Skip Navigation
Official website of the United States Government We can do this. Find COVID-19 vaccines near you. Visit U.S. Department of the Treasury
Bureau of the Fiscal Service Home
Do Not Pay®

Privacy Program

In January 2013, the President signed the Improper Payments Elimination and Recovery Improvement Act of 2012 (IPERIA) into law, codifying ongoing efforts to develop and enhance steps taken by the Federal Government to prevent, waste, fraud, and abuse in Federal spending.

In August 2013, the Office of Management and Budget (OMB) released Memorandum M-13-20 to ensure that individual privacy is fully protected while reducing improper payments with the Do Not Pay (DNP) Initiative. Additionally, DNP complies with the Privacy Act of 1974 and other laws pertaining to the use, maintenance, and disclosure of records.

System of Records Notices (SORNs)

A system of records is defined by the Privacy Act of 1974 as “a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.”

Rules exempting systems of records from certain Privacy Act requirements are in 28 CFR Part 16, Subpart E. Below is a listing of systems of records maintained by DNP and original source agencies that are subject to the Privacy Act of 1974.

  1. Credit Alert System (CAIVRS)– CAIVRS is comprised of data from the following agencies:

    1. Department of Education (Education)
    2. Department of Housing and Urban Development (HUD)

    3. Department of Justice (DOJ) - Debt Collection Enforcement System, JUSTICE/DOJ-016

    4. Small Business Administration (SBA) - SBA 21 -- Loan System and SBA 20-Disaster Loan Case File

    5. U.S. Department of Agriculture (USDA)

    6. Veterans Affairs (VA) - VA's Privacy Act System of Records, Compensation, Pension, Education, and Rehabilitation Records--VA (58VA21/22/28)

    Some agencies are currently in the process of confirming their applicable CAIVRS SORNs and routine uses that allow for disclosures to DNP. Links to those SORNs will be posted as they are identified.

  2. Treasury Offset Program (TOP) Debt Check of the Department of the Treasury - FMS .014 – Debt Collection Operations System

  3. SAM Entity Registration and Exclusion Records (referred to in IPERIA as Excluded Party List System) of the General Services Administration (GSA)

  4. List of Excluded Individuals & Entities of the Office of Inspector General of the Department of Health and Human Services (HHS) – Health Care Program Violations

  5. Treasury/Fiscal Service .017 – Do Not Pay Payment Verification Records

Variations between data source record retention schedules or other restrictions (e.g. routine uses) and the Treasury/Bureau of the Fiscal Service .023 SORN will be listed below.

On October 7, 2012, the Secretary of the Treasury issued Treasury Order 136–01, establishing within the Department of the Treasury the Bureau of the Fiscal Service (Fiscal Service). The new bureau consolidated the bureaus formerly known as the Financial Management Service (FMS) and the Bureau of the Public Debt (BPD). On October 2, 2013, Fiscal Service published a final rule that changed references in 31 CFR Part 202-391 from “FMS” or “BPD” to "Fiscal Service."

Final Rule (October 2, 2013)

Computer Matching Agreements (CMAs)

A computer matching program is required by the Privacy Act for any computerized comparison of two or more automated systems of records, or a system of records with non-federal records, for the purpose of establishing or verifying eligibility or compliance as it relates to cash or in-kind assistance or payments under federal benefit programs.

Under to 5 U.S.C. § 552a(o), any record contained in a system of records may only be disclosed to a recipient agency or non-federal agency for use in a computer matching program pursuant to a CMA. DNP computer matching programs published in the Federal Register and other matching documentation are provided below:

DNP CMA with HHS Centers for Medicare & Medicaid Services (CMS)


Data Correction Process

Improper Payments Elimination and Recovery Improvement Act of 2012 (IPERIA) requires that DNP describe the data correction process on its website. Whenever an original source agency receives a request for correction of data, it may follow its existing process for handling such requests in accordance with applicable laws, regulations, or policies. The agency will promptly review the request and make a determination. If the agency determines that corrections are needed to data, the data will be corrected at both the original source agency and in the DNP portal to avoid discrepancies between two versions of the same dataset.

Please direct any requests to correct the original source agency's data to the corresponding original source agency. The data sources and corresponding agencies are listed below:

Table may scroll on smaller screens 

Data Source Contact Information Examples of Data Correction Request Triggers
American InfoSource (AIS)

If a payee is listed as deceased and that is not the case.
Credit Alert System (CAIVRS) - DOJ

Requesting Amendment or Correction of Records in Accordance with the Privacy Act

The Privacy Act also permits an individual to request an amendment or correction of a record pertaining to that individual, subject to certain limitations and exemptions.

Making a Privacy Act Amendment or Correction Request

A request for amendment or correction of a Department of Justice record about yourself may be made by appearing in person or by writing directly to the Department component that maintains the record. In most cases, a component’s central Privacy Act or Privacy Act/FOIA office is the appropriate place to send a Privacy Act amendment request. A list of contacts can be found at: If you believe that DOJ maintains the records you would like to amend or correct, but you are uncertain about which component has the records, you may send your request to the Department’s Mail Referral Unit at:

FOIA/PA Mail Referral Unit
Department of Justice
Room 115
LOC Building
Washington, DC 20530-0001
Phone: (202) 616-3837

Personnel in the Mail Referral Unit will then forward your request to the DOJ component they determine is most likely to maintain the records you would like to amend or correct.

If an individual is not a delinquent federal borrower.
Credit Alert System (CAIVRS) – HUD

If you are making a written request for data correction, letters should be addressed to:

Privacy Act Officer
Department of Housing and Urban Development
451 7th St. SW, CVB-4th Floor
Washington, DC 20410


If an individual is not a delinquent federal borrower.
Credit Alert System (CAIVRS) – SBA

If an individual is not a delinquent federal borrower.
Credit Alert System (CAIVRS) – USDA Rural Development (RD)

Phone: 800-428-9643

If an individual is not a delinquent federal borrower.
Credit Alert System (CAIVRS) - USDA Farm Service Agency (FSA)

Phone: 800-428-9643

If an individual is not a delinquent federal borrower.
Credit Alert System (CAIVRS) – VA
VA Debt Management Center, 800-827-0648

If an individual is not a delinquent federal borrower.
GSA’s System for Award Management (SAM) – Entity Registration Records and Exclusion Records

The agency taking the exclusion action and that agency’s designated Exclusions Point of Contact.

SAM Customer Service: Federal Service Desk

If an individual is listed as debarred and that is not the case.
HHS OIG List of Excluded Individuals & Entities (LEIE)

HHS OIG External Affairs Office,

If an entity should not be excluded from participating in federal health care programs.
SSA’s Death Master File (DMF)

The individual’s local social security office, which can be found at:

If a payee is listed as deceased and that is not the case.
Treasury Offset Program (TOP) Debt Check

If you owe a debt to the government:
You must contact the specific federal agency or state you owe the money to. TOP cannot make arrangements for you to pay off your debt, discuss your debt with you or refund your money. The TOP Interactive Voice Response (IVR) system on 800-304-3107 can tell you who to call.

Hearing impaired customers may use the Federal Relay Service by dialing 800-877-8339 to reach a Communications Assistant (CA) who will dial the toll free number.

If an individual does not owe delinquent non-tax debts to the federal government (and participating States).

Privacy Impact Assessments

Section 208 of the E-Government Act of 2002 requires agencies to conduct Privacy Impact Assessments (PIA) for information technology (IT) systems or projects that collect, maintain or disseminate personally identifiable information (PII) from or about members of the public. A PIA is required for new systems or projects, those systems undergoing modification or enhancement, and Paperwork Reduction Act electronic collections of information. OMB Memorandum M-03-22, (9/26/2003), contains guidance for conducting PIAs as well as procedures for processing and posting completed assessments. Below are links to individual PIAs relevant to DNP: Treasury’s Working System PIA

Destination Requests for New Data Sources

For OMB to consider adding a new government or commercial data source, Do Not Pay must submit to OMB a written assessment to document the suitability of the new data source. When considering additional data sources for designation, OMB will consider at a minimum:

  1. Statutory or other limitations on the use and sharing of specific data;
  2. Privacy restrictions and risks associated with specific data;
  3. Likelihood that the data will strengthen program integrity across programs and agencies;
  4. Benefits of streamlining access to the data through the central DNP Initiative;
  5. Costs associated with expanding or centralizing access, including modifications needed to system interfaces or other capabilities in order to make data accessible; and
  6. Other policy and stakeholder considerations, as appropriate. Before designating additional data sources, OMB will publish a 30-day notice of the designation proposal in the Federal Register asking for public comment. At the conclusion of the 30-day comment period, if OMB decides to finalize the designation, OMB will publish a notice in the Federal Register to officially designate the data source for inclusion in the DNP Initiative.

Last modified 06/04/21