| HHS Privacy Impact Assessment (PIA) Summary |
| FDA: FDA ORA Recall Enterprise System (RES) |
| If the system shares or discloses IIF please specify |
| with whom and for what purpose(s): |
| The MARCS Recalls Intranet system shares the data maintained in |
| the database for recall events.ORADSS Business Objects / |
| Reporting – To provide the FDA authorized users with reporting |
| capabilities of the recall event data.PREDICT Data mining – to |
| provide for various data mining information that a recall event may |
| contain for analysis and/or corrective actions.Recall Operations Staff |
| in Office of Enforcement / Division of Compliance Management and |
| Operations (DCMO) – Centers for Recall Coordinators and Field |
| operations for Field coordinators. FDA authorized users for view of |
| recall data. |
| Describe in detail the information the agency will |
| collect, maintain, or disseminate and why and for |
| what purpose the agency will use the information: |
| Almost all of the data captured through the RES application is |
| non-personal and can be grouped into the follow categories: |
| · Firm information |
| · Product information |
| · Center-specific information |
| · Recall Event information |
| · Recall Recommendation information |
| · Recall Classification information |
| · Recall Summary and Termination information |
| Personally Identifiable Information (PII) is limited to the minimum |
| amount needed for effective communication in the system. This |
| communication has two aspects, internal and external. |
| The internal aspect of the system uses the names and email |
| addresses of the individual FDA employees who create or work with |
| the records in the RES application. These records contain |
| information regarding each user’s role, and the FDA Center with |
| responsibility for the over sight of the recall activity. |
| Coordinator names are also displayed or included for data collection |
| needs of the recall event, work flow processing, and for the |
| application to submit proper notifications. In addition, comment |
| fields are available within the system in which the users will add |
| necessary information, when applicable, in order to process or |
| ensure information is provided f or “recall” requirements. In addition |
| to FDA employees, pieces of PII are also captured in regards to the |
| reporting company, the name(s) of the company point(s) of contact, |
| their email addresses, and company mailing addresses. These |
| pieces of information are provided to FDA by the reporting |
| company(s) for means of communication. |
| The External use of PII is that the company involved in the recall |
| provides the name and email address of a company representative |
| so the public can make enquiries regarding the recall. |
| PIA-HHS-Form |
| Report Date: 8/13/2007 |
| Page: 92 |
| Note on IIF: Any question about IIF seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it |
| is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily |
| or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or |
| other legislation. Note: If no IIF is contained in the system, please answer the remaining required questions, then promote the PIA to the Sr. Privacy |
| Official who will authorize the PIA. Note: If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature |
| and promotion. |