.
- Organize the resources necessary for the project's goals. Internal DOT/FMCSA resources, along with outside experts, are involved in reviewing the technology, data uses and associated risks. They are also involved in developing the necessary redress systems and training programs.
- Develop the policies, practices and procedures. The resources identified in Step 3 work to develop an effective policy or policies, practices and procedures to ensure that fair information practices are complied with. The policies effectively protect privacy while allowing DOT/FMCSA to achieve its mission.
- Implement the policies, practices and procedures. Once the policies, practices and procedures are developed, they must be implemented. This involves training of all individuals who will have access to and/or process personally identifiable information. It also entails working with vendors to ensure that they maintain the highest standard for privacy while providing services to the FMCSA project.
- Maintain policies, practices and procedures. Due to changes in technology, personnel, and other aspects of any program, effective privacy management requires that technology and information be available to the privacy management team to ensure that privacy policies, practices, and procedures continue to reflect actual practices. Regular monitoring of compliance with privacy policies, practices, and procedures will be required.
- Manage exceptions and/or problems with the policies, practices and procedures. This step involved the development and implementation of an effective redress and audit system to ensure that any complaints are effectively addressed and corrections made if necessary.
Personally-identifiable information and MCMIS
The MCMIS system uses both personally identifiable information (PII) and non-personally identifiable information within the Registration (census), Crash, Inspection, safety audit, and compliance review files. MCMIS provides two sets of data files, one with PII, and one without.
The MCMIS dataset that includes PII may contain PII such as truck/bus driver name, truck/bus driver social security number, driver and company contact information, registration number, and EIN. Only designated individuals can obtain access to this data, through a written request that the FMCSA, Information System Division office, reviews and approves. In order to fulfill these requests, FMCSA collects requestor PII, such as name, telephone number, mailing address, and organization.
The MCMIS dataset that does not include PII is available to any individual on request through a Web-accessible, or by mail-in form. FMCSA requires some PII from individuals requesting copies of reports. The requestor PII such as name, phone number, and mailing address.
Some designated individuals have direct access to MCMIS databases. In order to manage access and appropriate permissions, FMCSA collects name, contact information, organization information and other related information and maintains user IDs and passwords.
Why MCMIS Collects Information
MCMIS collects PII in order to track safety-related data in the hopes of recognizing trends that can be useful when making policy and other changes. MCMIS provides some or all of this information to companies, agencies, individuals, and other organizations in order to help facilitate communication needed to enhance motor carrier safety.
In addition, in order to process requests for reports, FMCSA collects PII such as name, mailing address, and telephone number from requesting individuals. For individuals with direct access to MCMIS, FMCSA also collects necessary PII to authenticate users and restrict permissions, and MCMIS associates these individuals with users IDs and passwords.
How MCMIS Uses Information
Algorithms such as SafeStat (Safety Status Measurement System) make maximum use of MCMIS data (motor carrier performance and compliance data) to assess a motor carrier in four Safety Evaluation Areas (SEAs): Crashes, Driver, Vehicle, and Safety Management. FMCSA field staff use the results of the assessment to determine which carriers need a compliance review. The review information is entered into MCMIS where safety fitness ratings (Satisfactory, Conditional, Unsatisfactory) are assigned to carriers and made available to Federal, State and other requestors. The Inspection Selection System (ISS) is another algorithm that uses MCMIS safety data to prioritize commercial vehicles/drivers for roadside inspection. By targeting the vehicles and drivers most at risk of unsafe practices, crashes are prevented and lives are saved. Both compliance reviews and roadside inspections have been proven by FMCSA to be effective at preventing truck and bus crashes. MCMIS provides the technological strategy to accomplish the above by providing information to Federal, State, and local government agencies as well as to the public about motor carrier safety behavior and safe operations. For example, MCMIS data are used by: (1) State agencies for targeting motor carrier safety enforcement and for developing safety programs; (2) safety organizations to evaluate safety trends, promote safety programs, and evaluate the effectiveness of existing and proposed safety guidelines, enforcement standards, and rules, (3) insurance companies for evaluating potential clients; and (4) the general public to choose safe companies for household moving and bus transportation.
FMCSA also provides direct access to MCMIS for some designated users. In order to control access, FMCSA maintains name, contact information, user ID, password, and organization information on these users. FMCSA uses this PII to authorize or deny access, determine and set permissions, enable access, and contact users if concerns arise.
How MCMIS Shares Information
Individuals can obtain all or part of MCMIS data through one of several ways. First, Federal and State offices have direct access to the MCMIS. Different individuals receive different rights in MCMIS according to their job role and State. Carrier companies and other individuals can learn about MCMIS information and request data through a publicly-available Web site: http://www.fmcsa.dot.gov/factsfigs/mcmis that provides mail-in forms.
Motor carriers can also access a website http://www.safersys.org to update their motor carrier identification information. To do this, motor carriers must know their USDOT number and their Personal Identification Number (PIN).
The general public can access this same website to obtain a company safety profile (CSP) on a motor carrier. The CSPs are available to the public under the Freedom of Information Act (FOIA). However, certain information in the CSP, namely Driver Data, contains personal information that is not require to be disclosed by FOIA and will not be included in a CSP that is disseminated to the public. Of course, a company may have access to its own Driver Data. For this reason, Driver Data will be released only to those who are registered as authorized recipients of that information. To register as an authorized recipient of Driver Data, the motor carrier must fax a request to (703) 280-4003, the FMCSA Data Dissemination contractor. The requestor must submit the following information: a letter on the official company letterhead; it should include the USDOT number of the company; the letter must be signed by a representative of the company; if the requestor wishes to receive their CSP via e-mail, they must include any e-mail address(es) that they have approved to receive Driver Data information. When ordering online (http://www.safersys.org) the requestor needs to check the box labeled "I am the carrier whose USDOT number was entered above". The requestor then is prompted for the last 4 digits from their company Tax ID (EIN) number to complete the transaction (If no Tax ID is on file, the requestor needs to file an updated MCS-150 with this information).
There are several MCMIS reports that do not contain PII and are available to anyone on request through mail-in forms provided on the Web site. FMCSA does not provide driver data to the public: information collected on a driver is ONLY provided to the motor carrier that employs the driver.
FMCSA and other Federal and State Enforcement agencies have direct access to PII data in MCMIS. In order to manage access and appropriate permissions, FMCSA collects name, contact information, organization information and other related information, and maintains user IDs and passwords for all users. Additionally, MCMIS provides reports containing PII to contractors working for FMCSA, government agencies, or contractors of State and Local governments with individual verification of affiliation and need. Recipients of this data must submit a written request form and additionally sign a Non-Disclosure document with privacy provisions. MCMIS staff individually reviews and approve or deny these requests, researching the appropriateness of the requests as needed. In order to obtain direct access to MCMIS, individuals provide PII to a higher-level approval authority within his or her organization and with the MCMIS staff. In most cases, the individual in question fills out a paper-based authorization form and sends that document to his or her supervisor. This supervisor approves or denies the request, and then sends any approvals to the MCMIS Technical Support staff for action.
The MCMIS dataset that does not include PII is available to any individual on request through a Web-accessible, or by mail-in form. An individual must file a written request with FMCSA to obtain copies of data sets with PII information. FMCSA requires some PII from individuals requesting copies of reports. In order to fulfill these requests, FMCSA collects requestor PII such as name, telephone number, and mailing address.
For purposes of a temporary research and development project (known as the Wireless Roadside Inspection Back Office system, or WRI BOS), monthly MCMIS extracts (containing the name, date of birth, driver's license number and issuing jurisdiction for approximately 100 commercial drivers who are employed by motor carriers in Kentucky, Tennessee and New York, and who volunteered to participate in the project) will be placed on the MCMIS backup server (located at the Volpe Center) and shared via an encrypted web service with law enforcement officials in Kentucky, Tennessee and New York. The extracts used for the project will cover a four month period from September to December 2010. The project will end in April 2011.
As a system of records under the privacy act, MCMIS complies with statutory exemptions and General Routine Uses applicable to all DOT records systems.
How MCMIS Provides Notice and Consent
For direct access to MCMIS, users must read and agree to a warning message that discusses the penalties of unauthorized access before logging in. There is no privacy notice or warning.
The MCMIS Web interface contains visible links to a Privacy Notice  that describes privacy practices and information uses of the Web site; however, the Web site does not collect report-ordering information directly, but rather provides access to mail-in forms, the Web site Privacy Notice does not discuss how PII submitted through inquiries is handled.
How MCMIS Ensures Data Accuracy
The MCMIS system provides internal data edit checks on all data submitted to MCMIS. FMCSA data entry contractors have a verification process to ensure that accurate information is entered in MCMIS. The Federal and State system where the crash, inspection and compliance review data are entered contains data quality edit checks before the data is submitted to MCMIS.
Individuals who provide PII through mail-in forms to request MCMIS reports provide that PII directly and are responsible for its accuracy. FMCSA staff reviewing and approving submitted forms check for completeness on required fields, and verify requirements when there is a question of whether a requestor has the right to a PII-containing report.
Individuals who must submit PII in order to obtain direct access to MCMIS submit this information directly. These individuals may contact their approving supervisor for any corrections to submitted information.
How MCMIS Provides Redress
How MCMIS Secures Information
The MCMIS system is housed in the DOT VOLPE National Transportation Systems Center, in Cambridge, MA.
Physical access to the MCMIS system is limited to appropriate personnel through building key cards and room-access key pads. Personnel with physical access have all undergone and passed DOT background checks.
In addition to physical access, electronic access to PII in MCMIS is limited according to job function. FMCSA controls access privileges according to the following roles:
- Technical Support
- National MCMIS
The following matrix describes the privileges and safeguards around each of these roles as they pertain to PII.
|User||Variable, determined by State and job role
Access approved by higher authority. The following safeguards apply:
||The following safeguards apply:
The following safeguards apply:
Personnel with access to MCMIS receive yearly training that includes some privacy direction. All users receive customized Terms and Conditions of Use and/or Rules of Behavior that describe privacy responsibilities.
The extracts of MCMIS data that are used for the temporary WRI BOS project will be transmitted to law enforcement officials via an encrypted web service.
System of Records
MCMIS is a system of records subject to the Privacy Act. FMCSA has documented the system as such, and it has certified and accredited MCMIS according to DOT requirements.