The Food and Drug Administration’s parent agency told a government contractor that 80,000 pages of confidential employee communications that the company posted on the Internet contained no sensitive or personally identifiable information, documents show.
The communications are at the center of a controversial surveillance-gathering operation that monitored a group of whistleblowing scientists critical of the FDA’s process of reviewing medical devices.
The contractor, a document management company hired to archive the data, released a government work order to congressional investigators this week that stated the files did not contain classified, sensitive or personal information.
The government’s instructions to Maryland-based Quality Associates may explain why the company stored the documents on an unsecured Internet site.
The intercepted communications, sent from the scientists’ personal accounts across FDA networks, however, contained both sensitive and personally identifiable information, from names and e-mail addresses to proprietary data about medical devices.
The latest revelation in a case that has alarmed privacy advocates and members of Congress prompted a new round of inquiry from Sen. Charles E. Grassley (R-Iowa), who is investigating the monitoring that began three years ago and expanded in 2010. In a letter Tuesday to FDA Commissioner Margaret A. Hamburg, Grassley demanded answers to why Quality Associates had been told that the information was not sensitive.
Grassley’s inquiry prompted a round of finger-pointing between Quality Associates and the FDA.
“In the case of the FDA, if they’re not informing us otherwise, then we’re simply moving the data along” to be stored on a publicly available Internet site, Scott Swidersky, the company’s chief executive officer, said in an interview. “Our role is very, very limited.”
Swidersky said his company does not look at the content of the data it is hired to archive. “Clearly you can see from the [work] order how the information was processed was determined by the direction of our client.”
But FDA officials said the company had no instructions to post any of the surveillance data on the Internet, even though they acknowledged that the purchase order was incorrectly filled out.
FDA officials faulted workers at its parent agency, the Department of Health and Human Services, for the incorrect purchase order.
“The agency requested that the Program Support Center at the Department of Health and Human Services use a vendor who had proven experience to handle sensitive, confidential information,” the FDA said in a statement. “We are continuing to investigate the unauthorized disclosure of these documents.”
The monitoring began after nine FDA scientists signed a letter to President Obama’s transition team, alleging that they were pressured to approved numerous medical devices that posed a danger to the public.
The agency began monitoring the private e-mails of five of the scientists who were communicating with Congress and government watchdogs about their concerns. The surveillance expanded to include an enemies list of what the FDA called 21 “actors” at the agency, in Congress, academia and the news media it believed were sympathetic to the scientists’ cause.
The 80,000 documents made public by Quality Associates were on the Internet for at least several days in May before they were taken down.
The dispute over who was responsible for the documents appearing on the Internet came a day after a federal judge ordered the FDA to turn over by Aug. 24 another 4,000 pages of documents from the spying operation the scientists sought as part of a series of lawsuits against the agency.
U.S. District Judge James Boasberg did not order the FDA to turn over the 80,000 documents, because they have been made public. But he ordered thousands of other communications to be given to attorneys representing the scientists.