Privacy Act of 1974; System of Records, 105054-105059 [2024-30782]

Agencies

• Food and Drug Administration
• DEPARTMENT OF HEALTH AND HUMAN SERVICES

[Federal Register Volume 89, Number 247 (Thursday, December 26, 2024)]
[Notices]
[Pages 105054-105059]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-30782]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Food and Drug Administration

[Docket No. FDA-2024-N-5353]


Privacy Act of 1974; System of Records

AGENCY: Food and Drug Administration, Department of Health and Human 
Services.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, as amended, the Department of Health and Human Services (HHS) is 
modifying an existing departmentwide system of records, ``Federal 
Advisory Committee Membership Files,'' System No. 09-90-0059. The 
modifications include, among other things, adding records about any 
prospective guest speakers at Federal advisory committee meetings who 
disclose financial interests and professional relationships related to 
the matter they will be speaking on, and changing the name of the 
system of records to ``Federal Advisory Committee/Subgroup Member, 
Subscriber/Registrant, and Guest Speaker Records.''

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), the modified 
system of records is effective December 26, 2024. The new and revised 
routine uses will be effective January 27, 2025. Submit any comments by 
January 27, 2025.

ADDRESSES: The public should submit written comments, by mail or email, 
to Beth Kramer, HHS Privacy Act Officer, at 200 Independence Ave. SW, 
Suite 729H, Washington, DC 20201, or [email protected].

FOR FURTHER INFORMATION CONTACT: General questions about the modified 
system of records should be submitted by mail, email, or telephone to 
Beth Kramer, HHS Privacy Act Officer, at 200 Independence Ave. SW, 
Suite 729H, Washington, DC 20201, or [email protected] or 202-690-
6941.

SUPPLEMENTARY INFORMATION: This departmentwide system of records 
currently covers records retrieved by personal identifier about: (1) 
members and prospective members of HHS advisory committees established 
under the Federal Advisory Committee Act (FACA) and (2) members of the 
public who have requested to be included in mailing lists in order to 
receive publications or notices of information issued or posted by a 
particular HHS Federal advisory committee. The system of records notice 
(SORN) is being revised to add three additional categories of 
individuals and records, i.e.: (1) records about any members of working 
groups or subcommittees (i.e., subgroups) of an HHS Federal advisory 
committee who are not appointed as members of the committee, which are 
similar to the committee member records currently covered in the SORN, 
(2) records about individuals who register to attend HHS Federal 
advisory committee meetings, which are similar to the subscriber 
records currently covered in the SORN, and (3) records about 
prospective guest speakers at HHS Federal advisory committee meetings, 
which are described in section I., below; and to make other 
modifications. All modifications are summarized in section II., below.

I. Background on Guest Speaker Records

    A ``guest speaker'' is an individual whose professional background 
or other qualifications are checked and/or who is screened for possible 
conflicts of interest (financial interests and professional 
relationships) related to a matter the guest speaker wishes to speak on 
at an HHS Federal advisory committee meeting, so that the agency can 
decide whether to invite the individual to speak and can publicly 
acknowledge the speaker's relevant qualifications and interests at the 
start of the meeting, to enable the committee members to objectively 
evaluate the speaker's presentation. The term ``guest speaker'' as used 
in SORN 09-90-0059 does not include agency employees speaking at an HHS 
Federal advisory committee meeting in an official, governmental 
capacity and individual participants in the public hearing portion of 
an advisory committee meeting. A guest speaker is either a non-Federal 
government employee (non-FGE) or a special government employee (SGEs) 
acting in a non-official, non-governmental capacity.
    Only certain HHS components, such as the Food and Drug 
Administration (FDA), screen guest speakers for potential conflicts of 
interest (all FDA advisory committees must conduct conflict screening 
of potential guest speakers). Such screening promotes transparency and 
openness in the advisory committee process and supports compliance with 
the requirement in 5 U.S.C. 1004(b)(3) and 41 CFR 102-3.105(g) to 
prevent committees' advice and recommendations from being influenced by 
special interests. For FDA, such screening also supports compliance 
with the requirement in FDA regulations at 21 CFR 14.60(b)(2) to 
document in meeting minutes the ``names and affiliations or interests 
of public participants.''
    Guest speakers who are screened for conflicts are not required to 
complete a Federal confidential financial disclosure form. The 
invitation extended to them to participate as a guest speaker in an HHS 
Federal advisory committee meeting may be conditioned on their 
voluntary disclosure of potential

[[Page 105055]]

conflicts of interest and their consent to public acknowledgement of 
their relevant interests. The financial interests and professional 
relationships they report are reviewed by designated agency staff and 
may be made available to other agency staff if necessary to conduct a 
complete review. If the guest speaker is cleared to give a presentation 
at an HHS Federal advisory committee meeting, general information about 
the types, nature, and magnitude of the guest speaker's interests and/
or professional relationships related to the meeting topic will be 
disclosed to the committee members and the public as part of the 
conflict-of-interest statement at the beginning of the meeting.
    Note that financial and other conflict disclosure and waiver 
records about FGEs and SGEs are covered in other SORNs, so are not 
covered in SORN 09-90-0059 (see instead OGE/GOVT-1 Executive Branch 
Personnel Public Financial Disclosure Reports and Other Name-Retrieved 
Ethics Program Records; OGE/GOVT-2 Executive Branch Confidential 
Financial Disclosure Reports; and 09-90-0008 Conflict of Interest 
Records).

II. Modifications to SORN 09-90-0059

    HHS is making the following modifications to SORN 09-90-0059:
     The system of records name has been changed to ``Federal 
Advisory Committee/Subgroup Member, Subscriber/Registrant, and Guest 
Speaker Records.''
     The System Location and System Manager sections have been 
updated to reflect current addresses and contact information for the 
components and officials responsible for the system of records, and to 
mention that the General Services Administration (GSA) maintains 
facadatabase.gov as a third-party service provider.
     In the Authorities section, the citation to the FACA 
statute has been updated to cite ``5 U.S.C. 1001 et seq.'' instead of 
``5 U.S.C. App. I et seq.'' and these additional authorities have been 
included: 5 U.S.C. 1004(b)(3) (FDA-specific authority) and 42 U.S.C. 
282(b)(16) (NIH-specific authority).
     The Purpose(s) section now states purposes for which 
records about the three new categories of individuals (working group/
subcommittee members, meeting registrants, and guest speakers) and one 
existing category (subscribers) are used; and also describes additional 
purposes for which records about the other existing category (committee 
members) are used, i.e., to ensure that members are qualified and 
committees are balanced and diverse, and to communicate with the 
members.
     The Categories of Individuals and Categories of Records 
sections have been revised to add subcommittee/working group members, 
meeting registrants, and guest speakers and records about them, and to 
update the description of subscribers and records about them to mention 
that a subscriber may be included on a mailing ``or emailing'' list.
     The Routine Use(s) section has been revised to mention at 
the start that the routine uses are in addition to other disclosures 
authorized directly in the Privacy Act at 5 U.S.C. 552a(b); and to add 
nine new routine uses, revise four existing routine uses, and delete 
one routine use, as explained below:
    [cir] Existing routine use 1, which formerly authorized disclosures 
in the Annual Report to the President and in administrative reports to 
the Office of Management and Budget (OMB) and GSA, has been revised to 
limit the routine use to disclosures made to GSA when HHS enters or 
uploads information about committee members or guest speakers in 
facadatabase.gov.
    [cir] Routine use 2 is new; it authorizes HHS to publicly disclose 
on its websites and in facadatabase.gov the names of and limited 
information about the qualifications and financial disclosures of 
members of FACA committees, subcommittees, and working groups, and 
guest speakers, limited to information that would be required to be 
disclosed to a requester under the Freedom of Information Act (FOIA).
    [cir] Existing routine use 3 (formerly listed second), which 
authorizes records indicating a violation or potential violation of law 
to be referred to the responsible investigatory or enforcement agency, 
has been revised to add ``state, local, Tribal, and other'' to the 
description of recipient agencies; to permit ``relevant'' records to be 
disclosed ``when HHS becomes aware of evidence of'' a potential 
violation of law; and to explain that, in most cases, the disclosures 
would be made after first referring the information to another HHS 
component, such as the HHS Office of the General Counsel or the HHS 
Office of the Inspector General, to determine if the information is 
appropriate to refer to an outside agency, and that if that component 
made the referral, the equivalent routine use published in that 
component's SORN would apply to the disclosure.
    [cir] The routine use that was formerly listed third has been 
deleted. It authorized disclosures to the Department of Justice (DOJ) 
to obtain its advice regarding whether particular records are required 
to be disclosed under FOIA. The routine use is unnecessary, because 
such advice is provided by the HHS Office of the General Counsel, and 
any disclosures that need to be made to DOJ in connection with FOIA 
litigation are authorized in a separate, litigation-related routine 
use.
    [cir] Existing routine use 4, which authorizes disclosures to DOJ 
in litigation, has been revised to include ``other adjudicative 
proceedings;'' to add ``a court or other adjudicative body'' as 
disclosure recipients; to require that the information disclosed be 
``relevant and necessary'' to the proceedings; and to remove the 
requirement that disclosures be compatible with the purpose for which 
the records were collected, because such wording repeats part of the 
definition of a routine use.
    [cir] Existing routine use 5, which authorizes disclosures about an 
individual in responding to an inquiry from a congressional office made 
at the individual's request, has been revised to require that the 
congressional inquiry and the individual's request to the congressional 
office be ``written.''
    [cir] Existing routine use 6, which was added in 1994, is included 
without change.
    [cir] Routine uses 7 through 14 are new. They authorize disclosures 
to Federal agencies and contractors engaged by HHS to assist with 
matters related to this system of records (routine use 7); disclosures 
to the committee chairperson or vice chairperson for committee work 
purposes (routine use 8); disclosures to the Executive Office of the 
President, OMB, or other agencies for coordination on advisory 
committee member selection (routine use 9); disclosures to any source 
from which information is needed by HHS to support an HHS decision 
involving the individual (routine use 10); disclosures to aid another 
government agency's decision on a hiring, licensing, contracting, 
security clearance, or other matter involving the individual (routine 
use 11); disclosures to the National Archives and Records 
Administration (NARA) or other relevant Federal agencies in records 
management inspections (routine use 12); disclosures to Federal 
agencies and entities for program evaluation or assessment purposes 
(routine use 13); and disclosures to the Department of Homeland 
Security (DHS) for cybersecurity monitoring purposes (routine use 14).
    [cir] Existing routine uses 15 and 16, which were added in 2018, 
are included without change.
     The Storage section has been updated to remove references 
to ``index cards'' and ``magnetic tape.''

[[Page 105056]]

     The Retrieval section has been revised to remove 
references to ``an alphabetical index,'' ``a cross index,'' and 
``individually identifiable computer identification codes,'' and to 
simply state that records are retrieved by the subject individual's 
name, with the exception of records about subscribers, which are 
retrieved by the subscriber's name or email address.
     The Retention section, which previously stated that 
retention varies from 1 year to permanent depending on the type of 
record, now cites the applicable NARA-approved disposition schedules 
and itemizes the record types and disposition periods applicable to 
each.
     The Safeguards section has been updated to remove a 
reference to ``locked magnetic tape libraries'' and to list current 
safeguards used to protect records stored in electronic media, instead 
of ``lockword-password computer access systems.''
     The sections specifying procedures for making access, 
amendment, and notification requests have been revised to specify the 
required contents for each type of request, including identity 
verification information that must be provided (the existing SORN 
specified the required contents of amendment requests only, and merely 
stated that identity was required to be verified in accordance with 
Department's Privacy Act regulations).
    Because some of these changes are significant, a report on the 
modified system of records has been sent to OMB and the Congressional 
committees that oversee privacy, in accordance with 5 U.S.C. 552a(r).

SYSTEM NAME AND NUMBER:
    Federal Advisory Committee/Subgroup Member, Subscriber/Registrant, 
and Guest Speaker Records, 09-90-0059.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The addresses of the agency components responsible for the system 
of records are listed below. At HHS, Federal advisory committee records 
are not centralized at the Department level or Operating Division 
level; instead, each committee's Designated Federal Officer (DFO) 
maintains the records pertaining to that committee. (Note that the 
manner of maintenance may vary. Records pertaining to a particular 
committee will constitute Privacy Act records only if the DFO maintains 
them in a paper-based or electronic recordkeeping system from which the 
records are retrieved by the subject individuals' names or other 
personal identifiers.) For purposes of simplification, one address is 
provided for each HHS Operating Division (OpDiv).
    OS: Advisory Committee Oversight Staff, Immediate Office of the 
Secretary of HHS, 200 Independence Ave. SW, Washington, DC 20201, 1-
877-696-6775.
    ACF: Advisory Committee Oversight Staff, Administration for 
Children & Families, 330 C St. SW, Washington, DC 20201, 202-401-9215.
    ACL: Advisory Committee Oversight Staff, Administration for 
Community Living, 330 C St. SW, Washington, DC 20201, 202-401-4634.
    AHRQ: Advisory Committee Oversight Staff, Immediate Office of the 
Director, Administration for Healthcare Research and Quality, 540 
Gaither Rd., Rockville, MD 20850, [email protected].
    ASPR: Advisory Committee Oversight Staff, Administration for 
Strategic Preparedness and Response, 400 7th St. SW, Washington, DC 
20201; use the email address for the particular committee, shown on 
ASPR's ``Boards and Committees'' web page.
    CDC: Office of the FAC Act Program, Centers for Disease Control and 
Prevention, 1600 Clifton Rd. NE--M/S: TW-2, Atlanta, GA 30333, 770-488-
4707, [email protected].
    CMS: Advisory Committee Oversight Staff, Centers for Medicare & 
Medicaid Services, 7500 Security Blvd., Baltimore, MD 21244, 410-786-
3000.
    FDA: Advisory Committee Oversight and Management Staff (ACOMS), 
Food and Drug Administration, 10903 New Hampshire Ave., Silver Spring, 
MD 20993, [email protected].
    HRSA: FACA Management Officer, Executive Secretariat, Health 
Resources and Services Administration, 5600 Fishers Lane--13W18, 
Rockville, MD 20857, 301-443-1785.
    IHS: Deputy Director for Intergovernmental Affairs, Indian Health 
Service, 5600 Fishers Lane, Rockville, MD 20857, 
[email protected].
    NIH: Office of Federal Advisory Committee Policy, National 
Institutes of Health, 9000 Rockville Pike, Bethesda, MD 20892, 
[email protected].
    SAMHSA: Advisory Committee Oversight Staff, Substance Abuse and 
Mental Health Services Administration, 5600 Fishers Lane, Rockville, MD 
20857, NationalAdvisoryCouncils@[email protected].
    GSA, as a third-party service provider, maintains the web-based 
facadatabase.gov system that HHS uses to make certain records available 
to Congress and the public as required to inform them of the existence 
and activities of HHS Federal advisory committees. GSA's address is: 
U.S. General Services Administration, Committee Management Secretariat, 
1800 F St. NW, Washington, DC 20405.

SYSTEM MANAGER(S):
    Each committee's Committee Management Officer (CMO) is responsible 
for the records in this system of records that pertain to that 
committee, including records about any subcommittees, working groups, 
or other subgroups formed under the committee. Contact information for 
the current CMO for each active and recently (i.e., within 1 fiscal 
year) terminated committee can be found on https://www.facadatabase.gov. Contact information for records pertaining to a 
committee which has been terminated and is no longer in that database 
may be obtained by contacting the relevant OpDiv at the OpDiv's mailing 
address, email address, and/or telephone number shown in the System 
Location section, above.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Federal Advisory Committee Act (FACA), 5 U.S.C. 1001 et seq. See 
also 5 U.S.C. 1004(b)(3) (FDA-specific authority) and 42 U.S.C. 
282(b)(16) (NIH-specific authority).

PURPOSE(S) OF THE SYSTEM:
    Records in this system of records are used in the administration 
and management of Federal advisory committees (including any subgroups 
of same) in the Department, including for these specific purposes:
     Records about members or prospective members of a Federal 
advisory committee or subgroup are used (1) in the preparation of 
reports; quarterly alphabetical listings of past, present, and 
recommended members; lists of vacancies, acceptances, and separations; 
and documentation of nominations; (2) to identify the most qualified 
applicants and ensure that the makeup of the committee, subcommittee, 
or working group is sufficiently balanced and diverse (see 41 CFR part 
102-3.30(c)); (3) to ensure compliance with ethics and conflict-of-
interest requirements; and (4) to communicate with the members about 
committee or subgroup activities.
     Records about guest speakers are used to determine whether 
the speakers will be invited to give a presentation on the matter in 
question and to inform the committee members of the speakers'

[[Page 105057]]

qualifications and/or financial interests and professional 
relationships pertaining to the matter before the committee, so that 
the members can objectively evaluate each speaker's presentation.
     Records about subscribers (members of the public who 
subscribe to receive publications or other information issued or posted 
by a particular Federal advisory committee) are used for the purpose of 
maintaining the subscriber list (i.e., to add, update, or remove a 
subscriber's contact information when requested by that individual) and 
may also be used to indicate if a particular subscriber needs to 
receive information in a particular format, as a reasonable 
accommodation, in order to provide information to that subscriber in 
that format.
     Records about registrants (members of the public who 
register as attendees for in-person and web-based Federal advisory 
committee meetings) are used for the purpose of maintaining the meeting 
registration lists and may also be used to indicate if a particular 
registrant needs a sign language interpreter, wheelchair access, or 
other accommodation to participate in a meeting.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The records are about these categories of individuals:
     Committee members. Individuals who have been or presently 
are members of, or are being considered for, membership on a Federal 
advisory committee within the jurisdiction of HHS. Individuals may be 
appointed to serve on an advisory committee as a FGE pursuant to 42 CFR 
102-3.130(a); as a NIH peer review consultant as authorized by 42 
U.S.C. 282(b)(16); as a SGE pursuant to 5 U.S.C. 3109; or as a 
representative member when directed by statute or regulation (see, for 
example, 21 U.S.C. 360c(b) regarding representative members of FDA 
device panels, and 21 CFR 14.84 regarding representative members of 
standing technical advisory committees who represent consumer and 
industry interests).
     Subcommittee and working group members (some may also be 
committee members, covered in the preceding category).
     Guest speakers. Individuals whose professional background 
or other qualifications are checked and/or who are screened for 
possible conflicts of interest (financial interests and professional 
relationships) related to a matter they wish to speak on before an HHS 
Federal advisory committee (they may be non-Federal government 
employees or special government employees acting in a non-official, 
non-governmental capacity).
     Subscribers. Individual members of the public who have 
asked to be included in a Federal advisory committee mailing or 
emailing list to receive publications and other information from the 
committee.
     Meeting registrants. Individual members of the public who 
register to attend public Federal advisory committee meetings.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The categories of records are:
     Records about members and prospective members of HHS 
Federal advisory committees. These records consist of membership 
records, accountability records, and management records, containing 
name and other data such as the following about each member or 
prospective member: title, gender, place and date of birth, contact 
information (e.g., home address, business address, telephone number, 
email address), contact information for any assistant or organization 
contact assisting the member or prospective member, organizational 
affiliation, degrees held, general educational background, ethnic 
background, resume, curriculum vitae, dates of term on advisory 
committee, status on advisory committee, reason for leaving advisory 
committee, indication of previous or current membership on other 
advisory committees, special qualifications for the advisory committee 
membership, source or references who recommended the individual for 
membership on advisory committee, copies of any forms filed with the 
Office of Government Ethics (OGE) such as OGE Form 450, and 
miscellaneous correspondence. Additionally, memoranda justifying the 
individual's selection are included in the file if the individual 
doesn't meet certain statutory or other requirements for advisory 
committee membership (for example, where the individual has served 
repetitively on advisory committees and a policy requires a break in 
service).
     Records about members or prospective members of HHS 
Federal advisory committee working groups or subcommittees (subgroups). 
These records are similar to, but not co-extensive with, records about 
members and prospective members of committees, described above (for 
example, the OGE Form 450 isn't completed by subgroup members and 
prospective members unless they are also committee members or 
prospective members).
     Records about guest speakers. These consist of the 
completed disclosure form, containing the individual's identifying 
information and information about the individual's financial interests 
and professional relationships (such as: name, Federal employment 
status, securities held, contracts, grants, consulting, and 
professional relationships such as those with an employer, firm, 
organization or a person in the individual's professional network); and 
internal and external correspondence and associated information 
compiled by the agency in reviewing the disclosures.
     Records about subscribers. Such records typically are 
limited to the individual's name and mailing address or email address 
and, if applicable, preferred format.
     Records about meeting registrants. Such records include 
the individual's contact information and, if applicable, reasonable 
accommodation requests. Demographic information may also be included, 
if the particular registration form requests it.

RECORD SOURCE CATEGORIES:
    All information about a subscriber or meeting registrant is 
obtained directly from that individual. The vast majority of 
information about a committee member or prospective member, or a 
subcommittee or working group member or prospective member, is obtained 
directly from that individual, or from the individual's administrative 
assistant or organization contact; other information in the form of 
references and recommendations is obtained from other private 
individuals, program personnel, biographical reference books, private 
organizations, former employers, regional offices of HHS, Members of 
Congress, and other government sources. Information about a prospective 
guest speaker is provided directly by the individual or is derived or 
obtained from materials supplied by the individual, from observation 
and analysis made by agency staff, from correspondence between the 
agency and the individual, and from any other relevant source necessary 
to conduct a complete a review of the individual's disclosed 
qualifications and/or interests.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to other disclosures which are authorized directly in 
the Privacy Act statute at 5 U.S.C. 552a(b), information about a 
subject individual may be disclosed from this system of records to non-
HHS officers and employees, without the subject

[[Page 105058]]

individual's consent, as provided in these routine uses which are 
published pursuant to 5 U.S.C. 552a(b)(3):
    1. Records about committee members and guest speakers may be 
disclosed to GSA when HHS enters and uploads committee information and 
records in GSA's facadatabase.gov system, for the purpose of keeping 
Congress and the public informed of the existence, membership, and 
activities of advisory committees as authorized by the FACA at 5 U.S.C. 
1002(b)(5). Committee member names are also disclosed in administrative 
reports to the President and OMB.
    2. HHS may publicly disclose the names of and limited information 
about qualifications (e.g., professional backgrounds) and financial 
disclosures of members of HHS Federal advisory committees, 
subcommittees, and working groups, and about guest speakers, on its 
websites and in facadatabase.gov. Information made public will be 
limited to information that HHS would be required to release to a 
requester under FOIA; meaning, information that would not result in a 
clearly unwarranted invasion of privacy.
    3. Relevant records may be disclosed to appropriate Federal, State, 
local, or Tribal agencies; international agencies; or foreign 
governments responsible for investigating, prosecuting, enforcing, or 
implementing statutes, rules, regulations, or orders, when HHS becomes 
aware of evidence of a potential violation of civil or criminal law. In 
most cases, these disclosures will be made after first referring the 
information to another HHS component, such as the HHS Office of the 
General Counsel or the HHS Office of the Inspector General, to 
determine if the information is appropriate to refer to an outside law 
enforcement or other appropriate agency; if that component makes the 
disclosure to an outside agency, the equivalent routine use published 
in that component's SORN would apply instead of this routine use.
    4. Records may be disclosed to DOJ or to a court or other 
adjudicative body in litigation or other adjudicative proceedings when 
HHS or any of its components, or any employee of HHS in his or her 
official capacity, or any employee of HHS in his or her individual 
capacity where the DOJ or HHS has agreed to represent the employee, or 
the United States, is a party to the proceedings or has an interest in 
the proceedings and, by careful review, HHS determines that the records 
are both relevant and necessary to the proceedings.
    5. Disclosure may be made to a congressional office from the record 
of an individual in response to a written inquiry from the 
congressional office made at the written request of that individual.
    6. Records may be disclosed to student volunteers, individuals 
working under a personal services contract, and other individuals 
performing functions for the Department but technically not having the 
status of agency employees, if they need to access the records in order 
to perform their assigned agency functions.
    7. Disclosures may be made to Federal agencies and HHS contractors 
that have been engaged by HHS to assist in accomplishment of an HHS 
function relating to the purposes of this system of records (including 
ancillary functions, such as compiling reports and evaluating program 
effectiveness and contractor performance) and that have a need to have 
access to the records in order to assist HHS in performing the 
activity. Any contractor will be required to comply with the 
requirements of the Privacy Act.
    8. Records may be disclosed to the Chairperson or Vice Chairperson 
of the relevant advisory committee to use for purposes such as 
determining membership on subcommittees, assigning tasks to members, 
and distributing information to members for meeting or other committee 
work purposes.
    9. Records may be disclosed to the Executive Office of the 
President, the Office of Management and Budget, or other agencies for 
coordination on advisory committee member selection.
    10. Records about a member or prospective member or guest speaker 
may be disclosed to any source from which additional information is 
requested by HHS (to the extent necessary to identify the individual, 
inform the source of the purpose of the request, and identify the type 
of information requested) when necessary to obtain information relevant 
to an HHS decision involving the individual.
    11. Records may be disclosed to a Federal, foreign, State, local, 
Tribal, or other public authority of the fact that this system of 
records contains information relevant to that entity's decision 
regarding hiring or retention of an employee, retention of a security 
clearance, letting of a contract, or issuance or retention of a 
license, grant or other benefit, so that it may then make a request 
supported by the written consent of the individual for further 
information if it so chooses. HHS will not make an initial disclosure 
unless the information has been determined to be sufficiently reliable 
to support a referral to another office within the agency or to another 
Federal agency for criminal, civil, administrative, personnel, or 
regulatory action.
    12. HHS may disclose records from this system of records to NARA, 
GSA, or other relevant Federal agencies in connection with records 
management inspections conducted under the authority of 44 U.S.C. 2904 
and 2906.
    13. Records may be disclosed to Federal agencies and entities 
(e.g., the Office of Government Ethics, the Government Accountability 
Office, or the General Services Administration) for program evaluation 
and assessment purposes, if disclosure of identifiable records is 
deemed appropriate by HHS counsel.
    14. Records may be disclosed to DHS if captured in an intrusion 
detection system used by HHS and DHS pursuant to a DHS cybersecurity 
program that monitors internet traffic to and from Federal government 
computer networks to prevent a variety of types of cybersecurity 
incidents.
    15. Disclosures may be made to appropriate agencies, entities, and 
persons when (1) HHS suspects or has confirmed that there has been a 
breach of the system of records; (2) HHS has determined that as a 
result of the suspected or confirmed breach there is a risk of harm to 
individuals, HHS (including its information systems, programs, and 
operations), the Federal Government, or national security; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with HHS efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    16. Disclosure may be made to another Federal agency or Federal 
entity, when HHS determines that information from this system of 
records is reasonably necessary to assist the recipient agency or 
entity in (1) responding to a suspected or confirmed breach or (2) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored in hard-copy files and on electronic media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by the subject individual's name, with the 
exception of

[[Page 105059]]

records about subscribers, which are retrieved by the subscriber's name 
or email address.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records about individuals who serve as members of Federal advisory 
committees and subgroups are retained and disposed of in accordance 
with NARA General Records Schedule (GRS) 6.2, Items 010, 040, and 050:
     Item 010 Substantive Committee Records requires 
substantive records related to committee and subgroup membership to be 
accessioned to the National Archives for permanent retention when the 
records are 15 years old or older or upon termination of the committee, 
whichever is sooner.
     Item 040 Committee Accountability Records (note that this 
item excludes forms filed under the Ethics in Government Act, and such 
forms are not covered by this SORN) authorizes accountability records 
(such as records about members' financial disclosures and conflicts of 
interest, and records documenting travel and other payments to or for 
committee members) to be destroyed when 6 years old unless longer 
retention is required for business use.
     Item 050 Non-substantive Committee Records authorizes 
records of an administrative nature, such as those documenting members' 
and prospective members' credentials, to be destroyed when superseded, 
obsolete, or no longer needed, or upon termination of the committee, 
whichever is sooner.
    Records about prospective members of Federal advisory committees 
are retained and disposed of in accordance with GRS 6.2, Item 050 (see 
above).
    Records about guest speakers are disposed of in accordance with GRS 
6.2, Item 040 (see above).
    Records about meeting registrants and subscribers are retained and 
disposed of in accordance with GRS 6.5, Item 020, which authorizes 
sign-up forms and distribution lists for distributing information such 
as publications and data produced by the agency to be deleted when 
superseded or obsolete or when the customer requests the agency to 
remove the records.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records are protected from unauthorized access through appropriate 
administrative, physical, and technical safeguards. Safeguards conform 
to the HHS Information Security and Privacy Program, https://www.hhs.gov/ocio/securityprivacy/. The safeguards include protecting 
the facilities where records are stored or accessed with security 
guards, badges, and cameras; securing hard-copy records in locked file 
cabinets, file rooms or offices during off-duty hours; limiting access 
to electronic databases to authorized users based on roles, the 
principle of least privilege, and either two-factor authentication or 
user ID and password; using a secured operating system protected by 
encryption, firewalls, and intrusion detection systems; encrypting data 
transmissions and records stored on removable media; using secure 
destruction methods prescribed in National Institute of Standards and 
Technology Special Publication 800-88 to dispose of eligible records; 
and training personnel in Privacy Act and information security 
requirements.

RECORD ACCESS PROCEDURES:
    An individual seeking access to records about him or her in this 
system of records must submit a written access request to the relevant 
System Manager, at the address indicated in the ``System Manager(s)'' 
section, above, in accordance with the Department's Privacy Act 
implementation regulations in 45 CFR. The request must contain the 
individual's full name and address, and, for identity verification 
purposes, signature, and date and place of birth. In addition, to 
verify the individual's identity, the individual must provide either a 
notarized request or a written certification that the individual is who 
he or she claims to be and understands that the knowing and willful 
request for acquisition of a record pertaining to an individual under 
false pretenses is a criminal offense under the Privacy Act, subject to 
a fine of up to $5,000.

CONTESTING RECORD PROCEDURES:
    An individual seeking to amend a record about him or her in this 
system of records must submit a written amendment request to the 
relevant System Manager, at the address indicated in the ``System 
Manager(s)'' section, above, in accordance with the Department's 
Privacy Act implementation regulations in 45 CFR. The request must 
contain the same information required for an access request, and must 
reasonably identify the record, specify the information contested, 
state the corrective action sought, provide the reasons for the 
amendment, and include any supporting justification or documentation. 
The individual must verify his or her identity in the same manner 
required for an access request. The right to contest records is limited 
to information that is factually inaccurate, incomplete, irrelevant, or 
untimely (obsolete).

NOTIFICATION PROCEDURES:
    An individual who wishes to know if this system of records contains 
records about him or her must submit a written notification request to 
the relevant System Manager at the address indicated in the ``System 
Manager(s)'' section, above, in accordance with the Department's 
Privacy Act implementation regulations in 45 CFR. The request must 
contain the same information required for an access request, and the 
individual must verify his or her identity in the same manner required 
for an access request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    47 FR 45514 (October 13, 1982); 59 FR 55845 (November 9, 1994); 83 
FR 6591 (February 14, 2018).

    Dated: December 13, 2024.
P. Ritu Nalubola,
Associate Commissioner for Policy.
[FR Doc. 2024-30782 Filed 12-23-24; 8:45 am]
BILLING CODE 4164-01-P