49 CFR § 1.49 - Delegations to the Chief Information Officer.
The Chief Information Officer is delegated authority to:
(d) Carry out all functions and responsibilities necessary to ensure compliance with the Federal Information Security Management Act of 2002 (44 U.S.C. 3534 and 3544);
(e) Serve as the Chief Privacy Officer, 42 U.S.C. 2000ee-2, and administer the Privacy Act of 1974, 5 U.S.C. 552a, and 49 CFR part 10 (Maintenance of and Access to Records Pertaining to Individuals) in connection with the records of the Office of the Secretary;
(f) Carry out all functions and responsibilities necessary to issue notices of Department of Transportation systems of records as required by the Privacy Act;
(g) Carry out all functions and responsibilities assigned to the Secretary with respect to the Federal Records Act (44 U.S.C. 3101-3102) and necessary to ensure compliance with the regulations of the National Archives and Records Administration (36 CFR parts 1220 through 1299; 44 U.S.C. Chapters 21, 29, 31, and 33), in coordination with the General Counsel; and
(h) Serve as the Senior Agency Official for Geospatial Information under Office of Management and Budget Memorandum M-06-07, “Designation of a Senior Agency Official for Geospatial Information” (March 3, 2006).