09-10-0022 FDA Commissioning of State and Local Officials, HHS/FDA/ORA.
FDA Commissioning of State and Local Officials, HHS/FDA/ORA.
Records are maintained at several FDA Headquarters locations and in component offices of the FDA, in both Montgomery County, MD and field locations across the United States.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM
The records in this system will contain data collected from the FDA commissioning applications of individuals who are State and local officials who wish to be commissioned under section 702(a)(1)(A) of the FD&C Act. This information is gathered for the purpose of processing and validating each individual’s qualifications for commissioning, to initiate the mandatory background investigation, and to track the status of commissioned officials.
Privacy Act notification, access, and amendment rights relative to the records maintained in this system are available only to individuals who are the subject of records in this system. The individuals who are the subjects of the records stored in this system are the State or local officials who are currently commissioned, have applied for a commission, and/or were commissioned or rejected in the past. Although records in the system may contain personally identifiable information related to other individuals, only the specified commissioned or commission-seeking individuals are considered subjects of records in this system.
CATEGORIES OF RECORDS IN THE SYSTEM
The records in this system will include: Full name, aliases, date of birth, home address, work address, telephone number, work or personal email address, photograph, educational history, job title, agency, division, area of expertise, employment history, supervisor’s name, signature, and the outcome of the background investigation of individuals who apply for a commission. Should a commissioned individual with pocket credentials lose their credentials, he or she will typically file a police report and provide a copy of the report to FDA where it is kept in the individual’s commissioning file. In addition, the records in the system will describe the nature of the authority granted to a commissioned individual, the relevant regulatory program area, the date the commission was issued, and date of expiration.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM
The authorities for maintaining this system are: Section 702(a) of the FD&C Act, 44 U.S.C. 3101, and 5 U.S.C. 301.
PURPOSE(S) OF THE SYSTEM
Relevant Agency personnel will use records from this system on a need-to-know basis to:
• Centrally gather data enabling FDA to determine the suitability, eligibility, and qualifications of State and local officials to whom FDA might offer commissions;
• enable FDA to securely commission and credential State and local officials who are particularly qualified to assist FDA in a special manner for which FDA credentials are required;
• ensure the safety and security of FDA facilities, systems, information, and of facility occupants and users;
• provide appropriate access to FDA information systems, networks, and resources;
• enhance FDA’s ability to ensure the safety of FDA-regulated products through a secure commissioning process; and
• centrally gather data on commissioned officials, thereby enabling FDA to efficiently maintain the commissioning program and to support activities, such as quickly ascertaining which officials are particularly qualified to carry out official responsibilities and providing this information as necessary to our State and local counterparts.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES
These routine uses specify circumstances, in addition to those provided by the Privacy Act at 5 U.S.C. 552a(b), under which records may be disclosed to recipients outside HHS, without the individual record subject’s prior written consent:
1. Public disclosures may be made (for example, on FDA’s Web site) of the names of commissioned officials, and other basic information, including the identification of their State or local agency, their job titles, the type of commission, any specific commissioned areas, and the date of their commission, to the extent disclosure is not an unwarranted invasion of personal privacy.
2. Disclosure may be made to appropriate Federal Agencies and Department contractors that have a need to know the information for the purpose of assisting the Department’s efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in this system of records, provided the information disclosed is relevant and necessary for that assistance.
3. Disclosure may be made to a Federal, State, local, territorial, tribal, foreign, or other public authority, on request, in connection with the hiring or retention of an employee, the issuance or retention of a security clearance, the letting of a contract, or the issuance or retention of a license, grant, or other benefit, to the extent that the information is relevant and necessary to the requesting Agency’s decision. No disclosure will be made unless the information has been determined to be sufficiently reliable to support a referral to another office within the Agency or to another Federal Agency for criminal, civil, administrative, personnel, or regulatory action.
4. Disclosure of system information may be made to State, local, territorial, and tribal agencies or governments to provide copies of records that were originally provided to the Agency by that entity.
5. Disclosure may be made to Federal Agencies, contractors, and other individuals or entities who perform services for the Agency related to this system of records and who need access to the records to perform those services. Recipients shall be required to comply with the requirements of the Privacy Act of 1974, as amended, 5 U.S.C. 552a.
6. When a record on its face, or in conjunction with other records, indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature, disclosure may be made to the appropriate public authority, whether Federal, foreign, State, local, or tribal, or otherwise, responsible for enforcing, investigating, or prosecuting such violation, if the information disclosed is relevant to the responsibilities of the Agency or public authority.
7. Disclosure may be made to a court or other tribunal or adjudicative body in a proceeding, when:
• The Agency or any component thereof; or
• Any employee of the Agency in his or her official capacity; or
• Any employee of the Agency in his or her individual capacity where the Department of Justice (DOJ) has agreed to represent the employee; or
• The U.S. Government
is a party to the proceeding or has an interest in such proceeding and, by careful review, the Agency determines that the records are both relevant and necessary to the proceeding and the use of such records is therefore deemed by the Agency to be for a purpose that is compatible with the purpose for which the Agency collected the records.
8. Disclosure may be made to the National Archives and Records Administration (NARA) and/or the General Services Administration for the purpose of records management inspections conducted under authority of 44 U.S.C. 2904 and 2906.
9. Disclosure may be made to the DOJ when:
• The Agency or any component thereof; or
• any employee of the Agency in his or her official capacity; or
• any employee of the Agency in his or her individual capacity where the Agency or the DOJ has agreed to represent the employee; or
• the U.S. Government,
is a party to litigation or has an interest in such litigation and, by careful review, the Agency determines that the records are both relevant and necessary to the litigation and the use of such records by the DOJ is therefore deemed by the Agency to be for a purpose that is compatible with the purpose for which the Agency collected the records.
10. In the event HHS/FDA deems it desirable or necessary, in determining whether particular records are required to be disclosed under the Freedom of Information Act, disclosure may be made to the DOJ for the purpose of obtaining its advice.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM
Records are maintained in hard copy files, image files, electronic hard drive, file servers, and other electronic data storage devices.
To retrieve information, the system database is typically queried using any of the internal data fields. The data fields encompass any data criterion that is entered into the system including, but not limited to, name, FDA region, credential number (if issued pocket credentials), certificate expiration date, State, program area, or authority.
Access is restricted to FDA employees and contractors with a Level 5 or higher clearance who have a need for the records in the performance of their duties.
Procedural and technical safeguards:
Technical controls include identification and authentication of the authorized user, access control, audit and accountability, system and communication protection, timely account disablement/deletion, configuration management, maintenance, system and information integrity, media protection, and incident response. These controls extend to remote users as well.
Physical safeguards include controlled-access buildings where all records (such as diskettes, computer listings, and paper documents) are maintained in secured areas, locked buildings, locked rooms, and locked cabinets.
RETENTION AND DISPOSAL
Commissioning records are maintained in accordance with FDA’s Records Control Schedule and the applicable General Records Schedule and disposition schedules approved by NARA. Commissioning records fall under NARA approved citation N1-088-09-02 for Commissioning Documents, the Nationwide List of FDA Commissions, and Summary Reports of FDA Commissions. Commissioning documents are deleted/destroyed 5 years after the end of the fiscal year in which a commission is revoked or expires. Records within the nationwide list of FDA commissions are deleted/destroyed 5 years after the fiscal year when they become obsolete or are superseded. Summary reports of FDA commissions are deleted/destroyed after the nationwide list of FDA Commissions has been updated.
SYSTEM MANAGER(S) AND ADDRESS
Ryan Cates, Food and Drug Administration, Office of Partnerships, Element Building, 12420 Parklawn Dr., Rockville, MD 20857, 301-796-5390, FAX: 301-827-3588, OP-ORA@fda.hhs.gov.
In accordance with 21 CFR Part 21 Subpart D, an individual may submit a request to the FDA Privacy Act Coordinator, with a notarized signature, to confirm whether records exist about him or her. Requests should be directed to the FDA Privacy Act Coordinator, Division of Freedom of Information, 12420 Parklawn Dr., ELEM-1029, Rockville, MD 20857. An individual requesting notification via mail should certify in his or her request that he or she is the individual who he or she claims to be and that he or she understands that the knowing and willful request for or acquisition of a record pertaining to an individual under false pretenses is a criminal offense under the Privacy Act subject to a $5,000 fine, and indicate on the envelope and in a prominent manner in the request letter that he or she is making a “Privacy Act Request.” Additional details regarding notification request procedures appear in 21 CFR Part 21, Subpart D. A commission holder may also request an opportunity to review his or her own file by contacting the appropriate Regional Food and Drug Director.
RECORD ACCESS PROCEDURES
Procedures are the same as above, in the Notification Procedure section. Requesters should also reasonably specify the record contents being sought. Some records may be exempt from access under 5 U.S.C. 552a(d)(5), if they are “compiled in reasonable anticipation of a civil action or proceeding.” If access to requested records is denied, the requester may appeal the denial to the FDA Commissioner. Additional details regarding record access procedures and identity verification requirements appear in 21 CFR Part 21, Subpart D.
CONTESTING RECORD PROCEDURES
In addition to the procedures described above, requesters should reasonably identify the record, specify the information they are contesting, state the corrective action sought and the reasons for the correction, and provide information justifying why the record is not accurate, complete, timely, or relevant to an FDA purpose. Rules and procedures regarding amendment of Privacy Act records appear in 21 CFR Part 21, Subpart E.
Information in this system is obtained from the following sources: Directly from a commissioned individual or individual under consideration for commissioning; FDA employee; FDA contractor; sponsoring State, local or Federal agency; former sponsoring, employing or commissioning agency; other State, local or Federal agencies; contract employer; and the subject individual’s former employer.
RECORDS EXEMPTED FROM CERTAIN PROVISIONS OF THE PRIVACY ACT
Note: FDA published a Notice of a new Privacy Act system of records for this system in the Federal Register, Vol. 79, No. 235, Monday, December 8, 2014 (79 FR 72687). The publication is available online at http://www.gpo.gov/fdsys/pkg/FR-2014-12-08/pdf/2014-28634.pdf. That notice provides additional background on this system and on the FDA Credential Holder SORN, system number 09-10-0003, rendered obsolete with the publication of this SORN and deleted by FDA.
On Tuesday, December 16, 2014 FDA published a notice correcting the effective date to January 22, 2015 (79 FR 74730). The publication is available online at http://www.gpo.gov/fdsys/pkg/FR-2014-12-16/pdf/2014-29460.pdf.
FDA Division of Freedom of Information (DFOI) (administers the Agency’s Privacy Act program): http://www.fda.gov/RegulatoryInformation/FOI/default.htm.