Privacy Act of 1974; System of Records Notice, 36536-36537 [2014-15022]

Agencies

• Food and Drug Administration
• DEPARTMENT OF HEALTH AND HUMAN SERVICES

[Federal Register Volume 79, Number 124 (Friday, June 27, 2014)]
[Notices]
[Pages 36536-36537]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-15022]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Food and Drug Administration

[Docket No. FDA-2014-N-0421]


Privacy Act of 1974; System of Records Notice

AGENCY: Food and Drug Administration, HHS.

ACTION: Notice; changes to systems of records notices.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 1974 
(the Privacy Act) and the Food and Drug Administration's (FDA) 
regulations for the protection of privacy, FDA is deleting four system 
of records notices (SORNs) from its existing inventory of SORNs and 
adding routine uses to the remaining SORNs. The systems related to the 
SORNs that are being deleted are no longer in use by FDA. The 
additional routine uses are for standard disclosures common to systems 
across the government. They allow disclosure to other Federal Agencies 
and contractors as needed to respond to a breach of system security or 
confidentiality, to contractors or other external individuals 
performing work for FDA that requires access to Agency records subject 
to the Privacy Act, to Federal record keeping authorities for the 
purpose of records management oversight, to appropriate public 
authorities when a record indicates a potential violation of law, and 
to the U.S. Department of Justice (DOJ) for guidance on Freedom of 
Information Act issues. FDA will require that all of these recipients 
comply with the requirements of the Privacy Act. The added routine uses 
will be inserted in each existing system notice and will be included in 
future FDA SORNs.

DATES: This notice will be effective on June 27, 2014, with the 
exception of the new and altered routine uses. Those routine uses will 
become effective on August 11, 2014. Submit either electronic or 
written comments by August 11, 2014.

ADDRESSES: You may submit comments, identified by Docket No. FDA-2014-
N-0421, by any of the following methods:

Electronic Submissions

    Submit electronic comments in the following way:
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.

Written Submissions

    Submit written submissions in the following ways:
     Mail/Hand delivery/Courier (for paper submissions): 
Division of Dockets Management (HFA-305), Food and Drug Administration, 
5630 Fishers Lane, Rm. 1061, Rockville, MD 20852.
    Instructions: All submissions received must include the Agency name 
and Docket No. FDA-2014-N-0421 for this notice. All comments received 
may be posted without change to https://www.regulations.gov, including 
any personal information provided. For additional information on 
submitting comments, see the ``Comments'' heading of the SUPPLEMENTARY 
INFORMATION section of this document.
    Docket: For access to the docket to read background documents or 
comments received, go to https://www.regulations.gov and insert the 
docket number(s), found in brackets in the heading of this document, 
into the ``Search'' box and follow the prompts and/or go to the 
Division of Dockets Management, 5630 Fishers Lane, Rm. 1061, Rockville, 
MD 20852.

FOR FURTHER INFORMATION CONTACT: Frederick Sadler or Cullen Cowley, 
Division of Freedom of Information, Food and Drug Administration, 12420 
Parklawn Dr., Rm. 1050, Rockville, MD 20857, 301-796-3900.

SUPPLEMENTARY INFORMATION:

I. Deleted System of Records Notices

    FDA is deleting the following SORNs because the record systems are 
no longer in use.
    1. Science Advisor Research Associate Program, HHS/FDA/ORA, System 
No. 09-10-0007. First published in the Federal Register, September 29, 
1977 (42 FR 51922 at 52146); complete text republished in the Federal 
Register, November 24, 1986 (51 FR 42524 at 42530).
    2. Radiation Protection Program Personnel Monitoring System, HHS/
FDA/CDRH, System No. 09-10-0008. First published in the Federal 
Register, September 29, 1977 (42 FR 51922 at 52147); complete text 
republished November 24, 1986 (51 FR 42524 at 42531); and published as 
revised with updated system location and manager information, December 
31, 1992 (57 FR 62828 at 62829).
    3. Certified Retort Operators, HHS/FDA/CFSAN, System No. 09-10-
0011. First published in the Federal Register, September 29, 1977 (42 
FR 51922 at 52148); complete text republished November 24, 1986 (51 FR 
42524 at 42534); and published as revised with minor changes, December 
29, 1993 (58 FR 69056).
    4. Epidemiological Research Studies of the Center for Devices and 
Radiological Health, HHS/FDA/CDRH, System No. 09-10-0017. First 
published in the Federal Register, May 29, 1979 (44 FR 30765 at 30766); 
republished with minor changes in December 28, 1994 (59 FR 67087).

II. Routine Uses To Be Added to the FDA Inventory of SORNS

A. New Routine Uses

    For the reasons described in this document, FDA is adding the 
following routine use disclosures to its SORNs.
    1. ``Disclosure may be made to appropriate Federal agencies and 
Department contractors that have a need to know the information for the 
purpose of assisting the Department's efforts to respond to a suspected 
or confirmed breach of the security or confidentiality of information 
maintained in this system of records, and the information disclosed is 
relevant and necessary for that assistance.''
    The Office of Management and Budget (OMB) and the Department of 
Health and Human Services (HHS) have directed agencies to include a 
routine use providing for disclosure of system information to 
facilitate a Federal level response to a breach of system security. In 
accordance with OMB Memorandum (M) 07-16, Safeguarding Against and 
Responding to the Breach of Personally Identifiable Information, HHS 
policy specifies that all HHS Operating and Staff Divisions incorporate 
this routine use language as a part of the normal SORN review and 
publication process. The underlying operational reason for this routine 
use is that other Federal Agencies, HHS officials and contractors, and 
FDA contractors may need access to individually identifiable 
information that is relevant and necessary for assisting in the 
response to a suspected or confirmed breach of the security or 
confidentiality of information maintained in systems of records.
    Federal law and policy require the Agency to maintain appropriate 
safeguards for the systems, and, individuals whose data is in the 
systems expect the Agency to maintain the integrity of their 
information and secure

[[Page 36537]]

it against unauthorized use or disclosure. The Privacy Act requires 
that personal information be secured against potential misuse by 
unauthorized persons (5 U.S.C. 552a(e)(10)). The Federal Information 
Security Management Act of 2002 (FISMA), enacted as Title III of the E-
Government Act of 2002 (44 U.S.C. 3541 et seq.), requires that agencies 
protect data and information systems from unauthorized use, disclosure, 
disruption, modification and destruction, in order to preserve data 
integrity, confidentiality, and availability.
    2. ``Disclosure may be made to the National Archives and Records 
Administration and/or the General Services Administration for the 
purpose of records management inspections conducted under authority of 
44 U.S.C. 2904 and 2906.''
    This routine use is necessary to enable the National Archives and 
Records Administration (NARA) and/or the General Services 
Administration (GSA) to carry out records management functions.
    3. ``Disclosure may be made to contractors and other persons who 
perform services for the agency related to this system of records and 
who need access to the records to perform those services. Recipients 
shall be required to comply with the requirements of the Privacy Act of 
1974, as amended, 5 U.S.C. 552a.''
    Where FDA engages a contractor to carry out a function related to a 
system of records, this routine use permits disclosure to those 
individuals who require access to the records in order to perform the 
contracted work. The routine use is necessary to enable FDA to function 
in an effective and coordinated fashion. Additionally, OMB directs 
agencies to include such a routine use for disclosure to contractor 
personnel (Appendix I to OMB Circular A-130--Federal Agency 
Responsibilities for Maintaining Records About Individuals, available 
at https://www.whitehouse.gov/omb/circulars_a130_a130trans4). FDA will 
require that individuals to whom records are disclosed comply with the 
information handling obligations imposed on Federal Agencies by the 
Privacy Act.
    4. ``When a record on its face, or in conjunction with other 
records, indicates a violation or potential violation of law, whether 
civil, criminal, or regulatory in nature, disclosure may be made to the 
appropriate public authority, whether federal, foreign, state, local, 
or tribal, or otherwise, responsible for enforcing, investigating or 
prosecuting such violation, if the information disclosed is relevant to 
the responsibilities of the agency or public authority.''
    When a record in an agency system of records by itself or in 
combination with other records indicates a violation of law, this 
routine use allows FDA to provide the record to the appropriate law 
enforcement entity in order to maintain the integrity of the program 
and ensure trust in the system.
    5. ``In the event HHS/FDA deems it desirable or necessary, in 
determining whether particular records are required to be disclosed 
under the Freedom of Information Act, disclosure may be made to the 
Department of Justice for the purpose of obtaining its advice.''
    DOJ is the lead Agency on Federal implementation of the Freedom of 
Information Act (FOIA). This routine use enables FDA to share Privacy 
Act records with DOJ to effectively consult with DOJ regarding the 
potential disclosure of the records under the FOIA as permitted under 
the relevant provision of the Privacy Act, 5 U.S.C. 552a(b)(2).

B. FDA Systems of Records Notices to Which New Routine Uses Will Be 
Added

    FDA will add the specified routine uses to the remaining FDA SORNs 
that do not already contain the same or similar provisions. A list of 
these SORNs is as follows:

09-10-0002 Regulated Industry Employee Enforcement Records.
09-10-0003 FDA Credential Holder File.
09-10-0004 Communications (Oral and Written) With the Public.
09-10-0005 State Food and Drug Official File.
09-10-0009 Special Studies and Surveys on FDA-Regulated Products. Only 
the first, second, fourth, and fifth routine uses described in this 
document will be added to this SORN. It already contains a routine use 
covering disclosure to contractors who perform services for FDA.
09-10-0010 Bioresearch Monitoring Information System. Only the second, 
fourth, and fifth routine uses described in this document will be added 
to this SORN. It already contains the routine uses regarding limited 
disclosure to contractors and other Agencies.
09-10-0013 Employee Conduct Investigative Records.
09-10-0018 Employee Identification Card Information Records.
09-10-0019 Mammography Quality Standards Act (MQSA) Training Records.
09-10-0020 FDA Records Related to Research Misconduct Proceedings. Only 
the fifth routine use listed in this document will be added to this 
SORN. It already contains routine uses that are the same as or similar 
to the other four.
09-10-0021 User Fee System. Only the fourth routine use listed in this 
document will be added to this SORN. It already contains routine uses 
that are the same as or similar to the other four.

III. Comments

    Interested persons may submit either electronic comments regarding 
this document to https://www.regulations.gov or written comments to the 
Division of Dockets Management (see ADDRESSES). It is only necessary to 
send one set of comments. Identify comments with the docket number 
found in brackets in the heading of this document. Received comments 
may be seen in the Division of Dockets Management between 9 a.m. and 4 
p.m., Monday through Friday, and will be posted to the docket at https://www.regulations.gov.

    Dated: June 23, 2014.
Leslie Kux,
Assistant Commissioner for Policy.
[FR Doc. 2014-15022 Filed 6-26-14; 8:45 am]
BILLING CODE 4164-01-P