Federal Register: July 2, 2007 (Volume 72, Number 126)
DOCID: fr02jy07-43 FR Doc E7-12682
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Centers for Disease Control and Prevention
DOCUMENT ACTION: Notice of a New System of Records.
Privacy Act of 1974; New System of Records
DATES: Effective Date: CDC filed a new SOR report with the Chair of the House Committee on Government Reform and Oversight, the Chair of the Senate Committee on Homeland Security & Governmental Affairs, and the Administrator, Office of Information and Regulatory Affairs, Office of Management and Budget (OMB) on June 25, 2007. CDC invites interested parties to submit comments on the proposed routine uses. To ensure that all parties have adequate time in which to comment, the new system will be effective 30 days from the publication of this notice, or 40 days from the date it was submitted to OMB and the Congress, whichever is later, unless CDC receives comments that persuade us to defer implementation.
In accordance with the requirements of the Privacy Act, the Centers for Disease Control and Prevention (CDC) is proposing to establish a new system of records (SOR), 09200170, ``National Select Agent Registry (NSAR)/Select Agent Transfer and Entity Registration Information System (SATERIS), HHS/CDC/COTPER.'' The purpose of the system is to limit access to those biological agents and toxins listed in 42 CFR Part 73, 9 CFR Part 121, and 7 CFR Part 331, to those individuals who have a legitimate need to handle or use such agents or toxins, and who are not identified as restricted persons by the U.S. Attorney General. NSAR is a single webbased information management system shared by CDC and the U.S. Department of Agriculture (USDA)/ Animal and Plant Health Inspection Service (APHIS) that tracks the possession, use and transfer of select agents and toxins that could pose a severe threat to public health and safety, to the health and safety of animals, and to the safety of plants or animal and plant products. We have provided background information about the new system in the SUPPLEMENTARY INFORMATION section below.
Privacy Act; systems of records,
CDC proposes to establish a new system of records within its Coordinating Office for Terrorism Preparedness and Emergency Response (COTPER): 09200170, ``National Select Agent Registry (NSAR)/ Select Agent Transfer and Entity Registration Information System (SATERIS), HHS/CDC/COTPER.'' An important component of the nation's overall terrorism deterrence policy, the Division of Select Agents and Toxins (DSAT) in the Coordinating Office for Terrorism Preparedness and Emergency Response (COTPER) within the CDC regulates the possession, use, and transfer of biological agents and toxins (select agents) that could pose a severe threat to public health and safety. A select agent is defined as a virus, bacteria, fungus or toxin that could pose a severe threat to public health and safety, to animal or plant health; or animal or plant products.
I. Description of the Proposed System of Records
A. Statutory and Regulatory Basis for SOR. The Public Health Security and Bioterrorism Preparedness and Response Act of 2002 requires entities to register with the U.S. Department of Health and Human Services (HHS) if they possess, use, or transfer select agents that could pose a severe threat to public health and safety. The Agricultural Bioterrorism Protection Act of 2002 requires that facilities handling select agents that could pose a severe threat to animal or plant health; or animal or plant products register with the USDA. Within HHS, the DSAT is responsible for registering entities and personnel who either possess or are applying for approval to possess, use or transfer select agents that could pose a severe threat to public health and safety. Within the USDA, APHIS has a similar responsibility for registering entities and personnel handling agents that pose a severe threat to animal or plant health; or animal or plant products.
The Acts require safeguards and security measures that will adequately protect these agents. This includes controlling access and screening of entities and personnel through security risk assessments conducted by the U.S. Attorney General. The Acts also require the establishment of a national database of registered entities. While some entities register for select agents regulated only by HHS, others for select agents regulated only by USDA, there are a number of entities registering for select agents that can pose a severe threat to public health and safety, to animal health, or to animal products (``overlap'' select agents). Since DSAT and APHIS coordinate regulatory activities for those overlap select agents that would be regulated by both agencies, the Acts require that a single national database be established. This new Privacy Act system of records notice (SORN) describes the records and processes that enable DSAT to fulfill HHS' requirements; APHIS will be publishing a similar SORN to address how USDA will fulfill theirs.
B. Collection and Maintenance of Data in the System
CDC will only collect the minimum amount of personal data necessary to achieve the purpose of this system, which is to limit access to the select agents listed in 42 CFR Part 73, 9 CFR Part 121, and 7 CFR Part 331, to those individuals who have a legitimate need to handle or use such agents, and who are not identified as a restricted person by the U.S. Attorney General. The data elements required are: name, address, date of birth, job title, and the name of the institution that would be housing the select agent(s).
Entities handling select agents must appoint a Responsible Official
within their organization who certifies that the entity meets federal
requirements for handling select agents such as having security
measures in place to protect the select agents they possess from theft,
loss and unauthorized access, and safety measures to prevent the
release of agents. DSAT's SOR includes personal information on those
individuals who have access or who have applied to have access to
select agents, and the list of select agents to which they have access or would have access.
II. Agency Policies, Procedures, and Restrictions on the Routine Use
The Privacy Act permits us to disclose information without an individual's consent if the information is to be used for a purpose that is compatible with the purpose(s) for which the information was collected. Any such compatible disclosure of data is known as a ``routine use.'' The government will only release select agent information that can be associated with an individual as provided for under ``Section III. Proposed Routine Use Disclosures of Data in the System.'' We will only collect the minimum personal data necessary to achieve the purpose of this system.
CDC has the following policies and procedures concerning disclosures of information that will be maintained in the system. Disclosure of information from the SOR will be approved only to the extent necessary to accomplish the purpose of the disclosure and only after CDC:
A. Determines that the use or disclosure is consistent with the reason that the data are being collected, e.g., to limit access to select agents to those individuals who have a legitimate need to handle or use select agents and who are not identified as a restricted person by the U.S. Attorney General.
FOR FURTHER INFORMATION CONTACT
Betsey S. Dunaway, Privacy Act Officer, Office of the Chief Science Officer, Centers for Disease Control and Prevention, 1600 Clifton Road, NE., Building 21, Room 8125, Mailstop D74, Atlanta, Georgia 30333, (404) 6394642.