1. Home
  2. Regulatory Information
  3. Freedom of Information
  4. Privacy Act
  1. Freedom of Information

Privacy Act

FDA is pleased to provide the following materials regarding the Agency's privacy program.

How to Make a Privacy Act Request 
How to Submit a Privacy Question or Complaint
Privacy Program Resources
Privacy Impact Assessments (PIAs)
Privacy Act Records & Applicable System of Records Notices (SORNs)
FDA Systems Containing Privacy Act Records & Applicable System of Records Notices (SORNs)
FDA Privacy Act Systems of Records Notices (SORNs)
Department of Health and Human Services (HHS) SORNs
Rescinded FDA SORNs
Government-Wide SORNs
FDA Exempt Systems

How to Make a Privacy Act Request

Please see the FDA's Privacy Regulations for a detailed description on how to submit a Privacy Act Request to obtain records about yourself which you believe FDA maintains in one of the Agency’s Privacy Act Systems of Records (list available below).

You may submit a record request and questions by email to FDAPrivacyOffice@fda.hhs.gov.

When submitting a request for a Privacy Act record, please also complete and sign this Certification of Identity form (FDA 3975, pdf for download) and include it with your request. PLEASE NOTE: You do NOT need to provide your Social Security number (SSN) or date of birth (DOB). You may complete the other fields and sign the form without providing SSN and DOB and the FDA Privacy Office will accept your request. It is also helpful if you identify the relevant FDA Privacy Act System of Records (listed below) and provide other details to guide record search efforts.

If you seek records that are not about you or an individual you formally represent, and/or are not within a Privacy Act System of Records, please see the FDA’s Freedom of Information Act (FOIA) page to submit a request under FOIA.

How to Submit a Privacy Question or Complaint

You may submit a privacy question or complaint by email to FDAPrivacyOffice@fda.hhs.gov.

Privacy Program Resources

FDA Privacy Act Systems of Records Notices (SORNs)

Government-Wide SORNs

Department of Health and Human Services (HHS) SORNs

Privacy Impact Assessments (PIAs)

A PIA is a decision-making tool used to identify and mitigate privacy risks at the beginning of and throughout the development life cycle of a program or system. It helps the public understand what personally identifiable Information (PII) the Department is collecting, why it is being collected, and how it will be used, shared, accessed, secured and stored.

Approved PIAS are published on the HHS Privacy Impact Assessment page.

Approved Third-Party Website and Applications PIAs are published on the HHS Privacy Impact Assessment page.

Privacy Act Records & Applicable System of Records Notices (SORNs)

Privacy Act Systems of Records Notices (SORNs) describe government records subject to the Privacy Act, relevant use and disclosure practices, and record access and amendment procedures. The Privacy Act requires agencies to publish SORNs in the Federal Register and make them available online. SORNs specific to FDA records that are subject to the Privacy Act are listed below.

FDA also maintains Privacy Act records covered by SORNs published by the Department of Health and Human Services (HHS) or other federal agencies and which are, respectively, HHS-wide and/or government-wide in scope. These SORNs address information collection activities that are common within HHS and across government (e.g., human resources records, for which publication of individual agency SORNs would be duplicative). SORNs for HHS systems are available online at HHS System of Records Notices (SORNs) | HHS.gov. Likewise, SORNs published by agencies outside HHS and which apply to records across the federal government are available at SORNs. HHS-wide and government-wide SORNs that apply to FDA records are listed below.

In a June 27, 2014 Federal Register Notice FDA added certain standard “routine uses” to the Agency’s remaining SORNs. These added routine uses provide for appropriate disclosures of records to contract employees, to recordkeeping authorities, to law enforcement authorities when a record indicates a violation of law, to the U.S. Department of Justice in the course of obtaining Freedom of Information Act guidance, and to relevant offices and organizations in the course of responding to security breaches. These routine uses are described in more detail in the June 27, 2014 Notice available online at SORNs.

FDA Systems Containing Privacy Act Records & Applicable System of Records Notices (SORNs)

The following FDA systems contain Privacy Act records. The list cites the FDA, HHS and/or Government-wide SORNs that apply to each system. Those SORNs are listed in another section below which links to the full content of each SORN.

FDA Privacy Act Systems (Click to see list)

 CDER

  • CDER Regulatory Tracking and Quality Management Systems - CDER Legacy Refresh. SORN 09-10-0010, Bioresearch Monitoring Information System, HHS/FDA.
  • CDER St. Louis Laboratory Informatics System - CDER DPA MasterControl. SORN OPM/GOVT-1, General Personnel Records, OPM.
  • CDER Study Data Review Tools - CDER SARITA. SORNs OPM/GOVT-1, General Personnel Records, OPM and 09-90-0777, Facility and Resource Access Control Records, HHS.

CDRH

  • CDRH Center Engagement and Workforce Development - CDRH Acquisition & Administrative Planning System Human Resources (HR) Position Based Management (PBM). SORN OPM/GOVT-1, General Personnel Records, OPM.
  • CDRH Center Engagement and Workforce Development - CDRH Cornerstone OnDemand. SORNs OPM/GOVT-1, General Personnel Records, OPM and 09-40-0001, Public Health Service (PHS) Commissioned Corps General Personnel Records, HHS.
  • CDRH Center Engagement and Workforce Development - CDRH Questionmark on Demand for Government. SORN OPM/GOVT-1, General Personnel Records, OPM.
  • CDRH Reporting and Collection Tools - CDRH FOIAXPress. SORN 09-90-0058, Tracking Records and Case Files for FOIA and Privacy Act Requests and Appeals, HHS.

CTP

  • CTP eDiscovery. SORNs 09-10-0002, Regulated Industry Employee Enforcement Records, HHS/FDA and 09-10-0013, Employee Conduct Investigative Records, HHS/FDA. 
  • CTP Stakeholder Relationship Management System (SRMS). SORNs 09-10-0002, Regulated Industry Employee Enforcement Records, HHS/FDA/OC and 09-90-1901, HHS Correspondence, Customer Service, and Contact List Records.
  • CTP Tobacco Registration and Listing Module. SORN 09-10-0002, Regulated Industry Employee Enforcement Records, HHS/FDA.

OC

  • OC AdminApps - Awards Application. SORN OPM/GOVT-1, General Personnel Records, OPM. 
  • OC AdminApps - OC Advisory Committee Tracking and Reporting System (FACTRS). SORN 09-90-0059, Federal Advisory Committee Membership Files, HHS/OS/ASPER.
  • OC AdminApps - OC Correspondence. SORN 09-90-1901, HHS Correspondence, Customer Service, and Contact List Records.
  • OC AdminApps - OC eArrive. SORNs OPM/GOVT-1, General Personnel Records, OPM and 09-90-0777, Facility and Resource Access Control Records, HHS.
  • OC AdminApps - OC eDepart. SORN OPM/GOVT-1, General Personnel Records, OPM.
  • OC AdminApps - OC Employee Invention Report. SORN 09-90-0067, Invention, Patent, and Licensing Documents Related to Inventions By Public Health Service Employees, Grantees, Fellowship Recipients, and Contractors.
  • OC AdminApps - OC Enterprise Administrative Support Environment (EASE). SORNs OPM/GOVT-1, General Personnel Records, OPM and 09-90-0777, Facility and Resource Access Control Records, HHS and 09-90-0008, Conflict of Interest Records.
  • OC AdminApps - OC Ethics. SORNs 09-90-0008, Conflict of Interest Records, HHS/OS/ASPER and OPM/GOVT-1, General Personnel Records, OPM.
  • OC AdminApps - OC Federal Register Document Tracking System. SORN OPM/GOVT-1, General Personnel Records, OPM.
  • OC AdminApps - OC Freedom of Information (FOI). SORN 09-90-0058, Tracking Records and Case Files for FOIA and Privacy Act Requests and Appeals and 09-90-0024, UHHS Financial Management System Records and 09-40-0012, Debt Management and Collection System.
  • OC AdminApps - OC Help Desk Prime. SORN OPM/GOVT-1, General Personnel Records, OPM.
  • OC AdminApps - OC International Travel Management. SORN OPM/GOVT-1, General Personnel Records, OPM.
  • OC AdminApps - OC Record/Case Management. SORN 09-90-1901, HHS Correspondence, Customer Service, and Contact List Records.
  • OC AdminApps - OC Reporting and Analysis Module. SORN OPM/GOVT-1, General Personnel Records, OPM.
  • OC AdminApps - OC Security. SORNs OPM/GOVT-1, General Personnel Records, OPM and OPM/GOVT-5, Recruiting, Examining, and Placement Records, and 09-90-0777, Facility and Resource Access Control Records, HHS.
  • OC AdminApps - OC Traineeship Applicant Management System . SORN OPM/GOVT-5, Recruiting, Examining, and Placement Records, OPM.
  • OC AdminApps - Special and Permanent Employment – OCC Applicant Reviewer. SORN OPM/GOVT-5, Recruiting, Examining, and Placement Records, OPM.
  • OC Compliance Training System. SORN OPM/GOVT-1, General Personnel Records, OPM. 
  • OC Digital Solution Partners Salesforce - OC Insight Time Reporting. SORN OPM/GOVT-1, General Personnel Records, OPM.
  • OC Digital Solution Partners Salesforce - OC OGPS Global Tours Portal. OPM/GOVT-1, General Personnel Records, OPM.
  • OC EntelliTrak - OC OO Entellitrak. SORNs 09-90-2103, Accommodation Records About HHS Civilian Employees, Contractors and Visitors, and OPM/GOVT–5, Recruiting, Examining, and Placement Records.
  • OC Enterprise eDiscovery System - OC Enterprise eDiscovery. SORNs 09-10-0002, Regulated Industry Employee Enforcement Records, HHS/FDA and 09-10-0013, Employee Conduct Investigative Records, HHS/FDA.
  • OC Ethics Analytics - OC Ethics Analytics (OEA). SORNs 09-90-2103, Accommodation Records About HHS Civilian Employees, Contractors and Visitors, and OPM/GOVT–5, Recruiting, Examining, and Placement Records, OPM.
  • OC FOIA Workflow Application. SORNs 09-90-0058, Tracking Records and Case Files for FOIA and Privacy Act Requests and Appeals and 09-90-0024, Financial Transactions of HHS Accounting and Finance Offices and 09-40-0012, Debt Management and Collection System.
  • OC GSS1 Network and Telecom - OC Unified Communication Services (UCS). SORN 09-90-1901, HHS Correspondence, Comment, Customer Service, and Contact List Records, HHS.
  • OC GSS4 Enterprise Tools and Services - OC Continuous Diagnostics Monitoring. SORNs 09-90-0777, Facility and Resource Access Control Records, HHS and OPM GOVT-1, General Personnel Records, OPM.
  • OC GSS4 Enterprise Tools and Services - OC Physical and Personnel Security System (PPSS). SORNs OPM/GOVT-1, General Personnel Records, OPM and 09-90-0777, Facility and Resource Access Control Records, HHS.
  • OC Human Resource IT. OPM/GOVT-1, General Personal Records, OPM, and OPM/GOVT-2, Employee Performance File System Records, OPM.
  • OC Inventory Control and Information Management System - OC Cority GX2. SORNs OPM GOV-1, General Personnel Records, OPM and OPM/GOVT 10, Employee Medical File System Records and HHS 09–90–1601, Outside Experts Recruited for Non-FACA Activities, HHS.
  • OC Network Access Control. SORNs OPM/GOVT-1, General Personnel Records, OPM and 09-90-0777, Facility and Resource Access Control Records, HHS. 
  • OC Office of Finance, Budget and Acquisitions Salesforce Organization - OC OFBA SalesForce. SORNs OPM/GOVT-1, General Personnel Records, OPM and GSA/GOVT–3,Travel Charge Card Program, GSA and GSA/GOVT–6, GSA SmartPay Purchase Charge Card Program, GSA.
  • OC ServiceNow. SORNs OPM/GOVT-1, General Personnel Records, OPM and 09-90-0024, Financial Transactions of HHS Accounting and Finance Office and 09-90-0777, Facility and Resource Access Control Records, HHS.
  • OC User Fees System. SORN 09-10-0021, FDA User Fee System, HHS/FDA.

OII

  • OII Case and Workload Management - OII Bovine Spongiform Encephalopathy Checklist. SORNs 09-10-0002, Regulated Industry Employee Enforcement Records, HHS/FDA and 09-10-0010, Bioresearch Monitoring Information System, HHS/FDA.
  • OII Case and Workload Management - OII Electronic Inspection (eNSpect). SORN 09-10-0002, Regulatory Industry Employee Enforcement Records, HHS/FDA.
  • OII Case and Workload Management - OII Electronic State Access to FACTS. SORNs 09-10-0002, Regulated Industry Employee Enforcement Records, and 09-10-0010, Bioresearch Monitoring Information System.
  • OII Case and Workload Management - OII Field Accomplishments and Compliance Tracking System (FACTS). SORNs 09-10-0002, Regulated Industry Employee Enforcement Records, HHS/FDA and 09-10-0010, Bioresearch Monitoring Information System, HHS/FDA.
  • OII Case and Workload Management - OII OCI Case Management and Administrative Resource System. OPM GOVT-1, General Personnel Records, OPM and 09-10-0002, Regulated Industry Employee Enforcement Records, HHS/FDA and 09-10-0013, Employee Conduct Investigative Records, HHS/FDA.
  • OII Case and Workload Management - OII Prior Notice Manager. SORNs 09-10-0002, Regulated Industry Employee Enforcement, HHS/FDA and 09-90-0777, Facility and Resource Access Control Records, HHS.
  • OII Case and Workload Management - OII Threat Screening Service (TSS). SORNs 09-10-0002, Regulated Industry Employee Enforcement, HHS/FDA.
  • OII Foreign Inspection Planning and Scheduling System (FIPSS). SORN GSA/GOVT-4, Contracted Travel Services Program (eTravel), GSA.
  • OII LearnED Training System. SORNs OPM/GOVT-1, General Personnel Records, OPM and HHS 09-40-0001, Public Health Service (PHS) Commissioned Corps General Personnel Records. 
  • OII OCI Cloud - OII OCI Cloud Axon. SORN 09-10-0002, Regulated Industry Employee Enforcement Records, HHS/FDA and 09-10-0013, Employee Conduct Investigative Records, HHS/FDA.
  • OII OCI Cloud - OII OCI Cloud Kiteworks. SORNs 09-10-0002, Regulated Industry Employee Enforcement Records and 09-10-0013, Employee Conduct Investigative Records, HHS/FDA/OM.
  • OII OCI Cloud - OII OCI Cloud Relativity . SORNs 09-10-0002, Regulated Industry Employee Enforcement Records, HHS/FDA and 09-10-0013, Employee Conduct Investigative Records, HHS/FDA.
  • OII OCI Digital Acquisition Reporting Systems - OII Intella Connect. SORNs 09-10-0002, Regulated Industry Employee Enforcement Records, HHS/FDA and 09-10-0013, Employee Conduct Investigative Records, HHS/FDA.
  • OII OCI Digital Acquisition Reporting Systems - OII OCI Milestone Video Management System. SORNs 09-10-0002, Regulated Industry Employee Enforcement Records, HHS/FDA and 09-10-0013, Employee Conduct Investigative Records, HHS/FDA.

 

Rescinded FDA SORNs

On January 16, 2020, National Institutes of Health (NIH) published a SORN to reflect that records are now maintained by NIH, FDA and the Centers for Disease Control and Prevention, SORN 09-90-0067, (85 FR 2747). The notice also deleted the following SORN: https://www.govinfo.gov/content/pkg/FR-2020-01-16/pdf/2020-00633.pdf

  • Invention, Patent, and Licensing Documents Submitted to the Public Health Service by its Employees, Grantees, Fellowship Recipients, and Contractors, HHS/NIH/OD, 09-25-0168.

On June 20, 2019, the Department of Health and Human Services (HHS) published Notice of a new system of records, and rescindment of related systems. One of the rescinded SORNs is FDA’s SORN for Communications (Oral and Written) With the Public, HHS/FDA/OC, SORN 09-10-0004. Records covered by the rescinded FDA SORN are now covered by the new HHS system of records notice, HHS Correspondence, Comment, Customer Service, and Contact List Records, SORN 09-90-1901. The current version of that SORN is available here.

On December 8, 2014, FDA published a SORN for records regarding FDA Commissioning of State and Local Officials, HHS/FDA/ORA, System No. 09-10-0022 (79 FR 72687). This notice also deleted the following SORN which was rendered obsolete: http://www.gpo.gov/fdsys/pkg/FR-2014-12-08/pdf/2014-28634.pdf

On June 27, 2014 FDA deleted the following four System of Records Notices for record systems no longer in use. The Federal Register Notice of this deletion is available online at http://www.gpo.gov/fdsys/pkg/FR-2014-06-27/pdf/2014-15022.pdf.

  • Science Advisor Research Associate Program, HHS/FDA/ORA, System No. 09–10–0007. First published in the Federal Register, September 29, 1977 (42 FR 51922 at 52146).
  • Radiation Protection Program Personnel Monitoring System, HHS/FDA/CDRH, System No. 09–10–0008. First published in the Federal Register, September 29, 1977 (42 FR 51922 at 52147) and published as revised with updated system location and manager information, December 31, 1992 (57 FR 62828 at 62829).
  • Certified Retort Operators, HHS/FDA/CFSAN, System No. 09–10–0011. First published in the Federal Register, September 29, 1977 (42 FR 51922 at 52148) and published as revised with minor changes, December 29, 1993 (58 FR 69056).
  • Epidemiological Research Studies of the Center for Devices and Radiological Health, HHS/FDA/CDRH, System No. 09–10–0017. First published in the Federal Register, May 29, 1979 (44 FR 30765 at 30766) and republished with minor changes in December 28, 1994 (59 FR 67087).

 

FDA Exempt Systems

Federal Register notices regarding the exemptions for the first three systems listed below are available online: Notice of Proposed Rulemaking (40 FR 41140) and Final Rule (40 FR 47406). For SORN 09-10-0020, the Proposed Rule is available here and the Final Rule is available here.



Back to Top