Privacy Act
FDA is pleased to provide the following materials regarding the Agency's privacy program.
How to Make a Privacy Act Request
How to Submit a Privacy Question or Complaint
Privacy Program Resources
Privacy Impact Assessments (PIAs)
Privacy Act Records & Applicable System of Records Notices (SORNs)
FDA Systems Containing Privacy Act Records & Applicable System of Records Notices (SORNs)
FDA Privacy Act Systems of Records Notices (SORNs)
Department of Health and Human Services (HHS) SORNs
Rescinded FDA SORNs
Government-Wide SORNs
FDA Exempt Systems
How to Make a Privacy Act Request
Please see the FDA's Privacy Regulations for a detailed description on how to submit a Privacy Act Request to obtain records about yourself which you believe FDA maintains in one of the Agency’s Privacy Act Systems of Records (list available below).
You may submit a record request and questions by email to FDAPrivacyOffice@fda.hhs.gov.
When submitting a request for a Privacy Act record, please also complete and sign this Certification of Identity form (FDA 3975, pdf for download) and include it with your request. PLEASE NOTE: You do NOT need to provide your Social Security number (SSN) or date of birth (DOB). You may complete the other fields and sign the form without providing SSN and DOB and the FDA Privacy Office will accept your request. It is also helpful if you identify the relevant FDA Privacy Act System of Records (listed below) and provide other details to guide record search efforts.
If you seek records that are not about you or an individual you formally represent, and/or are not within a Privacy Act System of Records, please see the FDA’s Freedom of Information Act (FOIA) page to submit a request under FOIA.
How to Submit a Privacy Question or Complaint
You may submit a privacy question or complaint by email to FDAPrivacyOffice@fda.hhs.gov.
Privacy Program Resources
- Privacy Act of 1974
- FDA Privacy Act Regulations (21 CFR part 21)
- HHS Privacy Act Regulations
- Privacy Impact Assessments
- Privacy Act Issuances (National Archives and Records Administration Compilations from 1995 - Forward
- DOJ Privacy Act Overview (2020)
FDA Privacy Act Systems of Records Notices (SORNs)
- 09-10-0002 Regulated Industry Employee Enforcement Records, HHS/FDA/OC
- 09-10-0005 State Food and Drug Official File, HHS/FDA/ORA
- 09-10-0009 Special Studies and Surveys on FDA-Regulated Products, HHS/FDA/OM
- 09-10-0010 Bioresearch Monitoring Information System, HHS/FDA
- 09-10-0013 Employee Conduct Investigative Records, HHS/FDA/OM
- 09-10-0018 Employee Identification Card Information Records, HHS/FDA/OC
- 09-10-0019 Mammography Quality Standards Act (MQSA) Training Records, HHS/FDA/CDRH
- 09-10-0020 FDA Records Related to Research Misconduct Proceedings, HHS/FDA/OC
- 09-10-0021 FDA User Fee System, HHS/FDA
- 09-10-0022 FDA Commissioning of State and Local Officials, HHS/FDA/ORA
Government-Wide SORNs
- SORN OPM/GOVT-1, General Personnel Records, OPM
- SORN OPM/GOVT-2, Employee Performance File System Records, OPM
- SORN OPM/GOVT-5, Recruiting, Examining, and Placement Records, OPM
- SORN EEOC/GOVT-1, Equal Employment Opportunity in the Federal Government Complaint and Appeal Records, EEOC
Department of Health and Human Services (HHS) SORNs
- SORN 09-90-0008, Conflict of Interest Records, HHS/OS/ASPER
- SORN 09-90-0009, Discrimination Complaints Records, HHS/OS/ASPER
- SORN 09-40-0012, Debt Management and Collection System, HHS/PSC/FMS
- SORN 09-90-0024, Financial Transactions of HHS Accounting and Finance Offices, HHS
- SORN 09-90-0058, Tracking Records and Case Files for FOIA and Privacy Act Request and Appeals.
- SORN 09-90-0059, Federal Advisory Committee Membership Files, HHS/OS/ASPER
- SORN 09-90-0067, Invention, Patent, and Licensing Documents Related to Inventions By Public Health Service Employees, Grantees, Fellowship Recipients, and Contractors
- SORN 09-90-0777, Facility and Resource Access Control Records, HHS
- SORN 09-90-1901, HHS Correspondence, Customer Service, and Contact List Records
- SORN 09-90-2103, Accommodation Records About HHS Civilian Employees, Contractors and Visitors
- Additional HHS-wide SORNs
Privacy Impact Assessments (PIAs)
A PIA is a decision-making tool used to identify and mitigate privacy risks at the beginning of and throughout the development life cycle of a program or system. It helps the public understand what personally identifiable Information (PII) the Department is collecting, why it is being collected, and how it will be used, shared, accessed, secured and stored.
Approved PIAS are published on the HHS Privacy Impact Assessment page.
Approved Third-Party Website and Applications PIAs are published on the HHS Privacy Impact Assessment page.
Privacy Act Records & Applicable System of Records Notices (SORNs)
Privacy Act Systems of Records Notices (SORNs) describe government records subject to the Privacy Act, relevant use and disclosure practices, and record access and amendment procedures. The Privacy Act requires agencies to publish SORNs in the Federal Register and make them available online. SORNs specific to FDA records that are subject to the Privacy Act are listed below.
FDA also maintains Privacy Act records covered by SORNs published by the Department of Health and Human Services (HHS) or other federal agencies and which are, respectively, HHS-wide and/or government-wide in scope. These SORNs address information collection activities that are common within HHS and across government (e.g., human resources records, for which publication of individual agency SORNs would be duplicative). SORNs for HHS systems are available online at http://www.hhs.gov/foia/privacy/sorns.html. Likewise, SORNs published by agencies outside HHS and which apply to records across the federal government are available line at http://dpclo.defense.gov/Privacy/SORNsIndex/GovernmentWideNotices.aspx. HHS-wide and government-wide SORNs that apply to FDA records are listed below.
In a June 27, 2014 Federal Register Notice FDA added certain standard “routine uses” to the Agency’s remaining SORNs. These added routine uses provide for appropriate disclosures of records to contract employees, to recordkeeping authorities, to law enforcement authorities when a record indicates a violation of law, to the U.S. Department of Justice in the course of obtaining Freedom of Information Act guidance, and to relevant offices and organizations in the course of responding to security breaches. These routine uses are described in more detail in the June 27, 2014 Notice available online at http://www.gpo.gov/fdsys/pkg/FR-2014-06-27/pdf/2014-15022.pdf.
FDA Systems Containing Privacy Act Records & Applicable System of Records Notices (SORNs)
The following FDA systems contain Privacy Act records. The list cites the FDA, HHS and/or Government-wide SORNs that apply to each system. Those SORNs are listed in another section below which links to the full content of each SORN.
- CBER Regulatory Management Integrated Quality System. SORN OPM/GOVT-1, General Personnel Records, OPM.
- CBER Regulatory Management User Identity and Access Management. SORN OPM/GOVT-1, General Personnel Records, OPM.
- CBER PathHR. SORN 1: OPM/GOVT-1 General Personnel Records, SORN 2: OPM/GOVT-5 Recruiting, Examining, and Placement Records - Web Posting Request (WPR). SORN OPM/GOVT-1, General Personnel Records, OPM.
- CDER External Correspondence Operations (ECO). SORN: 09-90-1901, HHS Correspondence, Customer Service, and Contact List Records.
- CDER Regulatory Review: Clinical Information System (CIS). SORN 09-10-0010, Bioresearch Monitoring Information System, HHS/FDA.
- CDER Study Data Review Tools - Science and Research Investments Tracking Archive. SORNs OPM/GOVT-1, General Personnel Records, 09-90-0777, Facility and Resource Access Control Records.
- CDRH FOIAXPress. SORN 09-90-0058, Tracking Records and Case Files for FOIA and Privacy Act Requests and Appeals.
- CDRH Human Resources (HR) Position Based Management (PBM). SORN OPM/GOVT-1, General Personnel Records.
- CDRH Pathlore Learning Management System (LMS). SORN OPM/GOVT-1, General Personnel Records.
- CDRH Questionmark on Demand for Government. SORN OPM GOVT-1, General Personnel Records.
- CDRH Reporting and Collection Tools (RCT): CDRH FOIA Relativity Disclosure system. SORN 09-90-0058, Tracking Records and Case Files for FOIA and Privacy Act Requests and Appeals.
- CDRH Center Engagement and Workforce Development - Cornerstone OnDemand. SORNs OPM/GOVT-1 General Personnel Records, HHS SORN 09-40-0001 Public Health Service (PHS) Commissioned Corps General Personnel Records.
- CTP Call Center System. SORNs OPM/GOVT-1, General Personnel Records, OPM and OPM/GOVT-2, Employee Performance File System Records.
- CTP EDDR (eDiscovery/Relativity). SORNs 09-10-0002, Regulated Industry Employee Enforcement Records, HHS/FDA and 09-10-0013, Employee Conduct Investigative Records, HHS/FDA.
- CTP Exchange Lab. SORN 09-90-1901, HHS Correspondence, Customer Service, and Contact List Records.
- CTP FOIAXPress. SORN 09-90-0058, Tracking Records and Case Files for FOIA and Privacy Act Requests and Appeals.
- CTP Office of Science Review Information System (OSiRIS). SORN 09-90-1901, HHS Correspondence, Comment, Customer Service and Contact List Records.
- CTP Stakeholder Relationship Management System (SRMS). SORNs 09-10-0002, Regulated Industry Employee Enforcement Records, HHS/FDA/OC and 09-90-1901, HHS Correspondence, Customer Service, and Contact List Records.
- OC AdminApps: Awards Application. SORN OPM/GOVT-1, General Personnel Records, OPM.
- OC AdminApps: Communications Applications – Correspondence. SORN 09-90-1901, HHS Correspondence, Customer Service, and Contact List Records.
- OC AdminApps: Communications Applications – Records and Case Management. SORN 09-90-1901, HHS Correspondence, Customer Service, and Contact List Records.
- OC AdminApps: EASE and Associated Applications – Enterprise Administrative Support Environment (EASE). SORN OPM/GOVT-1, General Personnel Records, OPM.
- OC AdminApps: EASE and Associated Applications – eArrive. SORN OPM/GOVT-1, General Personnel Records, OPM.
- OC AdminApps: EASE and Associated Applications – eDepart. SORN OPM/GOVT-1, General Personnel Records, OPM.
- OC AdminApps: EASE and Associated Applications – Security. SORN OPM/GOVT-1, General Personnel Records, OPM and SORN 09-90-0777, Facility and Resource Access Control Records, HHS.
- OC AdminApps: Ethics Applications – Ethics. SORN 09-90-0008, Conflict of Interest Records, HHS/OS/ASPER and SORN OPM/GOVT-1, General Personnel Records, OPM.
- OC AdminApps: FDA Advisory Committee Tracking and Reporting Systems (FACTRS). SORN 09-90-0059, Federal Advisory Committee Membership Files, HHS/OS/ASPER.
- OC AdminApps: Freedom of Information Related Systems – Freedom of Information (FOI). SORN 09-90-0058, Tracking Records and Case Files for FOIA and Privacy Act Requests and Appeals.
- OC AdminApps: Freedom of Information Related Systems – FOI Invoicing. SORN 09-40-0012, Debt Management and Collection System, HHS/PSC/FMS and SORN 09-90-0024, HHS Financial Management System Records.
- OC AdminApps: Office of International Programs Travel Applications - International Travel Management. SORN OPM/GOVT-1, General Personnel Records, OPM.
- OC AdminApps: Special and Permanent Employment – Career Profiles. SORN OPM/GOVT-5, Recruiting, Examining, and Placement Records, OPM.
- OC AdminApps: Special and Permanent Employment – Traineeship. SORN OPM/GOVT-5, Recruiting, Examining, and Placement Records, OPM.
- OC AdminApps: Special and Permanent Employment – OCC Applicant Reviewer. SORN OPM/GOVT-5, Recruiting, Examining, and Placement Records, OPM.
- OC Automated External Defibrillation (AED) Rescue One Program Manager. SORN OPM/GOVT-1, General Personnel Records, OPM.
- OC Compliance Training System. SORN OPM/GOVT-1, General Personnel Records, OPM.
- OC CI Physical and Personnel Security System (PPSS). SORN 09-10-0018, Employee Identification Card Information Records, HHS/FDA/OC and SORN 09-90-0777, Facility and Resource Access Control Records, HHS.
- OC CI - Unified Communication Services (UCS). SORN 09-90-1901, HHS Correspondence, Customer Service, and Contact List Records.
- OC Employee Invention Report. SORN 09-90-0067, Invention, Patent, and Licensing Documents Related to Inventions By Public Health Service Employees, Grantees, Fellowship Recipients, and Contractors.
- OC EntelliTrak (OEEO). SORNS Accommodation Records About HHS Civilian Employees, Contractors and Visitors, 09-90-2103; and OPM GOVT–5, Recruiting, Examining, and Placement Records.
- OC Ethics Analytics (OEA) SORN OGE/GOVT-2, Executive Branch Confidential Financial Disclosure Reports.
- OC iComplaints. SORN 09-90-0009, Discrimination Complaints Records, HHS/OS/ASPER and SORN EEOC/GOVT-1, Equal Employment Opportunity in the Federal Government Complaint and Appeal Records, EEOC.
- OC Insight Time Reporting. SORN OPM/GOVT-1, General Personnel Records, OPM.
- OC ServiceNow. SORNs OPM/GOVT-1, General Personnel Records; 09-90-0024, Financial Transactions of HHS Accounting and Finance Office; and 09-90-0777, Facility and Resource Access Control Records.
- OC User Fees System. SORN 09-10-0021, FDA User Fee System, HHS/FDA.
- OC Inventory Control and Information Management System, Cority GX2 - Occupational Safety and Health Plus (OSH+). SORNs OPM GOVT-1, General Personnel Records, OPM/GOVT 10, Employee Medical File System Records.
- OC Network Access Control. SORNs OPM/GOVT-1, General Personnel Records, 09-90-0777, Facility and Resource Access Control Records.
- ORA Office of Criminal Investigations (OCI) Automated Investigative Management System (AIMS) – Administrative records system. SORN OPM/GOVT-1, General Personnel Records, OPM.
- ORA OCI Automated Investigative Management System (AIMS) – Investigative records system. SORN 09-10-0002, Regulated Industry Employee Enforcement Records, HHS/FDA/OC and SORN 09-10-0013, Employee Conduct Investigative Records, HHS/FDA/OM.
- ORA OCI Digital Acquisition Reporting System (DARS). SORNs 09-10-0002, Regulated Industry Employee Enforcement Records, HHS/FDA and 09-10-0013, Employee Conduct Investigative Records, HHS/FDA.
- ORA eNSpect System. SORN 09-10-0002, Regulatory Industry Employee Enforcement Records, HHS/FDA.
- ORA LearnED Training System. SORN OPM/GOVT-1, General Personnel Records, OPM and SORN HHS 09-40-0001 Public Health Service (PHS) Commissioned Corps General Personnel Records.
- ORA Pathlore. SORN OPM/GOVT-1, General Personnel Records, OPM.
Rescinded FDA SORNs
On January 16, 2020, National Institutes of Health (NIH) published a SORN to reflect that records are now maintained by NIH, FDA and the Centers for Disease Control and Prevention, SORN 09-90-0067, (85 FR 2747). The notice also deleted the following SORN: https://www.govinfo.gov/content/pkg/FR-2020-01-16/pdf/2020-00633.pdf
- Invention, Patent, and Licensing Documents Submitted to the Public Health Service by its Employees, Grantees, Fellowship Recipients, and Contractors, HHS/NIH/OD, 09-25-0168.
On June 20, 2019, the Department of Health and Human Services (HHS) published Notice of a new system of records, and rescindment of related systems. One of the rescinded SORNs is FDA’s SORN for Communications (Oral and Written) With the Public, HHS/FDA/OC, SORN 09-10-0004. Records covered by the rescinded FDA SORN are now covered by the new HHS system of records notice, HHS Correspondence, Comment, Customer Service, and Contact List Records, SORN 09-90-1901. The current version of that SORN is available here.
On December 8, 2014, FDA published a SORN for records regarding FDA Commissioning of State and Local Officials, HHS/FDA/ORA, System No. 09-10-0022 (79 FR 72687). This notice also deleted the following SORN which was rendered obsolete: http://www.gpo.gov/fdsys/pkg/FR-2014-12-08/pdf/2014-28634.pdf
On June 27, 2014 FDA deleted the following four System of Records Notices for record systems no longer in use. The Federal Register Notice of this deletion is available online at http://www.gpo.gov/fdsys/pkg/FR-2014-06-27/pdf/2014-15022.pdf.
- Science Advisor Research Associate Program, HHS/FDA/ORA, System No. 09–10–0007. First published in the Federal Register, September 29, 1977 (42 FR 51922 at 52146).
- Radiation Protection Program Personnel Monitoring System, HHS/FDA/CDRH, System No. 09–10–0008. First published in the Federal Register, September 29, 1977 (42 FR 51922 at 52147) and published as revised with updated system location and manager information, December 31, 1992 (57 FR 62828 at 62829).
- Certified Retort Operators, HHS/FDA/CFSAN, System No. 09–10–0011. First published in the Federal Register, September 29, 1977 (42 FR 51922 at 52148) and published as revised with minor changes, December 29, 1993 (58 FR 69056).
- Epidemiological Research Studies of the Center for Devices and Radiological Health, HHS/FDA/CDRH, System No. 09–10–0017. First published in the Federal Register, May 29, 1979 (44 FR 30765 at 30766) and republished with minor changes in December 28, 1994 (59 FR 67087).
FDA Exempt Systems
Federal Register notices regarding the exemptions for the first three systems listed below are available online: Notice of Proposed Rulemaking (40 FR 41140) and Final Rule (40 FR 47406). For SORN 09-10-0020, the Proposed Rule is available here and the Final Rule is available here.
- 09-10-0010 Bioresearch Monitoring Information System, HHS/FDA
- 09-10-0013 Employee Conduct Investigative Records, HHS/FDA/OM
- 09-10-0020 FDA Records Related to Research Misconduct Proceedings, HHS/FDA/OC