89 FR 247 pgs. 105054-105059 - Privacy Act of 1974; System of Records
Type: NOTICEVolume: 89Number: 247Pages: 105054 - 105059
Pages: 105054, 105055105056, 105057, 105058, 105059, Docket number: [Docket No. FDA-2024-N-5353]
FR document: [FR Doc. 2024-30782 Filed 12-23-24; 8:45 am]
Agency: Health and Human Services Department
Sub Agency: Food and Drug Administration
Official PDF Version: PDF Version
[top]
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Food and Drug Administration
[Docket No. FDA-2024-N-5353]
Privacy Act of 1974; System of Records
AGENCY:
Food and Drug Administration, Department of Health and Human Services.
ACTION:
Notice of a modified system of records.
SUMMARY:
In accordance with the requirements of the Privacy Act of 1974, as amended, the Department of Health and Human Services (HHS) is modifying an existing departmentwide system of records, "Federal Advisory Committee Membership Files," System No. 09-90-0059. The modifications include, among other things, adding records about any prospective guest speakers at Federal advisory committee meetings who disclose financial interests and professional relationships related to the matter they will be speaking on, and changing the name of the system of records to "Federal Advisory Committee/Subgroup Member, Subscriber/Registrant, and Guest Speaker Records."
DATES:
In accordance with 5 U.S.C. 552a(e)(4) and (11), the modified system of records is effective December 26, 2024. The new and revised routine uses will be effective January 27, 2025. Submit any comments by January 27, 2025.
ADDRESSES:
The public should submit written comments, by mail or email, to Beth Kramer, HHS Privacy Act Officer, at 200 Independence Ave. SW, Suite 729H, Washington, DC 20201, or Beth.Kramer@hhs.gov.
FOR FURTHER INFORMATION CONTACT:
General questions about the modified system of records should be submitted by mail, email, or telephone to Beth Kramer, HHS Privacy Act Officer, at 200 Independence Ave. SW, Suite 729H, Washington, DC 20201, or Beth.Kramer@hhs.gov or 202-690-6941.
SUPPLEMENTARY INFORMATION:
This departmentwide system of records currently covers records retrieved by personal identifier about: (1) members and prospective members of HHS advisory committees established under the Federal Advisory Committee Act (FACA) and (2) members of the public who have requested to be included in mailing lists in order to receive publications or notices of information issued or posted by a particular HHS Federal advisory committee. The system of records notice (SORN) is being revised to add three additional categories of individuals and records, i.e.: (1) records about any members of working groups or subcommittees ( i.e., subgroups) of an HHS Federal advisory committee who are not appointed as members of the committee, which are similar to the committee member records currently covered in the SORN, (2) records about individuals who register to attend HHS Federal advisory committee meetings, which are similar to the subscriber records currently covered in the SORN, and (3) records about prospective guest speakers at HHS Federal advisory committee meetings, which are described in section I., below; and to make other modifications. All modifications are summarized in section II., below.
I. Background on Guest Speaker Records
A "guest speaker" is an individual whose professional background or other qualifications are checked and/or who is screened for possible conflicts of interest (financial interests and professional relationships) related to a matter the guest speaker wishes to speak on at an HHS Federal advisory committee meeting, so that the agency can decide whether to invite the individual to speak and can publicly acknowledge the speaker's relevant qualifications and interests at the start of the meeting, to enable the committee members to objectively evaluate the speaker's presentation. The term "guest speaker" as used in SORN 09-90-0059 does not include agency employees speaking at an HHS Federal advisory committee meeting in an official, governmental capacity and individual participants in the public hearing portion of an advisory committee meeting. A guest speaker is either a non-Federal government employee (non-FGE) or a special government employee (SGEs) acting in a non-official, non-governmental capacity.
Only certain HHS components, such as the Food and Drug Administration (FDA), screen guest speakers for potential conflicts of interest (all FDA advisory committees must conduct conflict screening of potential guest speakers). Such screening promotes transparency and openness in the advisory committee process and supports compliance with the requirement in 5 U.S.C. 1004(b)(3) and 41 CFR 102-3.105(g) to prevent committees' advice and recommendations from being influenced by special interests. For FDA, such screening also supports compliance with the requirement in FDA regulations at 21 CFR 14.60(b)(2) to document in meeting minutes the "names and affiliations or interests of public participants."
[top] Guest speakers who are screened for conflicts are not required to complete a Federal confidential financial disclosure form. The invitation extended to them to participate as a guest speaker in an HHS Federal advisory committee meeting may be conditioned on their voluntary disclosure of potential
Note that financial and other conflict disclosure and waiver records about FGEs and SGEs are covered in other SORNs, so are not covered in SORN 09-90-0059 (see instead OGE/GOVT-1 Executive Branch Personnel Public Financial Disclosure Reports and Other Name-Retrieved Ethics Program Records; OGE/GOVT-2 Executive Branch Confidential Financial Disclosure Reports; and 09-90-0008 Conflict of Interest Records).
II. Modifications to SORN 09-90-0059
HHS is making the following modifications to SORN 09-90-0059:
• The system of records name has been changed to "Federal Advisory Committee/Subgroup Member, Subscriber/Registrant, and Guest Speaker Records."
• The System Location and System Manager sections have been updated to reflect current addresses and contact information for the components and officials responsible for the system of records, and to mention that the General Services Administration (GSA) maintains facadatabase.gov as a third-party service provider.
• In the Authorities section, the citation to the FACA statute has been updated to cite "5 U.S.C. 1001 et seq. " instead of "5 U.S.C. App. I et seq. " and these additional authorities have been included: 5 U.S.C. 1004(b)(3) (FDA-specific authority) and 42 U.S.C. 282(b)(16) (NIH-specific authority).
• The Purpose(s) section now states purposes for which records about the three new categories of individuals (working group/subcommittee members, meeting registrants, and guest speakers) and one existing category (subscribers) are used; and also describes additional purposes for which records about the other existing category (committee members) are used, i.e., to ensure that members are qualified and committees are balanced and diverse, and to communicate with the members.
• The Categories of Individuals and Categories of Records sections have been revised to add subcommittee/working group members, meeting registrants, and guest speakers and records about them, and to update the description of subscribers and records about them to mention that a subscriber may be included on a mailing "or emailing" list.
• The Routine Use(s) section has been revised to mention at the start that the routine uses are in addition to other disclosures authorized directly in the Privacy Act at 5 U.S.C. 552a(b); and to add nine new routine uses, revise four existing routine uses, and delete one routine use, as explained below:
? Existing routine use 1, which formerly authorized disclosures in the Annual Report to the President and in administrative reports to the Office of Management and Budget (OMB) and GSA, has been revised to limit the routine use to disclosures made to GSA when HHS enters or uploads information about committee members or guest speakers in facadatabase.gov.
? Routine use 2 is new; it authorizes HHS to publicly disclose on its websites and in facadatabase.gov the names of and limited information about the qualifications and financial disclosures of members of FACA committees, subcommittees, and working groups, and guest speakers, limited to information that would be required to be disclosed to a requester under the Freedom of Information Act (FOIA).
? Existing routine use 3 (formerly listed second), which authorizes records indicating a violation or potential violation of law to be referred to the responsible investigatory or enforcement agency, has been revised to add "state, local, Tribal, and other" to the description of recipient agencies; to permit "relevant" records to be disclosed "when HHS becomes aware of evidence of" a potential violation of law; and to explain that, in most cases, the disclosures would be made after first referring the information to another HHS component, such as the HHS Office of the General Counsel or the HHS Office of the Inspector General, to determine if the information is appropriate to refer to an outside agency, and that if that component made the referral, the equivalent routine use published in that component's SORN would apply to the disclosure.
? The routine use that was formerly listed third has been deleted. It authorized disclosures to the Department of Justice (DOJ) to obtain its advice regarding whether particular records are required to be disclosed under FOIA. The routine use is unnecessary, because such advice is provided by the HHS Office of the General Counsel, and any disclosures that need to be made to DOJ in connection with FOIA litigation are authorized in a separate, litigation-related routine use.
? Existing routine use 4, which authorizes disclosures to DOJ in litigation, has been revised to include "other adjudicative proceedings;" to add "a court or other adjudicative body" as disclosure recipients; to require that the information disclosed be "relevant and necessary" to the proceedings; and to remove the requirement that disclosures be compatible with the purpose for which the records were collected, because such wording repeats part of the definition of a routine use.
? Existing routine use 5, which authorizes disclosures about an individual in responding to an inquiry from a congressional office made at the individual's request, has been revised to require that the congressional inquiry and the individual's request to the congressional office be "written."
? Existing routine use 6, which was added in 1994, is included without change.
? Routine uses 7 through 14 are new. They authorize disclosures to Federal agencies and contractors engaged by HHS to assist with matters related to this system of records (routine use 7); disclosures to the committee chairperson or vice chairperson for committee work purposes (routine use 8); disclosures to the Executive Office of the President, OMB, or other agencies for coordination on advisory committee member selection (routine use 9); disclosures to any source from which information is needed by HHS to support an HHS decision involving the individual (routine use 10); disclosures to aid another government agency's decision on a hiring, licensing, contracting, security clearance, or other matter involving the individual (routine use 11); disclosures to the National Archives and Records Administration (NARA) or other relevant Federal agencies in records management inspections (routine use 12); disclosures to Federal agencies and entities for program evaluation or assessment purposes (routine use 13); and disclosures to the Department of Homeland Security (DHS) for cybersecurity monitoring purposes (routine use 14).
? Existing routine uses 15 and 16, which were added in 2018, are included without change.
[top] • The Storage section has been updated to remove references to "index cards" and "magnetic tape."
• The Retrieval section has been revised to remove references to "an alphabetical index," "a cross index," and "individually identifiable computer identification codes," and to simply state that records are retrieved by the subject individual's name, with the exception of records about subscribers, which are retrieved by the subscriber's name or email address.
• The Retention section, which previously stated that retention varies from 1 year to permanent depending on the type of record, now cites the applicable NARA-approved disposition schedules and itemizes the record types and disposition periods applicable to each.
• The Safeguards section has been updated to remove a reference to "locked magnetic tape libraries" and to list current safeguards used to protect records stored in electronic media, instead of "lockword-password computer access systems."
• The sections specifying procedures for making access, amendment, and notification requests have been revised to specify the required contents for each type of request, including identity verification information that must be provided (the existing SORN specified the required contents of amendment requests only, and merely stated that identity was required to be verified in accordance with Department's Privacy Act regulations).
Because some of these changes are significant, a report on the modified system of records has been sent to OMB and the Congressional committees that oversee privacy, in accordance with 5 U.S.C. 552a(r).
SYSTEM NAME AND NUMBER:
Federal Advisory Committee/Subgroup Member, Subscriber/Registrant, and Guest Speaker Records, 09-90-0059.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The addresses of the agency components responsible for the system of records are listed below. At HHS, Federal advisory committee records are not centralized at the Department level or Operating Division level; instead, each committee's Designated Federal Officer (DFO) maintains the records pertaining to that committee. (Note that the manner of maintenance may vary. Records pertaining to a particular committee will constitute Privacy Act records only if the DFO maintains them in a paper-based or electronic recordkeeping system from which the records are retrieved by the subject individuals' names or other personal identifiers.) For purposes of simplification, one address is provided for each HHS Operating Division (OpDiv).
OS: Advisory Committee Oversight Staff, Immediate Office of the Secretary of HHS, 200 Independence Ave. SW, Washington, DC 20201, 1-877-696-6775.
ACF: Advisory Committee Oversight Staff, Administration for Children & Families, 330 C St. SW, Washington, DC 20201, 202-401-9215.
ACL: Advisory Committee Oversight Staff, Administration for Community Living, 330 C St. SW, Washington, DC 20201, 202-401-4634.
AHRQ: Advisory Committee Oversight Staff, Immediate Office of the Director, Administration for Healthcare Research and Quality, 540 Gaither Rd., Rockville, MD 20850, director@ahrq.hhs.gov.
ASPR: Advisory Committee Oversight Staff, Administration for Strategic Preparedness and Response, 400 7th St. SW, Washington, DC 20201; use the email address for the particular committee, shown on ASPR's "Boards and Committees" web page.
CDC: Office of the FAC Act Program, Centers for Disease Control and Prevention, 1600 Clifton Rd. NE-M/S: TW-2, Atlanta, GA 30333, 770-488-4707, FACMT@cdc.gov.
CMS: Advisory Committee Oversight Staff, Centers for Medicare & Medicaid Services, 7500 Security Blvd., Baltimore, MD 21244, 410-786-3000.
FDA: Advisory Committee Oversight and Management Staff (ACOMS), Food and Drug Administration, 10903 New Hampshire Ave., Silver Spring, MD 20993, ACOMSSubmissions@fda.hhs.gov.
HRSA: FACA Management Officer, Executive Secretariat, Health Resources and Services Administration, 5600 Fishers Lane-13W18, Rockville, MD 20857, 301-443-1785.
IHS: Deputy Director for Intergovernmental Affairs, Indian Health Service, 5600 Fishers Lane, Rockville, MD 20857, Stacey.Ecoffey@ihs.gov.
NIH: Office of Federal Advisory Committee Policy, National Institutes of Health, 9000 Rockville Pike, Bethesda, MD 20892, ofacpinfo@od.nih.gov.
SAMHSA: Advisory Committee Oversight Staff, Substance Abuse and Mental Health Services Administration, 5600 Fishers Lane, Rockville, MD 20857, NationalAdvisoryCouncils@ samhsa@hhs.gov.
GSA, as a third-party service provider, maintains the web-based facadatabase.gov system that HHS uses to make certain records available to Congress and the public as required to inform them of the existence and activities of HHS Federal advisory committees. GSA's address is: U.S. General Services Administration, Committee Management Secretariat, 1800 F St. NW, Washington, DC 20405.
SYSTEM MANAGER(S):
Each committee's Committee Management Officer (CMO) is responsible for the records in this system of records that pertain to that committee, including records about any subcommittees, working groups, or other subgroups formed under the committee. Contact information for the current CMO for each active and recently ( i.e., within 1 fiscal year) terminated committee can be found on https://www.facadatabase.gov. Contact information for records pertaining to a committee which has been terminated and is no longer in that database may be obtained by contacting the relevant OpDiv at the OpDiv's mailing address, email address, and/or telephone number shown in the System Location section, above.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Federal Advisory Committee Act (FACA), 5 U.S.C. 1001 et seq. See also 5 U.S.C. 1004(b)(3) (FDA-specific authority) and 42 U.S.C. 282(b)(16) (NIH-specific authority).
PURPOSE(S) OF THE SYSTEM:
Records in this system of records are used in the administration and management of Federal advisory committees (including any subgroups of same) in the Department, including for these specific purposes:
• Records about members or prospective members of a Federal advisory committee or subgroup are used (1) in the preparation of reports; quarterly alphabetical listings of past, present, and recommended members; lists of vacancies, acceptances, and separations; and documentation of nominations; (2) to identify the most qualified applicants and ensure that the makeup of the committee, subcommittee, or working group is sufficiently balanced and diverse (see 41 CFR part 102-3.30(c)); (3) to ensure compliance with ethics and conflict-of-interest requirements; and (4) to communicate with the members about committee or subgroup activities.
[top] • Records about guest speakers are used to determine whether the speakers will be invited to give a presentation on the matter in question and to inform the committee members of the speakers'
• Records about subscribers (members of the public who subscribe to receive publications or other information issued or posted by a particular Federal advisory committee) are used for the purpose of maintaining the subscriber list ( i.e., to add, update, or remove a subscriber's contact information when requested by that individual) and may also be used to indicate if a particular subscriber needs to receive information in a particular format, as a reasonable accommodation, in order to provide information to that subscriber in that format.
• Records about registrants (members of the public who register as attendees for in-person and web-based Federal advisory committee meetings) are used for the purpose of maintaining the meeting registration lists and may also be used to indicate if a particular registrant needs a sign language interpreter, wheelchair access, or other accommodation to participate in a meeting.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The records are about these categories of individuals:
• Committee members. Individuals who have been or presently are members of, or are being considered for, membership on a Federal advisory committee within the jurisdiction of HHS. Individuals may be appointed to serve on an advisory committee as a FGE pursuant to 42 CFR 102-3.130(a); as a NIH peer review consultant as authorized by 42 U.S.C. 282(b)(16); as a SGE pursuant to 5 U.S.C. 3109; or as a representative member when directed by statute or regulation (see, for example, 21 U.S.C. 360c(b) regarding representative members of FDA device panels, and 21 CFR 14.84 regarding representative members of standing technical advisory committees who represent consumer and industry interests).
• Subcommittee and working group members (some may also be committee members, covered in the preceding category).
• Guest speakers. Individuals whose professional background or other qualifications are checked and/or who are screened for possible conflicts of interest (financial interests and professional relationships) related to a matter they wish to speak on before an HHS Federal advisory committee (they may be non-Federal government employees or special government employees acting in a non-official, non-governmental capacity).
• Subscribers. Individual members of the public who have asked to be included in a Federal advisory committee mailing or emailing list to receive publications and other information from the committee.
• Meeting registrants. Individual members of the public who register to attend public Federal advisory committee meetings.
CATEGORIES OF RECORDS IN THE SYSTEM:
The categories of records are:
• Records about members and prospective members of HHS Federal advisory committees. These records consist of membership records, accountability records, and management records, containing name and other data such as the following about each member or prospective member: title, gender, place and date of birth, contact information ( e.g., home address, business address, telephone number, email address), contact information for any assistant or organization contact assisting the member or prospective member, organizational affiliation, degrees held, general educational background, ethnic background, resume, curriculum vitae, dates of term on advisory committee, status on advisory committee, reason for leaving advisory committee, indication of previous or current membership on other advisory committees, special qualifications for the advisory committee membership, source or references who recommended the individual for membership on advisory committee, copies of any forms filed with the Office of Government Ethics (OGE) such as OGE Form 450, and miscellaneous correspondence. Additionally, memoranda justifying the individual's selection are included in the file if the individual doesn't meet certain statutory or other requirements for advisory committee membership (for example, where the individual has served repetitively on advisory committees and a policy requires a break in service).
• Records about members or prospective members of HHS Federal advisory committee working groups or subcommittees (subgroups). These records are similar to, but not co-extensive with, records about members and prospective members of committees, described above (for example, the OGE Form 450 isn't completed by subgroup members and prospective members unless they are also committee members or prospective members).
• Records about guest speakers. These consist of the completed disclosure form, containing the individual's identifying information and information about the individual's financial interests and professional relationships (such as: name, Federal employment status, securities held, contracts, grants, consulting, and professional relationships such as those with an employer, firm, organization or a person in the individual's professional network); and internal and external correspondence and associated information compiled by the agency in reviewing the disclosures.
• Records about subscribers. Such records typically are limited to the individual's name and mailing address or email address and, if applicable, preferred format.
• Records about meeting registrants. Such records include the individual's contact information and, if applicable, reasonable accommodation requests. Demographic information may also be included, if the particular registration form requests it.
RECORD SOURCE CATEGORIES:
All information about a subscriber or meeting registrant is obtained directly from that individual. The vast majority of information about a committee member or prospective member, or a subcommittee or working group member or prospective member, is obtained directly from that individual, or from the individual's administrative assistant or organization contact; other information in the form of references and recommendations is obtained from other private individuals, program personnel, biographical reference books, private organizations, former employers, regional offices of HHS, Members of Congress, and other government sources. Information about a prospective guest speaker is provided directly by the individual or is derived or obtained from materials supplied by the individual, from observation and analysis made by agency staff, from correspondence between the agency and the individual, and from any other relevant source necessary to conduct a complete a review of the individual's disclosed qualifications and/or interests.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
[top] In addition to other disclosures which are authorized directly in the Privacy Act statute at 5 U.S.C. 552a(b), information about a subject individual may be disclosed from this system of records to non-HHS officers and employees, without the subject
1. Records about committee members and guest speakers may be disclosed to GSA when HHS enters and uploads committee information and records in GSA's facadatabase.gov system, for the purpose of keeping Congress and the public informed of the existence, membership, and activities of advisory committees as authorized by the FACA at 5 U.S.C. 1002(b)(5). Committee member names are also disclosed in administrative reports to the President and OMB.
2. HHS may publicly disclose the names of and limited information about qualifications ( e.g., professional backgrounds) and financial disclosures of members of HHS Federal advisory committees, subcommittees, and working groups, and about guest speakers, on its websites and in facadatabase.gov. Information made public will be limited to information that HHS would be required to release to a requester under FOIA; meaning, information that would not result in a clearly unwarranted invasion of privacy.
3. Relevant records may be disclosed to appropriate Federal, State, local, or Tribal agencies; international agencies; or foreign governments responsible for investigating, prosecuting, enforcing, or implementing statutes, rules, regulations, or orders, when HHS becomes aware of evidence of a potential violation of civil or criminal law. In most cases, these disclosures will be made after first referring the information to another HHS component, such as the HHS Office of the General Counsel or the HHS Office of the Inspector General, to determine if the information is appropriate to refer to an outside law enforcement or other appropriate agency; if that component makes the disclosure to an outside agency, the equivalent routine use published in that component's SORN would apply instead of this routine use.
4. Records may be disclosed to DOJ or to a court or other adjudicative body in litigation or other adjudicative proceedings when HHS or any of its components, or any employee of HHS in his or her official capacity, or any employee of HHS in his or her individual capacity where the DOJ or HHS has agreed to represent the employee, or the United States, is a party to the proceedings or has an interest in the proceedings and, by careful review, HHS determines that the records are both relevant and necessary to the proceedings.
5. Disclosure may be made to a congressional office from the record of an individual in response to a written inquiry from the congressional office made at the written request of that individual.
6. Records may be disclosed to student volunteers, individuals working under a personal services contract, and other individuals performing functions for the Department but technically not having the status of agency employees, if they need to access the records in order to perform their assigned agency functions.
7. Disclosures may be made to Federal agencies and HHS contractors that have been engaged by HHS to assist in accomplishment of an HHS function relating to the purposes of this system of records (including ancillary functions, such as compiling reports and evaluating program effectiveness and contractor performance) and that have a need to have access to the records in order to assist HHS in performing the activity. Any contractor will be required to comply with the requirements of the Privacy Act.
8. Records may be disclosed to the Chairperson or Vice Chairperson of the relevant advisory committee to use for purposes such as determining membership on subcommittees, assigning tasks to members, and distributing information to members for meeting or other committee work purposes.
9. Records may be disclosed to the Executive Office of the President, the Office of Management and Budget, or other agencies for coordination on advisory committee member selection.
10. Records about a member or prospective member or guest speaker may be disclosed to any source from which additional information is requested by HHS (to the extent necessary to identify the individual, inform the source of the purpose of the request, and identify the type of information requested) when necessary to obtain information relevant to an HHS decision involving the individual.
11. Records may be disclosed to a Federal, foreign, State, local, Tribal, or other public authority of the fact that this system of records contains information relevant to that entity's decision regarding hiring or retention of an employee, retention of a security clearance, letting of a contract, or issuance or retention of a license, grant or other benefit, so that it may then make a request supported by the written consent of the individual for further information if it so chooses. HHS will not make an initial disclosure unless the information has been determined to be sufficiently reliable to support a referral to another office within the agency or to another Federal agency for criminal, civil, administrative, personnel, or regulatory action.
12. HHS may disclose records from this system of records to NARA, GSA, or other relevant Federal agencies in connection with records management inspections conducted under the authority of 44 U.S.C. 2904 and 2906.
13. Records may be disclosed to Federal agencies and entities ( e.g., the Office of Government Ethics, the Government Accountability Office, or the General Services Administration) for program evaluation and assessment purposes, if disclosure of identifiable records is deemed appropriate by HHS counsel.
14. Records may be disclosed to DHS if captured in an intrusion detection system used by HHS and DHS pursuant to a DHS cybersecurity program that monitors internet traffic to and from Federal government computer networks to prevent a variety of types of cybersecurity incidents.
15. Disclosures may be made to appropriate agencies, entities, and persons when (1) HHS suspects or has confirmed that there has been a breach of the system of records; (2) HHS has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, HHS (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with HHS efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
16. Disclosure may be made to another Federal agency or Federal entity, when HHS determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored in hard-copy files and on electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
[top] Records are retrieved by the subject individual's name, with the exception of
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records about individuals who serve as members of Federal advisory committees and subgroups are retained and disposed of in accordance with NARA General Records Schedule (GRS) 6.2, Items 010, 040, and 050:
• Item 010 Substantive Committee Records requires substantive records related to committee and subgroup membership to be accessioned to the National Archives for permanent retention when the records are 15 years old or older or upon termination of the committee, whichever is sooner.
• Item 040 Committee Accountability Records (note that this item excludes forms filed under the Ethics in Government Act, and such forms are not covered by this SORN) authorizes accountability records (such as records about members' financial disclosures and conflicts of interest, and records documenting travel and other payments to or for committee members) to be destroyed when 6 years old unless longer retention is required for business use.
• Item 050 Non-substantive Committee Records authorizes records of an administrative nature, such as those documenting members' and prospective members' credentials, to be destroyed when superseded, obsolete, or no longer needed, or upon termination of the committee, whichever is sooner.
Records about prospective members of Federal advisory committees are retained and disposed of in accordance with GRS 6.2, Item 050 (see above).
Records about guest speakers are disposed of in accordance with GRS 6.2, Item 040 (see above).
Records about meeting registrants and subscribers are retained and disposed of in accordance with GRS 6.5, Item 020, which authorizes sign-up forms and distribution lists for distributing information such as publications and data produced by the agency to be deleted when superseded or obsolete or when the customer requests the agency to remove the records.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Records are protected from unauthorized access through appropriate administrative, physical, and technical safeguards. Safeguards conform to the HHS Information Security and Privacy Program, https://www.hhs.gov/ocio/securityprivacy/. The safeguards include protecting the facilities where records are stored or accessed with security guards, badges, and cameras; securing hard-copy records in locked file cabinets, file rooms or offices during off-duty hours; limiting access to electronic databases to authorized users based on roles, the principle of least privilege, and either two-factor authentication or user ID and password; using a secured operating system protected by encryption, firewalls, and intrusion detection systems; encrypting data transmissions and records stored on removable media; using secure destruction methods prescribed in National Institute of Standards and Technology Special Publication 800-88 to dispose of eligible records; and training personnel in Privacy Act and information security requirements.
RECORD ACCESS PROCEDURES:
An individual seeking access to records about him or her in this system of records must submit a written access request to the relevant System Manager, at the address indicated in the "System Manager(s)" section, above, in accordance with the Department's Privacy Act implementation regulations in 45 CFR. The request must contain the individual's full name and address, and, for identity verification purposes, signature, and date and place of birth. In addition, to verify the individual's identity, the individual must provide either a notarized request or a written certification that the individual is who he or she claims to be and understands that the knowing and willful request for acquisition of a record pertaining to an individual under false pretenses is a criminal offense under the Privacy Act, subject to a fine of up to $5,000.
CONTESTING RECORD PROCEDURES:
An individual seeking to amend a record about him or her in this system of records must submit a written amendment request to the relevant System Manager, at the address indicated in the "System Manager(s)" section, above, in accordance with the Department's Privacy Act implementation regulations in 45 CFR. The request must contain the same information required for an access request, and must reasonably identify the record, specify the information contested, state the corrective action sought, provide the reasons for the amendment, and include any supporting justification or documentation. The individual must verify his or her identity in the same manner required for an access request. The right to contest records is limited to information that is factually inaccurate, incomplete, irrelevant, or untimely (obsolete).
NOTIFICATION PROCEDURES:
An individual who wishes to know if this system of records contains records about him or her must submit a written notification request to the relevant System Manager at the address indicated in the "System Manager(s)" section, above, in accordance with the Department's Privacy Act implementation regulations in 45 CFR. The request must contain the same information required for an access request, and the individual must verify his or her identity in the same manner required for an access request.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
47 FR 45514 (October 13, 1982); 59 FR 55845 (November 9, 1994); 83 FR 6591 (February 14, 2018).
Dated: December 13, 2024.
P. Ritu Nalubola,
Associate Commissioner for Policy.
[FR Doc. 2024-30782 Filed 12-23-24; 8:45 am]
BILLING CODE 4164-01-P