Food and Drug Administration, HHS.
Notice; changes to systems of records notices.
In accordance with the requirements of the Privacy Act of 1974 (the Privacy Act) and the Food and Drug Administration's (FDA) regulations for the protection of privacy, FDA is deleting four system of records notices (SORNs) from its existing inventory of SORNs and adding routine uses to the remaining SORNs. The systems related to the SORNs that are being deleted are no longer in use by FDA. The additional routine uses are for standard disclosures common to systems across the government. They allow disclosure to other Federal Agencies and contractors as needed to respond to a breach of system security or confidentiality, to contractors or other external individuals performing work for FDA that requires access to Agency records subject to the Privacy Act, to Federal record keeping authorities for the purpose of records management oversight, to appropriate public authorities when a record indicates a potential violation of law, and to the U.S. Department of Justice (DOJ) for guidance on Freedom of Information Act issues. FDA will require that all of these recipients comply with the requirements of the Privacy Act. The added routine uses will be inserted in each existing system notice and will be included in future FDA SORNs.
This notice will be effective on June 27, 2014, with the exception of the new and altered routine uses. Those routine uses will become effective on August 11, 2014. Submit either electronic or written comments by August 11, 2014.
You may submit comments, identified by Docket No. FDA-2014-N-0421, by any of the following methods:
Submit electronic comments in the following way:
Submit written submissions in the following ways:
Mail/Hand delivery/Courier (for paper submissions): Division of Dockets Management (HFA-305), Food and Drug Administration, 5630 Fishers Lane, Rm. 1061, Rockville, MD 20852.
Instructions: All submissions received must include the Agency name and Docket No. FDA-2014-N-0421 for this notice. All comments received may be posted without change to http://www.regulations.gov, including any personal information provided. For additional information on submitting comments, see the “Comments” heading of the SUPPLEMENTARY INFORMATION section of this document.
Docket: For access to the docket to read background documents or comments received, go to http://www.regulations.gov and insert the docket number(s), found in brackets in the heading of this document, into the “Search” box and follow the prompts and/or go to the Division of Dockets Management, 5630 Fishers Lane, Rm. 1061, Rockville, MD 20852.
Start Further Info
FOR FURTHER INFORMATION CONTACT:
Frederick Sadler or Cullen Cowley, Division of Freedom of Information, Food and Drug Administration, 12420 Parklawn Dr., Rm. 1050, Rockville, MD 20857, 301-796-3900.
End Further Info
Start Supplemental Information
I. Deleted System of Records Notices
FDA is deleting the following SORNs because the record systems are no longer in use.
1. Science Advisor Research Associate Program, HHS/FDA/ORA, System No. 09-10-0007. First published in the Federal Register, September 29, 1977 (42 FR 51922 at 52146); complete text republished in the Federal Register, November 24, 1986 (51 FR 42524 at 42530).
2. Radiation Protection Program Personnel Monitoring System, HHS/FDA/CDRH, System No. 09-10-0008. First published in the Federal Register, September 29, 1977 (42 FR 51922 at 52147); complete text republished November 24, 1986 (51 FR 42524 at 42531); and published as revised with updated system location and manager information, December 31, 1992 (57 FR 62828 at 62829).
3. Certified Retort Operators, HHS/FDA/CFSAN, System No. 09-10-0011. First published in the Federal Register, September 29, 1977 (42 FR 51922 at 52148); complete text republished November 24, 1986 (51 FR 42524 at 42534); and published as revised with minor changes, December 29, 1993 (58 FR 69056).
4. Epidemiological Research Studies of the Center for Devices and Radiological Health, HHS/FDA/CDRH, System No. 09-10-0017. First published in the Federal Register, May 29, 1979 (44 FR 30765 at 30766); republished with minor changes in December 28, 1994 (59 FR 67087).
II. Routine Uses To Be Added to the FDA Inventory of SORNS
A. New Routine Uses
For the reasons described in this document, FDA is adding the following routine use disclosures to its SORNs.
1. “Disclosure may be made to appropriate Federal agencies and Department contractors that have a need to know the information for the purpose of assisting the Department's efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in this system of records, and the information disclosed is relevant and necessary for that assistance.”
The Office of Management and Budget (OMB) and the Department of Health and Human Services (HHS) have directed agencies to include a routine use providing for disclosure of system information to facilitate a Federal level response to a breach of system security. In accordance with OMB Memorandum (M) 07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information, HHS policy specifies that all HHS Operating and Staff Divisions incorporate this routine use language as a part of the normal SORN review and publication process. The underlying operational reason for this routine use is that other Federal Agencies, HHS officials and contractors, and FDA contractors may need access to individually identifiable information that is relevant and necessary for assisting in the response to a suspected or confirmed breach of the security or confidentiality of information maintained in systems of records.
Federal law and policy require the Agency to maintain appropriate safeguards for the systems, and, individuals whose data is in the systems expect the Agency to maintain the integrity of their information and secure Start Printed Page 36537it against unauthorized use or disclosure. The Privacy Act requires that personal information be secured against potential misuse by unauthorized persons (5 U.S.C. 552a(e)(10)). The Federal Information Security Management Act of 2002 (FISMA), enacted as Title III of the E-Government Act of 2002 (44 U.S.C. 3541 et seq.), requires that agencies protect data and information systems from unauthorized use, disclosure, disruption, modification and destruction, in order to preserve data integrity, confidentiality, and availability.
2. “Disclosure may be made to the National Archives and Records Administration and/or the General Services Administration for the purpose of records management inspections conducted under authority of 44 U.S.C. 2904 and 2906.”
This routine use is necessary to enable the National Archives and Records Administration (NARA) and/or the General Services Administration (GSA) to carry out records management functions.
3. “Disclosure may be made to contractors and other persons who perform services for the agency related to this system of records and who need access to the records to perform those services. Recipients shall be required to comply with the requirements of the Privacy Act of 1974, as amended, 5 U.S.C. 552a.”
Where FDA engages a contractor to carry out a function related to a system of records, this routine use permits disclosure to those individuals who require access to the records in order to perform the contracted work. The routine use is necessary to enable FDA to function in an effective and coordinated fashion. Additionally, OMB directs agencies to include such a routine use for disclosure to contractor personnel (Appendix I to OMB Circular A-130—Federal Agency Responsibilities for Maintaining Records About Individuals, available at http://www.whitehouse.gov/omb/circulars_a130_a130trans4). FDA will require that individuals to whom records are disclosed comply with the information handling obligations imposed on Federal Agencies by the Privacy Act.
4. “When a record on its face, or in conjunction with other records, indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature, disclosure may be made to the appropriate public authority, whether federal, foreign, state, local, or tribal, or otherwise, responsible for enforcing, investigating or prosecuting such violation, if the information disclosed is relevant to the responsibilities of the agency or public authority.”
When a record in an agency system of records by itself or in combination with other records indicates a violation of law, this routine use allows FDA to provide the record to the appropriate law enforcement entity in order to maintain the integrity of the program and ensure trust in the system.
5. “In the event HHS/FDA deems it desirable or necessary, in determining whether particular records are required to be disclosed under the Freedom of Information Act, disclosure may be made to the Department of Justice for the purpose of obtaining its advice.”
DOJ is the lead Agency on Federal implementation of the Freedom of Information Act (FOIA). This routine use enables FDA to share Privacy Act records with DOJ to effectively consult with DOJ regarding the potential disclosure of the records under the FOIA as permitted under the relevant provision of the Privacy Act, 5 U.S.C. 552a(b)(2).
B. FDA Systems of Records Notices to Which New Routine Uses Will Be Added
FDA will add the specified routine uses to the remaining FDA SORNs that do not already contain the same or similar provisions. A list of these SORNs is as follows:
09-10-0002 Regulated Industry Employee Enforcement Records.
09-10-0003 FDA Credential Holder File.
09-10-0004 Communications (Oral and Written) With the Public.
09-10-0005 State Food and Drug Official File.
09-10-0009 Special Studies and Surveys on FDA-Regulated Products. Only the first, second, fourth, and fifth routine uses described in this document will be added to this SORN. It already contains a routine use covering disclosure to contractors who perform services for FDA.
09-10-0010 Bioresearch Monitoring Information System. Only the second, fourth, and fifth routine uses described in this document will be added to this SORN. It already contains the routine uses regarding limited disclosure to contractors and other Agencies.
09-10-0013 Employee Conduct Investigative Records.
09-10-0018 Employee Identification Card Information Records.
09-10-0019 Mammography Quality Standards Act (MQSA) Training Records.
09-10-0020 FDA Records Related to Research Misconduct Proceedings. Only the fifth routine use listed in this document will be added to this SORN. It already contains routine uses that are the same as or similar to the other four.
09-10-0021 User Fee System. Only the fourth routine use listed in this document will be added to this SORN. It already contains routine uses that are the same as or similar to the other four.
Interested persons may submit either electronic comments regarding this document to http://www.regulations.gov or written comments to the Division of Dockets Management (see ADDRESSES). It is only necessary to send one set of comments. Identify comments with the docket number found in brackets in the heading of this document. Received comments may be seen in the Division of Dockets Management between 9 a.m. and 4 p.m., Monday through Friday, and will be posted to the docket at http://www.regulations.gov.
End Supplemental Information
Dated: June 23, 2014.
Assistant Commissioner for Policy.
[FR Doc. 2014-15022 Filed 6-26-14; 8:45 am]
BILLING CODE 4164-01-P