1. The purpose of
the Security and Privacy Requirements is to make all employees who use the
National Driving Record aware of the controls that are necessary to ensure that
NDR information is obtained and used as prescribed by Federal law. The request
and receipt of NDR information are subject to the provisions of the NDR Act of
1982 ( Public Law
97-364) and to section
552a of Title 5, United States Code
(the Privacy Act of 1974). Each of these laws contains provisions enacted to
promote governmental respect for citizens' privacy.
2. Since state personnel request and receive
NDR information, they must share the responsibility for preventing unauthorized
access and use of this information. The chief driver licensing official is
ultimately responsible for ensuring that proper controls in relation to NDR
information are established and adhered to by all members of the state staff.
It is recommended that all employees who handle NDR information be required to
become familiar with the contents of this document and to sign the statement of
understanding that follows (or a similar statement).
3.
NDR Access
Restrictions:
Chief driver licensing officials are authorized to access and
use NDR information for purposes of fulfilling their duties with respect to
driver licensing, driver improvement, and transportation safety. Transportation
safety purposes means information requests submitted on behalf of other parties
authorized by the NDR Act of 1982 to receive information, such as employers of
motor vehicle and railroad locomotive operators and certain federal agencies.
Any other use or access by anyone not prescribed by law is unauthorized.
4.
Privacy
Requirements:
a. The NDR-PDPS is
a federal system of records, as defined by the Privacy Act of 1974, and
complies with the requirements of that Act. Under that Act, the NDR-PDPS is
required, among other things:
i. To permit
individuals to review any records pertaining to them and have a copy made of
all or any portion thereof in a form comprehensible to them.
ii. To permit individuals to request
amendment of records pertaining to them, to request review of refusals to amend
records pertaining to them, and to inform them of the provisions for judicial
review of the reviewing official's determination.
iii. Other than driver licensing or driver
improvement inquiries, not to disclose any NDR-PDP records by any means of
communication to anyone except pursuant to a written request or with the prior
written consent of the individual to whom the record pertains.
b. States are not directly subject
to these Privacy Act Requirements. However, because the NDR contains state
records, and because the NDR Act permits individuals, and requires other
authorized NDR users, to submit their NDR file check requests through the chief
driver licensing official of a state, it is necessary for the states to take
certain actions to ensure that these requirements are met, namely:
i. Permit and assist individuals who wish to
access information pertaining to themselves that may be on the NDR
file.
ii. Ensure that all requests
for NDR file checks from individuals and other users are authorized by
verifying the identity of the individuals and by ensuring that properly
completed and signed request forms and consent forms are submitted for all
requests other than driver licensing or driver improvement inquiries.
iii. Train existing and new employees on NDR
restrictions and penalties for misuse of NDR data.
