Start Printed Page 72687
Food and Drug Administration, HHS.
Notice of a Privacy Act system of records.
In accordance with the requirements of the Privacy Act of 1974 (the Privacy Act) and the Food and Drug Administration's (FDA or the Agency) regulations for the protection of privacy, FDA is publishing notice of a Privacy Act system of records entitled, “FDA Commissioning of State and Local Officials, HHS/FDA/ORA” System No. 09-10-0022. FDA is deleting the System of Records Notice (SORN) for “FDA Credential Holder File, HHS/FDA/OC” System No. 09-10-0003, because the records covered by that SORN are now covered by this new SORN and by existing personnel records SORNs. The new system of records will contain information about State and local officials who have applied for an FDA commission that would allow them to assist FDA with its regulatory compliance and enforcement efforts. FDA will use the records in this system to assess qualifications of commissioning candidates, initiate background investigations, record the status of applications, and track the status of commissioned officials.
Effective Date: The new system of records will be effective on December 8, 2014 with the exception of the routine uses. The routine uses will be effective on January 22, 2015. Submit either electronic or written comments by January 22, 2015.
You may submit comments by any of the following methods:
Submit electronic comments in the following way:
Submit written submissions in the following ways:
- Mail/Hand delivery/Courier (for paper submissions): Division of Dockets Management (HFA-305), Food and Drug Administration, 5630 Fishers Lane, Rm. 1061, Rockville, MD 20852.
Instructions: All submissions received must include the Docket No. FDA-2014-N-1697 for this notice. All comments received may be posted without change to http://www.regulations.gov, including any personal information provided. For additional information on submitting comments, see the “Comments” heading of the SUPPLEMENTARY INFORMATION section of this document.
Docket: For access to the docket to read background documents or comments received, go to http://www.regulations.gov and insert the docket number, found in brackets in the heading of this document, into the “Search” box and follow the prompts and/or go to the Division of Dockets Management, 5630 Fishers Lane, Rm. 1061, Rockville, MD 20852.
Start Further Info
FOR FURTHER INFORMATION CONTACT:
Ryan Cates, Office of Partnerships, Food and Drug Administration, Element Building, 12420 Parklawn Dr., Rockville, MD 20857, 301-796-5390, FAX: 301-827-3588, OP-ORA@fda.hhs.gov.
End Further Info
Start Supplemental Information
I. Background on the New System and the Deleted System
The FDA is establishing a new system of records referred to as the Commissioning of State and Local Officials (COSLO) system, to maintain records regarding State and local officials who apply to be commissioned by FDA. Under section 702(a)(1)(A) of the Federal Food, Drug, and Cosmetic Act (FD&C Act) (21 U.S.C. 372(a)(1)(A)), FDA can commission a health, food, or drug officer or employee of any State, territory, or political subdivision thereof (hereafter State and local officials) to conduct examinations and investigations for the purposes of the FD&C Act.
In addition, FDA is deleting the SORN entitled “FDA Credential Holder File, HHS/FDA/OC” (System No. 09-10-0003). The records covered by that SORN (credential records for FDA employees and commissioned officials) will now be covered by this SORN for the COSLO system which contains records pertaining to commissioned officials, and by other existing personnel SORNs for records pertaining to FDA employees.
Issued in Homeland Security Presidential Directive 12, “Policy for a Common Identification Standard for Federal Employees and Contractors,” FDA has completed the process of issuing Personal Identity Verification (PIV) badges to current employees and contractors, and will do the same for all new employees and contractors hired in the future. Records pertaining to those badges and background investigations are covered under HHS department-wide SORN No. 09-90-0777 entitled “Facility and Resource Access Control Records System.” Any additional records maintained to identify or manage FDA personnel designated to conduct examinations and inspections under the FD&C Act would be covered by HHS department-wide SORN No. 09-90-0018 entitled “Personnel Records in Operating Offices” or another personnel SORN.
State and local officials who assist with FD&C Act examinations and inspections are issued one or two types of credentials that differ in scope. All commissioned individuals receive Certificates of Commission and are permitted to receive and review FDA documents. A subset of commissioned individuals also receive personal “pocket credentials” identifying them as FDA commissioned officers and authorizing them to perform additional activities such as conducting inspections, collecting samples, and verifying records. To obtain pocket credentials, State and local officials undergo an Office of Personnel Management level 5 background investigation. FDA commission credentials are different from the PIV badges issued to FDA employees and contractors, and are manufactured and issued by FDA's Office of Security Operations, and are not within the scope of HHS department-wide SORN No. 09-90-0777.
II. The Privacy Act
The Privacy Act of 1974 (Pub. L. 93-579) (5 U.S.C. 552a), as amended, governs the means by which the U.S. Government collects, maintains, and uses information about individuals in a system of records. A “system of records” is a group of any records under the control of a Federal Agency from which information about an individual is retrieved by the individual's name or other personal identifier. The Privacy Act requires each Agency to publish in the Federal Register a SORN identifying and describing each system of records the Agency maintains, including the purposes for which the Agency uses information about individuals in the system, the routine uses for which the Agency discloses such information outside the Agency, and how individual record subjects can exercise their rights under the Privacy Act (for example, to determine if the system contains information about them). Start Printed Page 72688
A. System Number
B. System Name
FDA Commissioning of State and Local Officials, HHS/FDA/ORA.
C. Security Classification
D. System Location
Records are maintained at several FDA Headquarters locations and in component offices of the FDA, in both Montgomery County, MD and field locations across the United States.
E. Categories of Individuals Covered by the System
The records in this system will contain data collected from the FDA commissioning applications of individuals who are State and local officials who wish to be commissioned under section 702(a)(1)(A) of the FD&C Act. This information is gathered for the purpose of processing and validating each individual's qualifications for commissioning, to initiate the mandatory background investigation, and to track the status of commissioned officials.
Privacy Act notification, access, and amendment rights relative to the records maintained in this system are available only to individuals who are the subject of records in this system. The individuals who are the subjects of the records stored in this system are the State or local officials who are currently commissioned, have applied for a commission, and/or were commissioned or rejected in the past. Although records in the system may contain personally identifiable information related to other individuals, only the specified commissioned or commission-seeking individuals are considered subjects of records in this system.
F. Categories of Records in the System
The records in this system will include: Full name, aliases, date of birth, home address, work address, telephone number, work or personal email address, photograph, educational history, job title, agency, division, area of expertise, employment history, supervisor's name, signature, and the outcome of the background investigation of individuals who apply for a commission. Should a commissioned individual with pocket credentials lose their credentials, he or she will typically file a police report and provide a copy of the report to FDA where it is kept in the individual's commissioning file. In addition, the records in the system will describe the nature of the authority granted to a commissioned individual, the relevant regulatory program area, the date the commission was issued, and date of expiration.
G. Authority for Maintenance of the System
The authorities for maintaining this system are: Section 702(a) of the FD&C Act, 44 U.S.C. 3101, and 5 U.S.C. 301.
H. Purpose(s) of the System
Relevant Agency personnel will use records from this system on a need-to-know basis to:
- Centrally gather data enabling FDA to determine the suitability, eligibility, and qualifications of State and local officials to whom FDA might offer commissions;
- enable FDA to securely commission and credential State and local officials who are particularly qualified to assist FDA in a special manner for which FDA credentials are required;
- ensure the safety and security of FDA facilities, systems, information, and of facility occupants and users;
- provide appropriate access to FDA information systems, networks, and resources;
- enhance FDA's ability to ensure the safety of FDA-regulated products through a secure commissioning process; and
- centrally gather data on commissioned officials, thereby enabling FDA to efficiently maintain the commissioning program and to support activities, such as quickly ascertaining which officials are particularly qualified to carry out official responsibilities and providing this information as necessary to our State and local counterparts.
I. Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses
These routine uses specify circumstances, in addition to those provided by the Privacy Act at 5 U.S.C. 552a(b), under which records may be disclosed to recipients outside HHS, without the individual record subject's prior written consent:
- Public disclosures may be made (for example, on FDA's Web site) of the names of commissioned officials, and other basic information, including the identification of their State or local agency, their job titles, the type of commission, any specific commissioned areas, and the date of their commission, to the extent disclosure is not an unwarranted invasion of personal privacy.
- Disclosure may be made to appropriate Federal Agencies and Department contractors that have a need to know the information for the purpose of assisting the Department's efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in this system of records, provided the information disclosed is relevant and necessary for that assistance.
- Disclosure may be made to a Federal, State, local, territorial, tribal, foreign, or other public authority, on request, in connection with the hiring or retention of an employee, the issuance or retention of a security clearance, the letting of a contract, or the issuance or retention of a license, grant, or other benefit, to the extent that the information is relevant and necessary to the requesting Agency's decision. No disclosure will be made unless the information has been determined to be sufficiently reliable to support a referral to another office within the Agency or to another Federal Agency for criminal, civil, administrative, personnel, or regulatory action.
- Disclosure of system information may be made to a State, local, territorial, and tribal agencies or governments to provide copies of records that were originally provided to the Agency by that entity.
- Disclosure may be made to Federal Agencies, contractors, and other individuals or entities who perform services for the Agency related to this system of records and who need access to the records to perform those services. Recipients shall be required to comply with the requirements of the Privacy Act of 1974, as amended, 5 U.S.C. 552a.
- When a record on its face, or in conjunction with other records, indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature, disclosure may be made to the appropriate public authority, whether Federal, foreign, State, local, or tribal, or otherwise, responsible for enforcing, investigating, or prosecuting such violation, if the information disclosed is relevant to the responsibilities of the Agency or public authority.
- Disclosure may be made to a court or other tribunal or adjudicative body in a proceeding, when:
○ The Agency or any component thereof; or
○ any employee of the Agency in his or her official capacity; or
○ any employee of the Agency in his or her individual capacity where the Department of Justice (DOJ) has agreed to represent the employee; or
○ the U.S. Government, is a party to the proceeding or has an interest in such proceeding and, by careful review, the Agency determines that the records are Start Printed Page 72689both relevant and necessary to the proceeding and the use of such records is therefore deemed by the Agency to be for a purpose that is compatible with the purpose for which the Agency collected the records.
- Disclosure may be made to the National Archives and Records Administration (NARA) and/or the General Services Administration for the purpose of records management inspections conducted under authority of 44 U.S.C. 2904 and 2906.
- Disclosure may be made to the DOJ when:
○ The Agency or any component thereof; or
○ any employee of the Agency in his or her official capacity; or
○ any employee of the Agency in his or her individual capacity where the Agency or the DOJ has agreed to represent the employee; or
○ the U.S. Government, is a party to litigation or has an interest in such litigation and, by careful review, the Agency determines that the records are both relevant and necessary to the litigation and the use of such records by the DOJ is therefore deemed by the Agency to be for a purpose that is compatible with the purpose for which the Agency collected the records.
- In the event HHS/FDA deems it desirable or necessary, in determining whether particular records are required to be disclosed under the Freedom of Information Act, disclosure may be made to the DOJ for the purpose of obtaining its advice.
J. Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System
Records are maintained in hard copy files, image files, electronic hard drive, file servers, and other electronic data storage devices.
To retrieve information, the system database is typically queried using any of the internal data fields. The data fields encompass any data criterion that is entered into the system including, but not limited to, name, FDA region, credential number (if issued pocket credentials), certificate expiration date, State, program area, or authority.
a. Authorized users. Access is restricted to FDA employees and contractors with a Level 5 or higher clearance who have a need for the records in the performance of their duties.
b. Procedural and technical safeguards. Technical controls include identification and authentication of the authorized user, access control, audit and accountability, system and communication protection, timely account disablement/deletion, configuration management, maintenance, system and information integrity, media protection, and incident response. These controls extend to remote users as well.
c. Physical safeguards. Physical safeguards include controlled-access buildings where all records (such as diskettes, computer listings, and paper documents) are maintained in secured areas, locked buildings, locked rooms, and locked cabinets.
K. Retention and Disposal
Commissioning records are maintained in accordance with FDA's Records Control Schedule and the applicable General Records Schedule and disposition schedules approved by NARA. Commissioning records fall under NARA approved citation N1-088-09-02 for Commissioning Documents, the Nationwide List of FDA Commissions, and Summary Reports of FDA Commissions. Commissioning documents are deleted/destroyed 5 years after the end of the fiscal year in which a commission is revoked or expires. Records within the nationwide list of FDA commissions are deleted/destroyed 5 years after the fiscal year when they become obsolete or are superseded. Summary reports of FDA commissions are deleted/destroyed after the nationwide list of FDA Commissions has been updated.
L. System Manager(s) and Address
Ryan Cates, Food and Drug Administration, Office of Partnerships, Element Building, 12420 Parklawn Dr., Rockville, MD 20857, 301-796-5390, FAX: 301-827-3588, OP-ORA@fda.hhs.gov.
M. Notification Procedure
In accordance with 21 CFR part 21 Subpart D, an individual may submit a request to the FDA Privacy Act Coordinator, with a notarized signature, to confirm whether records exist about him or her. Requests should be directed to the FDA Privacy Act Coordinator, Division of Freedom of Information, 12420 Parklawn Dr., ELEM-1029, Rockville, MD 20857. An individual requesting notification via mail should certify in his or her request that he or she is the individual who he or she claims to be and that he or she understands that the knowing and willful request for or acquisition of a record pertaining to an individual under false pretenses is a criminal offense under the Privacy Act subject to a $5,000 fine, and indicate on the envelope and in a prominent manner in the request letter that he or she is making a “Privacy Act Request.” Additional details regarding notification request procedures appear in 21 CFR part 21, subpart D. A commission holder may also request an opportunity to review his or her own file by contacting the appropriate Regional Food and Drug Director.
N. Record Access Procedures
Procedures are the same as above, in the Notification Procedure section. Requesters should also reasonably specify the record contents being sought. Some records may be exempt from access under 5 U.S.C. 552a(d)(5), if they are “compiled in reasonable anticipation of a civil action or proceeding.” If access to requested records is denied, the requester may appeal the denial to the FDA Commissioner. Additional details regarding record access procedures and identity verification requirements appear in 21 CFR part 21, subpart D.
O. Contesting Record Procedures
In addition to the procedures described above, requesters should reasonably identify the record, specify the information they are contesting, state the corrective action sought and the reasons for the correction, and provide information justifying why the record is not accurate, complete, timely, or relevant to an FDA purpose. Rules and procedures regarding amendment of Privacy Act records appear in 21 CFR part 21, subpart E.
P. Record Source Categories
Information in this system is obtained from the following sources: Directly from a commissioned individual or individual under consideration for commissioning; FDA employee; FDA contractor; sponsoring State, local or Federal agency; former sponsoring, employing or commissioning agency; other State, local or Federal agencies; contract employer; and the subject individual's former employer.
Q. Records Exempted from Certain Provisions of the Privacy Act
Interested persons may submit either electronic comments regarding this document to http://www.regulations.gov or written comments to the Division of Dockets Management (see ADDRESSES). It is only necessary to send one set of comments. Identify comments with the docket number found in brackets in the Start Printed Page 72690heading of this document. Received comments may be seen in the Division of Dockets Management between 9 a.m. and 4 p.m., Monday through Friday, and will be posted to the docket at http://www.regulations.gov.
End Supplemental Information
Dated: December 1, 2014.
Associate Commissioner for Policy.
[FR Doc. 2014-28634 Filed 12-5-14; 8:45 am]
BILLING CODE 4164-01-P